Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My turn for HiJackThis Help


  • Please log in to reply

#1
Grinder

Grinder

    New Member

  • Member
  • Pip
  • 3 posts
Stumbled on your site last night looking for help with my laptop. Gone through all the "Start Here" recommendations. Here is my HiJackThis log. Thanks for any help you can provide.

ogfile of HijackThis v1.99.1
Scan saved at 3:59:42 PM, on 8/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LEXBCES.EXE
C:\Windows\system32\LEXPPS.EXE
C:\Windows\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Windows\System32\drivers\CDAC11BA.EXE
C:\Windows\System32\cusrvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Windows\system32\drivers\KodakCCS.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\NWTRAY.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Novell\GroupWise\Notify.exe
C:\Novell\GroupWise\GrpWise.exe
C:\Novell\GroupWise\GWWF\EDMSRV32.exe
C:\Novell\GroupWise\GWWF\wflmgr32.exe
C:\Novell\GroupWise\GWWF\EDSDLV32.exe
C:\Novell\Messenger\NMCL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Temp\Shredder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com...PT/0409/bF8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://obgweb/obgwan/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com...PT/0409/bF8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://obgweb/obgwan/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\IView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwfb.ops.pl...quicksilver.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk....ViewerSetup.cab
O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - http://oraap01.obg.c...tor/oajinit.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://krm1.webex.c...ent/ieatgpc.cab
O18 - Protocol: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - C:\Novell\Messenger\nmcg32.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\System32\drivers\CDAC11BA.EXE
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\Windows\System32\cusrvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\Windows\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
  • 0

Advertisements


#2
Grinder

Grinder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Can anyone help on this, please?
  • 0

#3
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Your lucky I caught you bumping your topic.
The rule against it is their for your own good. :tazz:

Maybe if you tell us what the problem is?

There is not much wrong in your log.

I would advise you to uninstall:
ViewPoint Manager
under Add/Remove Software.

Regards,
  • 0

#4
Grinder

Grinder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Sorry Metallica. A newbie here there was in a hurry to post and didn't read the posting rules.

I have McAfee antivirus. The problems started with a notification window at boot up that says there is an NT Scanner Serivces error. It prevents the McAfee shield from enabling. My IT department said it was McAfee so they uninstalled/installed McAfee a couple of times, but the problem still existed. Not able to fix it they want me to ship the laptop to them. The past few days the boot up has become excruciatingly slow as well as any initial program execution (Word, Excel, IE, etc.) Once a software finally engages, it seems to work fine. I came here hoping to find an answer before shipping the computer. IT's fix is usually wiping out the hard drive which I would prefer not doing if I could help it. I was suspecting malware. Maybe it's a conflict of some sorts.

Thanks,

G
  • 0

#5
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Aha.

OK. I see one service in your log that is listed as file missing>

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)

First please check if that is correct.
The file to look for is:
C:\Program Files\TightVNC\WinVNC.exe

(HijackThis sometimes makes some errors in this regard)

If it is indeed missing.
Click Start > Run type services.msc > OK
In the list of services find:
VNC Server (winvnc)
Rightclick that line and choose Properties.
On the General tab Stop and set the service to disabled.

Then reboot and let me know if that solves the error.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP