My HIJACKTHIS log

By wubuscmh
May 29, 2005
Topic Status:
Not open for further replies.
  1. Really need the help here, I followed the instructions on that "How to remove..." post. Many thanks, but I am still running into strange issues in Windows, some that I have heard about (i.e. Task Monitor flashes briefly when run, then disappears), and others that may not be as common (i.e. I can't search for files on my own computer, those options are all "grayed" out, it's just empty "gray" space; many websites all give me error messages when I try to surf to them).

    Attached is my log file w/ .txt extension.

    ANY HELP MUCH APPRECIATED,
    -wubuscmh
  2. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    I don't see any AntiVirus program on your PC, but loads of other crap!
    When finished, go to http://free.grisoft.com and get their free AVG.

    Boot in Safe Mode.
    Switch System restore OFF.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    em2.exe
    story.exe
    scvhost.exe ==>> watch the SPELLING !<<==
    mdmdrv.exe
    Msnmrg.exe ==>> watch the SPELLING !<<==
    svchost32.exe
    rundllnt.exe
    crsvvc.exe
    svcsr32.exe

    Next, UNinstall anything to do with:
    C:\Program Files\Zango Messenger\em2.exe

    Next, click Start/Run and type services.msc and click OK. Look for the services:
    story.exe
    svchost32.exe
    rundllnt.exe
    Msnmrg.exe ==>> watch the SPELLING !<<==
    crsvvc.exe
    svcsr32.exe
    mdmdrv.exe
    Doubleclick each one, click Stop if it's running, and change the Startup type to Disabled.

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    ...................................................................................................
    O4 - HKLM\..\Run: [EasyMessage] "C:\Program Files\Zango Messenger\em2.exe" -wait
    O4 - HKLM\..\Run: [Internet Suspention] story.exe
    O4 - HKLM\..\Run: [Windows Update] scvhost.exe ==>> watch the SPELLING !<<==
    O4 - HKLM\..\Run: [Modem Driverz Updates] mdmdrv.exe
    O4 - HKLM\..\Run: [MSN] Msnmrg.exe ==>> watch the SPELLING !<<==
    O4 - HKLM\..\Run: [WINRUN] svchost32.exe
    O4 - HKLM\..\RunServices: [Internet Suspention] story.exe
    O4 - HKLM\..\RunServices: [WINRUN] svchost32.exe
    O4 - HKLM\..\RunServices: [Microsoft Run The Dll Needing] rundllnt.exe
    O4 - HKLM\..\RunServices: [MSN] Msnmrg.exe
    O4 - HKLM\..\RunServices: [System32] crsvvc.exe
    O4 - HKLM\..\RunServices: [Windows Update] svcsr32.exe
    O4 - HKLM\..\RunServices: [Modem Driverz Updates] mdmdrv.exe
    O4 - HKLM\..\RunOnce: [Internet Suspention] story.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
    ...................................................................................................
    Now click on the Fix Checked button in HJT.

    When done, from between the dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Boot normal. When all OK, switch System Restore back on.
  3. wubuscmh

    wubuscmh Newcomer, in training Topic Starter

    svchost vs. svchost32

    Re: ur last message, I have svchost.exe in my task manager, but not svchost32.exe

    Should I still end the svchost.exe process?

    Thanks for the tip on AVG, I used it and it found a bunch of junk.
  4. wubuscmh

    wubuscmh Newcomer, in training Topic Starter

    Almost solved my HIJACKTHIS problem???

    Hi realblackstuff,

    After going through the amazing help, I think I am almost done. There are a few lines in my latest HIJACKTHIS log file that won't go away. They are:

    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)

    These are a mystery to me. Both the directories and files in question no longer exist. I am not quite sure how to get rid of these two lines. (Incidentally, these NAV files are probably from attempts I made to install trial software a week ago, soon after which I attempted uninstallation, and that's when some of the bigger Windows XP glitches like TaskManager becoming inoperational).

    Incidentally, these two lines are the only anomalies left, and I'm still quite buggy in Windows (e.g. the same problems are persisting).
  5. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Do NOT touch svchost.exe.

    Make sure you do a FIND or SEARCH for all those bold files in my first post and do a delete of ALL (occurrences) of them.

    Run HJT in Safe Mode and 'fix' again:
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)

    Then try to delete the bold directories.
    Repeat again if needed, they MUST come away.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.