My HIJACKTHIS log

[wubuscmh]

Really need the help here, I followed the instructions on that "How to remove..." post. Many thanks, but I am still running into strange issues in Windows, some that I have heard about (i.e. Task Monitor flashes briefly when run, then disappears), and others that may not be as common (i.e. I can't search for files on my own computer, those options are all "grayed" out, it's just empty "gray" space; many websites all give me error messages when I try to surf to them).

Attached is my log file w/ .txt extension.

ANY HELP MUCH APPRECIATED,
-wubuscmh

 

[RealBlackStuff]

I don't see any AntiVirus program on your PC, but loads of other crap!
When finished, go to http://free.grisoft.com and get their free AVG.

Boot in Safe Mode.
Switch System restore OFF.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
em2.exe
story.exe
scvhost.exe ==>> watch the SPELLING !<<==
mdmdrv.exe
Msnmrg.exe ==>> watch the SPELLING !<<==
svchost32.exe
rundllnt.exe
crsvvc.exe
svcsr32.exe

Next, UNinstall anything to do with:
C:\Program Files\Zango Messenger\em2.exe

Next, click Start/Run and type services.msc and click OK. Look for the services:
story.exe
svchost32.exe
rundllnt.exe
Msnmrg.exe ==>> watch the SPELLING !<<==
crsvvc.exe
svcsr32.exe
mdmdrv.exe
Doubleclick each one, click Stop if it's running, and change the Startup type to Disabled.

Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
O4 - HKLM\..\Run: [EasyMessage] "C:\Program Files\Zango Messenger\em2.exe" -wait
O4 - HKLM\..\Run: [Internet Suspention] story.exe
O4 - HKLM\..\Run: [Windows Update] scvhost.exe ==>> watch the SPELLING !<<==
O4 - HKLM\..\Run: [Modem Driverz Updates] mdmdrv.exe
O4 - HKLM\..\Run: [MSN] Msnmrg.exe ==>> watch the SPELLING !<<==
O4 - HKLM\..\Run: [WINRUN] svchost32.exe
O4 - HKLM\..\RunServices: [Internet Suspention] story.exe
O4 - HKLM\..\RunServices: [WINRUN] svchost32.exe
O4 - HKLM\..\RunServices: [Microsoft Run The Dll Needing] rundllnt.exe
O4 - HKLM\..\RunServices: [MSN] Msnmrg.exe
O4 - HKLM\..\RunServices: [System32] crsvvc.exe
O4 - HKLM\..\RunServices: [Windows Update] svcsr32.exe
O4 - HKLM\..\RunServices: [Modem Driverz Updates] mdmdrv.exe
O4 - HKLM\..\RunOnce: [Internet Suspention] story.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
...................................................................................................
Now click on the Fix Checked button in HJT.

When done, from between the dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Boot normal. When all OK, switch System Restore back on.

 

[wubuscmh]

svchost vs. svchost32

Re: ur last message, I have svchost.exe in my task manager, but not svchost32.exe

Should I still end the svchost.exe process?

Thanks for the tip on AVG, I used it and it found a bunch of junk.

 

[wubuscmh]

Almost solved my HIJACKTHIS problem???

Hi realblackstuff,

After going through the amazing help, I think I am almost done. There are a few lines in my latest HIJACKTHIS log file that won't go away. They are:

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)

These are a mystery to me. Both the directories and files in question no longer exist. I am not quite sure how to get rid of these two lines. (Incidentally, these NAV files are probably from attempts I made to install trial software a week ago, soon after which I attempted uninstallation, and that's when some of the bigger Windows XP glitches like TaskManager becoming inoperational).

Incidentally, these two lines are the only anomalies left, and I'm still quite buggy in Windows (e.g. the same problems are persisting).

 

[RealBlackStuff]

Do NOT touch svchost.exe.

Make sure you do a FIND or SEARCH for all those bold files in my first post and do a delete of ALL (occurrences) of them.

Run HJT in Safe Mode and 'fix' again:
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)

Then try to delete the bold directories.
Repeat again if needed, they MUST come away.