Sign in with
Sign up | Sign in
Your question

Hijackthis log, please help

Last response: in Windows XP
Share
Anonymous
April 15, 2005 7:15:40 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Hi guys, I am having a problem with my active window being taken over
when an invisible IE window activates. I ran Norton, Adware Filter, and
Microsoft Antisopyware but the problem still persists. I just ran
Hijackthis and need someone to look at my logfile and see if there is
anything on that which may be causing the problem. Here is my logfile.
Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 10:57:13, on 2005/04/15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
c:\windows\system32\crwamkn.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AdwareFilter\AdwareFilter.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and
Settings\Greg\デスクトップ\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
N3 - Netscape 7: user_pref("browser.startup.homepage",
"https://www.google.com/accounts/ServiceLogin?service=ma...");
(C:\Documents and Settings\Greg\Application
Data\Mozilla\Profiles\default\59fstzhv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
(C:\Documents and Settings\Greg\Application
Data\Mozilla\Profiles\default\59fstzhv.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\ja\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"
/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TNAHOUVF] C:\WINDOWS\TNAHOUVF.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program
Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [fkemrsm] c:\windows\system32\crwamkn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
(no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} -
file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
(file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.web.setup
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) -
http://directplugin.com/tl4000.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E6642485-498C-4E74-9EA3-F098F516B9EB}:
NameServer = 206.47.244.54 206.47.244.89
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -
C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia
Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation -
C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -
C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC -
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


--
jedifromlamanch

More about : hijackthis log

April 16, 2005 12:06:21 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In news:jedifromlamanch.1njj1p@pcbanter.net,
jedifromlamanch <jedifromlamanch.1njj1p@pcbanter.net> had this to say:

My reply is at the bottom of your sent message:

> Hi guys, I am having a problem with my active window being taken over
> when an invisible IE window activates. I ran Norton, Adware Filter,
> and Microsoft Antisopyware but the problem still persists. I just ran
> Hijackthis and need someone to look at my logfile and see if there is
> anything on that which may be causing the problem. Here is my logfile.
> Thanks.
<snipped irrelivant stuff>

No. http://forum.aumha.org/ <--- Go there...

They have a spot to deal with HT logs. I doubt you'll get too much help here
and mostly people will be mad about the 9kb post of stuff they don't want to
read. Me? I don't really care even though I'm on dialup and it's slow but
other people might. You'll get good help for the problems you're having at
that site.

Galen
--
Signature changed for a moment of silence.
Rest well Alex and we'll see you on the other side.
Anonymous
April 21, 2005 5:06:59 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Well, not an expert on this sort of thing, but I know this entry should be
deleted:
"O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
(no file)"

These files are suspect, but I wouldn't take any action on them until you
know for sure. Searching online for them, came up with only a few results,
and they were either your post or someone else's...
"c:\windows\system32\crwamkn.exe"
"O4 - HKLM\..\Run: [fkemrsm] c:\windows\system32\crwamkn.exe"
"O4 - HKLM\..\Run: [TNAHOUVF] C:\WINDOWS\TNAHOUVF.exe"
"O17 -
HKLM\System\CCS\Services\Tcpip\..\{E6642485-498C-4E74-9EA3-F098F516B9EB}:
NameServer = 206.47.244.54 206.47.244.89"

These should be removed for sure:
"R3 - Default URLSearchHook is missing"

Leftovers from some Adware junk that was installed and has since been
removed:
"O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} -
file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
(file missing) (HKCU)"
You may also want to check this site to see if any of the other components
from this are still floating around on your system...
http://securityresponse.symantec.com/avcenter/venc/data...

"O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) -
http://directplugin.com/tl4000.dll"
"O23 - Service: System Startup Service (SvcProc) - Unknown owner -
C:\WINDOWS\svcproc.exe"

I think that last one is your problem... Be sure to find and delete the
file for the last listed item above as well....


"jedifromlamanch" <jedifromlamanch.1njj1p@pcbanter.net> wrote in message
news:jedifromlamanch.1njj1p@pcbanter.net...
>
> Hi guys, I am having a problem with my active window being taken over
> when an invisible IE window activates. I ran Norton, Adware Filter, and
> Microsoft Antisopyware but the problem still persists. I just ran
> Hijackthis and need someone to look at my logfile and see if there is
> anything on that which may be causing the problem. Here is my logfile.
> Thanks.
>
!