Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Site Notices
9/22/2017 12:11:25 AM
Posted: 10/5/2005 2:13:57 PM EDT
Logfile of HijackThis v1.99.1
Scan saved at 6:06:57 PM, on 10/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
F2 - REG:system.ini: Shell=Explorer.exe init32m.exe
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\bhomod00.dll
O2 - BHO: (no name) - {9C5875B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\performent011.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker011.dll
O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\System32\ztoolb011.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O20 - AppInit_DLLs: NVDESK32.DLL,wbsys.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll (file missing)
O21 - SSODL: System - {1A9E27FA-F7FB-4805-8D2D-64BE76FAA3FA} - vr_sys.dll (file missing)
O21 - SSODL: mtklef - {155A43F7-2B43-4F1B-E091-1374D20AA04D} - C:\WINDOWS\System32\uxrtho32.dll
O21 - SSODL: mtklef - {155A43F7-2B43-4F1B-E091-1374D20AA04D} - C:\WINDOWS\System32\uxrtho32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: stchost.exe (moto) - Unknown owner - C:\WINDOWS\stchost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

That is the log from Hijackthis. I think I got everything just want to make sure. Do you see anything that looks like spyware/adware or other little critters?

Also, I made the mistake of installing Norton, and now it's embedded itself worse that Kazza. How do I get it out?
Link Posted: 10/5/2005 2:15:04 PM EDT
Hey FOX-, you might want to post this over in the urban commandos forum...all kinds of computer geeks over there.
Link Posted: 10/5/2005 2:17:20 PM EDT
GD gets more traffic, not many people venture over there.
Link Posted: 10/5/2005 2:17:42 PM EDT
I'm no computer scientist or anything. The only thing I see that looks bad are the letters "AOL".

+1 for posting in the other forum - there are some knowledgeable guys over there.
Link Posted: 10/5/2005 2:21:36 PM EDT
[Last Edit: 10/5/2005 2:22:00 PM EDT by KN]
Looks like spyware or a virus.
And a bunch of that other stuff looks fishy to me.

Looks like you may have a bunch of spyware. Try downloading and installing Microsofts Beta Anti spyware. Then update it and do a full system scan.
Link Posted: 10/5/2005 2:22:35 PM EDT
+1 on anything that says "AOL"
Link Posted: 10/5/2005 2:25:54 PM EDT
I'm not paying for AOL, I hate it, but my dad likes it. He's paying so I don't complain.

Definately still have something on here. Just poped up.
Link Posted: 10/5/2005 2:29:00 PM EDT
init32m - init32m.exe - Process Information
Process File: init32m or init32m.exe
Process Name: Troj/Dloader-JT Worm

init32m.exe is a process associated with the Troj/Dloader-JT Worm. This program is a registered security risk and should be removed immediately. If found on your system make sure that you have downloaded the latest update for your antivirus application.


Link Posted: 10/5/2005 2:31:11 PM EDT
Removed a few more things including init32m.exe.
Link Posted: 10/5/2005 2:33:14 PM EDT
[Last Edit: 10/5/2005 2:33:48 PM EDT by KN]
Check and make sure it dont come back after you reboot a few times. They are sneaky. Sometimes your better off getting something that will clean it for you .
Top Top