NEED PC HELP (Hijackthis/Norton)

Site Notices

TNVC Partners With Envision Technology - MARS Rangefinder & RAIL Family, MARS-Lc In-Stock!

[ARCHIVED THREAD] - NEED PC HELP (Hijackthis/Norton)

Posted: 10/5/2005 2:13:57 PM EDT

Logfile of HijackThis v1.99.1
Scan saved at 6:06:57 PM, on 10/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\init32m.exe
C:\WINDOWS\System32\cssrs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
F2 - REG:system.ini: Shell=Explorer.exe init32m.exe
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\bhomod00.dll
O2 - BHO: (no name) - {9C5875B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\performent011.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker011.dll
O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\System32\ztoolb011.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O20 - AppInit_DLLs: NVDESK32.DLL,wbsys.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll (file missing)
O21 - SSODL: System - {1A9E27FA-F7FB-4805-8D2D-64BE76FAA3FA} - vr_sys.dll (file missing)
O21 - SSODL: mtklef - {155A43F7-2B43-4F1B-E091-1374D20AA04D} - C:\WINDOWS\System32\uxrtho32.dll
O21 - SSODL: mtklef - {155A43F7-2B43-4F1B-E091-1374D20AA04D} - C:\WINDOWS\System32\uxrtho32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: stchost.exe (moto) - Unknown owner - C:\WINDOWS\stchost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

That is the log from Hijackthis. I think I got everything just want to make sure. Do you see anything that looks like spyware/adware or other little critters?

Also, I made the mistake of installing Norton, and now it's embedded itself worse that Kazza. How do I get it out?

Posted: 10/5/2005 2:15:04 PM EDT

[#1]

Hey FOX-, you might want to post this over in the urban commandos forum...all kinds of computer geeks over there.

Posted: 10/5/2005 2:17:20 PM EDT

[#2]

GD gets more traffic, not many people venture over there.

Posted: 10/5/2005 2:17:42 PM EDT

[#3]

I'm no computer scientist or anything. The only thing I see that looks bad are the letters "AOL".

+1 for posting in the other forum - there are some knowledgeable guys over there.

Posted: 10/5/2005 2:21:36 PM EDT

[#4]

init32m.exe
Looks like spyware or a virus.
And a bunch of that other stuff looks fishy to me.

Looks like you may have a bunch of spyware. Try downloading and installing Microsofts Beta Anti spyware. Then update it and do a full system scan.

Posted: 10/5/2005 2:22:35 PM EDT

[#5]

+1 on anything that says "AOL"

Posted: 10/5/2005 2:25:54 PM EDT

[#6]

I'm not paying for AOL, I hate it, but my dad likes it. He's paying so I don't complain.

Definately still have something on here. Just poped up.

Posted: 10/5/2005 2:29:00 PM EDT

[#7]

init32m - init32m.exe - Process Information
Process File: init32m or init32m.exe
Process Name: Troj/Dloader-JT Worm

Description:
init32m.exe is a process associated with the Troj/Dloader-JT Worm. This program is a registered security risk and should be removed immediately. If found on your system make sure that you have downloaded the latest update for your antivirus application.

www.liutilities.com/products/wintaskspro/processlibrary/init32m/

Posted: 10/5/2005 2:31:11 PM EDT

[#8]

Removed a few more things including init32m.exe.

Posted: 10/5/2005 2:33:14 PM EDT

[#9]

Check and make sure it dont come back after you reboot a few times. They are sneaky. Sometimes your better off getting something that will clean it for you .

[ARCHIVED THREAD] - NEED PC HELP (Hijackthis/Norton)

General » General Discussion

Win a FREE Membership!

Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!

You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.

Warning

Confirm Action

About AR15.COM

Stay Connected

Newsletter

Contact Us