| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 77806 | 2007-03-23 09:14:00 | I don't know what to do!! | xoLacieox (12032) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 535266 | 2007-03-24 00:53:00 | Logfile of HijackThis v1.99.1 Scan saved at 6:46:12 PM, on 3/23/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\mshta.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\CustomXML\CustomXML.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\spenca\Desktop\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDO WS\System32\ntos.exe, O2 - BHO: CustomXML Toolbar Helper - {133688B3-7842-4D9D-BF7C-940E1097F900} - C:\WINDOWS\system32\CustomXMLbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: CustomXML - {2C986504-AE32-493F-9D44-E1C5D17A3091} - C:\WINDOWS\system32\CustomXMLBand.dll O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [CustomXML] C:\Program Files\CustomXML\CustomXML.exe O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\ Yahoo! \MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\ Yahoo! \MESSEN~1\YPager.exe O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) ---------- I don't know how to disable it. If I have to use my control panel, I can't do it because my computer won't let me open anything there either. It says I don't have Rundll32.dll even though I do have it. And I didn't update it. And this is what it picked up: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run\"ishost.exe" HKLM\SYSTEM\CurrentControlSet\Services\iPodService |
xoLacieox (12032) | ||
| 535267 | 2007-03-24 01:04:00 | If trojan remover still picks this up: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run\"ishost.exe" get it to remove it from the registry. Then boot into safe mode (hold F8 after u reboot). Search for ishost.exe and delete it. Then reboot. Then see if u can get into the control panel. |
Speedy Gonzales (78) | ||
| 535268 | 2007-03-24 02:03:00 | All my programs are working correctly now! Thank you SO much! | xoLacieox (12032) | ||
| 535269 | 2007-03-24 02:10:00 | Cool, good to hear everything is back to normal! :thumbs: That ishost I think belongs to a worm . And would have been one of the main probs . I would install a firewall too . Use something like Comodo (http://www . personalfirewall . comodo . com/) And install SP1 or 2 and the XP updates . |
Speedy Gonzales (78) | ||
| 535270 | 2007-03-24 02:25:00 | It probably was. I'll have to remember that for future reference but hopefully I won't need to. | xoLacieox (12032) | ||
| 1 2 | |||||