TechSpot

Ishost.exe

By Egregius
Aug 6, 2006
  1. I have had problems with Ishost, Ismon.exe and others and have followed directions from another post to generate a hjt log, as posted below. Any response to the amount of crap I have on my system, and namely how to best get rid of it would be greatly appreciated!
     
  2. Egregius

    Egregius TS Rookie Topic Starter

    Deleted items

    Found some stuff in the hjt log that I found decidedly suspicious, so I deleted the following:

    R3 - URLSearchHook: (no name) - {A02B8A03-19BF-1348-EEAA-17848D971392} - C:\WINNT\system32\vtcwrnpp.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {A02B8A03-19BF-1348-EEAA-17848D971392} - C:\WINNT\system32\vtcwrnpp.dll
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
    O4 - HKCU\..\Run: [Rsrm] "C:\PROGRA~1\COMMON~1\YSTEM~1\iexplore.exe" -vt yazr
    O4 - HKCU\..\Run: [Folu] C:\Documents and Settings\Administrator\Application Data\s?curity\n?pdb.exe
    O4 - Global Startup: GStartup (2).lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O13 - WWW. Prefix: http://ehttp.cc/?
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall.cab
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123

    The consequences of this remains to be seen, but if you have comments to the above, or the revised hjt file below, it would be much appreciated :)
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of Egregius only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You shouldn`t be fixing anything, without being directed to do so.

    Run HJT and click on the config button. Click on the backups button and place a tick in all the little boxes. Click on the restore button and click yes. Reboot your system and follow the instructions I gave you in my first post.

    Regards Howard :)
     
  5. Egregius

    Egregius TS Rookie Topic Starter

    progress

    I offer my apologies for acting out of turn. My actions have been rectified and your instructions followed. The result is as seen below
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    TClock

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    tclock_install.exe
    n?pdb.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe

    O4 - HKCU\..\Run: [Rsrm] "C:\PROGRA~1\COMMON~1\YSTEM~1\iexplore.exe" -vt yazr

    O4 - HKCU\..\Run: [Folu] C:\Documents and Settings\Administrator\Application Data\s?curity\n?pdb.exe

    O20 - AppInit_DLLs: c:\winnt\system32\ping.dllc:\winnt\system32\winword.dll

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Documents and Settings\Administrator\Application Data\s?curity\n?pdb.exe
    C:\PROGRA~1\COMMON~1\YSTEM~1\iexplore.exe" -vt yazr Not to be confused with the folder System.
    C:\Program Files\TClock

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of Egregius only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Egregius

    Egregius TS Rookie Topic Starter

    Finishing touches

    I did as you suggested, and it does indeed appear to have rid me of all the exceptionally annoying little "guests" I seem to have had for a while. Performance-wise, my pc seems to be running better than it has for a long time, but then, performance has been abysmal for so long I'm not sure if it's back to normal or still running sub-par. Most importantly however, there are no pop-ups and my memory doesen't "disappear" after extended use. For this and your prompt responses, I thank you and your colleagues for the service you provide.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Well done. Your HJT log is clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Egregius only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...