ishost.exe problems
- Thread starter flm74
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Download and run these three tools. Follow the instructions for using each tool.
Tool1 Tool2 Tool3
Post a fresh HJT log into this thread, only after doing the above.
Regards Howard :wave: :wave:
This thread is for the use of flm74 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Download and run these three tools. Follow the instructions for using each tool.
Tool1 Tool2 Tool3
Post a fresh HJT log into this thread, only after doing the above.
Regards Howard :wave: :wave:
This thread is for the use of flm74 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
s?rvices.exe This not the same as the services.exe file which is legit. The question mark can be any random letter or number. It should be under your user name and not system.
javaw.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: (no name) - {FC49BAA7-0936-21BC-13A2-05F2C97342B7} - C:\WINDOWS\system32\laocddd.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\RACLE~1\javaw.exe" -vt yazr
O4 - HKCU\..\Run: [Fpxvvt] C:\Program Files\Common Files\s?stem32\s?rvices.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\RACLE~1\javaw.exe
C:\Program Files\Common Files\s?stem32\s?rvices.exe
C:\WINDOWS\system32\laocddd.dll
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
s?rvices.exe This not the same as the services.exe file which is legit. The question mark can be any random letter or number. It should be under your user name and not system.
javaw.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: (no name) - {FC49BAA7-0936-21BC-13A2-05F2C97342B7} - C:\WINDOWS\system32\laocddd.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\RACLE~1\javaw.exe" -vt yazr
O4 - HKCU\..\Run: [Fpxvvt] C:\Program Files\Common Files\s?stem32\s?rvices.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\RACLE~1\javaw.exe
C:\Program Files\Common Files\s?stem32\s?rvices.exe
C:\WINDOWS\system32\laocddd.dll
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
MyWaySA\SrchAsDe
Close control panel.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\MyWaySA
Reboot your computer and post a fresh HJT log.
Regards Howard
MyWaySA\SrchAsDe
Close control panel.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\MyWaySA
Reboot your computer and post a fresh HJT log.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
Your HJT log is now clean.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of flm74 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of flm74 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Post a fresh HJT log and I`ll check to see if it`s clean or not.
Regards Howard
Regards Howard
howard_hopkinso
Posts: 21,238 +17
You might want to try the last known good config option, instead of safe mode.
Regards Howard
Regards Howard
howard_hopkinso
Posts: 21,238 +17
- Status
Similar threads
Latest posts
-
Astronomers gather additional evidence suggesting Planet Nine is real- Lew Zealand replied
-
These credit cards feature OLEDs that light up upon payment- Uncle Al replied
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU
- anastrophe replied
