Ishost.exe
- Thread starter Egregius
- Start date
- Status
Deleted items
Found some stuff in the hjt log that I found decidedly suspicious, so I deleted the following:
R3 - URLSearchHook: (no name) - {A02B8A03-19BF-1348-EEAA-17848D971392} - C:\WINNT\system32\vtcwrnpp.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {A02B8A03-19BF-1348-EEAA-17848D971392} - C:\WINNT\system32\vtcwrnpp.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKCU\..\Run: [Rsrm] "C:\PROGRA~1\COMMON~1\YSTEM~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Folu] C:\Documents and Settings\Administrator\Application Data\s?curity\n?pdb.exe
O4 - Global Startup: GStartup (2).lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
The consequences of this remains to be seen, but if you have comments to the above, or the revised hjt file below, it would be much appreciated
Found some stuff in the hjt log that I found decidedly suspicious, so I deleted the following:
R3 - URLSearchHook: (no name) - {A02B8A03-19BF-1348-EEAA-17848D971392} - C:\WINNT\system32\vtcwrnpp.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {A02B8A03-19BF-1348-EEAA-17848D971392} - C:\WINNT\system32\vtcwrnpp.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKCU\..\Run: [Rsrm] "C:\PROGRA~1\COMMON~1\YSTEM~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Folu] C:\Documents and Settings\Administrator\Application Data\s?curity\n?pdb.exe
O4 - Global Startup: GStartup (2).lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
The consequences of this remains to be seen, but if you have comments to the above, or the revised hjt file below, it would be much appreciated
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Go HERE and follow the instructions exactly.
Post a fresh HJT log into this thread, only after doing the above.
Regards Howard :wave: :wave:
This thread is for the use of Egregius only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Go HERE and follow the instructions exactly.
Post a fresh HJT log into this thread, only after doing the above.
Regards Howard :wave: :wave:
This thread is for the use of Egregius only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
You shouldn`t be fixing anything, without being directed to do so.
Run HJT and click on the config button. Click on the backups button and place a tick in all the little boxes. Click on the restore button and click yes. Reboot your system and follow the instructions I gave you in my first post.
Regards Howard
Run HJT and click on the config button. Click on the backups button and place a tick in all the little boxes. Click on the restore button and click yes. Reboot your system and follow the instructions I gave you in my first post.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
TClock
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
tclock_install.exe
n?pdb.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Rsrm] "C:\PROGRA~1\COMMON~1\YSTEM~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Folu] C:\Documents and Settings\Administrator\Application Data\s?curity\n?pdb.exe
O20 - AppInit_DLLs: c:\winnt\system32\ping.dllc:\winnt\system32\winword.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Documents and Settings\Administrator\Application Data\s?curity\n?pdb.exe
C:\PROGRA~1\COMMON~1\YSTEM~1\iexplore.exe" -vt yazr Not to be confused with the folder System.
C:\Program Files\TClock
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log and let me know how your system is running.
Regards Howard
This thread is for the use of Egregius only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
TClock
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
tclock_install.exe
n?pdb.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Rsrm] "C:\PROGRA~1\COMMON~1\YSTEM~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Folu] C:\Documents and Settings\Administrator\Application Data\s?curity\n?pdb.exe
O20 - AppInit_DLLs: c:\winnt\system32\ping.dllc:\winnt\system32\winword.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Documents and Settings\Administrator\Application Data\s?curity\n?pdb.exe
C:\PROGRA~1\COMMON~1\YSTEM~1\iexplore.exe" -vt yazr Not to be confused with the folder System.
C:\Program Files\TClock
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log and let me know how your system is running.
Regards Howard
This thread is for the use of Egregius only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Finishing touches
I did as you suggested, and it does indeed appear to have rid me of all the exceptionally annoying little "guests" I seem to have had for a while. Performance-wise, my pc seems to be running better than it has for a long time, but then, performance has been abysmal for so long I'm not sure if it's back to normal or still running sub-par. Most importantly however, there are no pop-ups and my memory doesen't "disappear" after extended use. For this and your prompt responses, I thank you and your colleagues for the service you provide.
I did as you suggested, and it does indeed appear to have rid me of all the exceptionally annoying little "guests" I seem to have had for a while. Performance-wise, my pc seems to be running better than it has for a long time, but then, performance has been abysmal for so long I'm not sure if it's back to normal or still running sub-par. Most importantly however, there are no pop-ups and my memory doesen't "disappear" after extended use. For this and your prompt responses, I thank you and your colleagues for the service you provide.
howard_hopkinso
Posts: 21,238 +17
Well done. Your HJT log is clean.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Egregius only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Egregius only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
Latest posts
-
US TikTok ban could begin next year as Biden signs law, but legal battle looms- dirtyferret replied
-
Logitech thinks the computer mouse needs an AI upgrade- kimo1 replied
-
Seagate's new Mozaic 3+ HAMR hard disk drives can last longer than conventional PMR HDDs- Squid Surprise replied
