Over 1 million tech questions and answers.

ishost.exe and others. Here's my HJT log

Q: ishost.exe and others. Here's my HJT log

Hi, I have tried to remove these viruses but no luck. I am running windows XP, SP2. Using firefox. I have scanned with NOD32 and spybot.
Here is my HJT log, pleeeease help me. I'm going nuts.

Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 6:16:19 PM, on 2/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\{B46D090B-0E11-1033-0902-04003d}\Update.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ProductiveMail\productivemail.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ofps.exe
C:\Program Files\Typeitin\TypeItIn.exe
C:\WINDOWS\System32\snmp.exe
C:\flexlm\Solid Works 2005 crack\Solid Works 2005 crack\lmgrd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\flexlm\Solid Works 2005 crack\Solid Works 2005 crack\SW_D.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cool.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismon.exe
C:\PROGRA~1\MINEFI~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eftel.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eftel.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [a17d9a37.exe] C:\WINDOWS\system32\a17d9a37.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [a17d9a37.exe] C:\Documents and Settings\Terry\Local Settings\Application Data\a17d9a37.exe
O4 - Startup: ProductiveMail.lnk = C:\Program Files\ProductiveMail\productivemail.exe
O4 - Startup: Shortcut to TypeItIn.lnk = C:\Program Files\Typeitin\TypeItIn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/0.9.0929.18/WinSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140525024341
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\system32\ofps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\Solid Works 2005 crack\Solid Works 2005 crack\lmgrd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

RELEVANCY SCORE 200
Preferred Solution: ishost.exe and others. Here's my HJT log

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: ishost.exe and others. Here's my HJT log

Read other 14 answers
RELEVANCY SCORE 44

This is the same problem another guy had on this forum that miekiemoes helped with. I believe some of the files (ie dlls) are named differently on mine however. TM's AV does see the file, but then can't quarantine it. I'm going to go back to the other thread and see what I can do, but last time i got rid of it and it grew back I guess.Thanks for any help ahead of time. Logfile of HijackThis v1.99.1Scan saved at 7:27:13 AM, on 7/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\WINDOWS\SYSTEM32\SPOOLSV.EXEH:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXEC:\WINDOWS\System32\svchost.exeH:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeH:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\EXPLORER.EXEC:\Program Files\ASUS\Probe\AsusProb.exeH:\Program Files\Trend Micro\Internet Security 2006\pccguide.exeC:\WINDOWS\CTH... Read more

A:Ishost.exe

Hello and welcome! Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmthen...You have the latest version of VX2. Download L2mfix from one of these two locations:http://www.downloads.subratam.org/l2mfix.exehttp://www.atribune.org/downloads/l2mfix.exeSave the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!if you receive, while running optio... Read more

Read other 8 answers
RELEVANCY SCORE 44

i too have the same problem, however I don't have hijack this on, but i have my ewido report here
ewido anti-spyware - Scan Report

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{93ac7c30-3878-4eaa-9420-7977285df5b1} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\efcywxy.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sstqo.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Name2\Local Settings\Temporary Internet Files\Content.IE5\MWITV98K\ieatgpc[1].cab/ieatgpc.dll -> Adware.WebEx : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\ieatgpc.dll -> Adware.WebEx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\components\flx5.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pmnqguh.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\PK T42 Files\Downloads\emedsys.exe/vnc-3.3.3r9_x86_win32.zip/vnc_x86_win32/vncviewer/vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1606980848-2077806209-682003330-1003\Dc69\EDI.exe/vnc-3.3.3r9_x86_win32.zip/vnc_x86_win32/vncviewer/vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1606980848-2077806209-682003330-1003\Dc69\vnc-3.3.3r9_x86_win32.zi... Read more

A:ishost.exe

Hi, Welcome to TSG!!

Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 1 answers
RELEVANCY SCORE 44

when i close down my computer running windows xp i get the error message that ishost.exe had a problem. i checked google. went to a diff. tech support forum. got the hijackthis utility and ran it and here are the results.

Logfile of HijackThis v1.99.1
Scan saved at 11:50:57 AM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Gateway Wireless Monitor\WLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Gateway Wireless Monitor\WLanCfgBI.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ishost.exe
C:\Program Files\Common Files\AOL\1126361745\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTru... Read more

A:ishost.exe help

Bump.

Read other 19 answers
RELEVANCY SCORE 44

Recently my computer started showing a little icon called "Virus Alert!" in the bottom right notification area.About 1-3 times every few minutes it'll popup a little window:Heres my hijakthis log:Logfile of HijackThis v1.99.1Scan saved at 4:45:44 PM, on 7/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\So... Read more

A:Ishost.exe

Hello,It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!Please download VundoFix.exe to your C:\.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning,Right click the list box (white box) in the main VundoFix window.Select ?Add More Files?? from the menu that comes up. This will open a new VundoFix window.In the Window: copy and paste next in the first field: C:\WINDOWS\SYSTEM32\mljgdec.dllCopy and paste next in the second field: C:\WINDOWS\SYSTEM32\winmmt32.dllCopy and paste next in the third field:C:\WINDOWS\system32\pmnqguh.dllClick the ?Add Files? button.Click the "Close Window" button.Click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.* Download smitRem and save the file to your desktop.Doubleclick it and choose install. This will create a new folder on your deskto... Read more

Read other 16 answers
RELEVANCY SCORE 44

All of a sudden I got this little, annoying pop-up every time I booted. In the Task Manager I found out that its name was "ishost.exe". I have followed your instructions, but I was not completely sure it was a great idea to remove the "ishost.exe"-file, so I just renamed it to "ishost.ex". I rebooted my computer in normal mode, and the screen started switching between "rainbow colors", white screen and grey screen. It did that in about 30 seconds, and afterwards just went on booting. How could it be? Should I name it "ishost.exe" again?

A:Ishost.exe - Help!

Leave the file alone and follow the instructions here and see if it fixes it:

www.bleepingcomputer.com/forums/topic17258.html

Read other 1 answers
RELEVANCY SCORE 43.2

i don't know what's wrong with my computer.
random pop ups show up
sometimes there's extra malware/adware icons in the taskbar where the **** is
there's ishost.exe, issearch.exe, isnotify.exe running in the processor
please help
here's my hack this log

Logfile of HijackThis v1.99.1
Scan saved at 2:28:33 PM, on 17/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Τasks\chkdsk.exe
C:\Documents and Settings\cha\Application Data\Аdobe\l&#1086... Read more

A:help, suspect ishost.exe

Hi, aolifuyu.

Welcome to TSG.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download ewido anti-spyware from HERE and save that file to your desktop. This is a 30 day trial of the program

Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recomm... Read more

Read other 1 answers
RELEVANCY SCORE 43.2

i don't know what's wrong with my computer.random pop ups show upsometimes there's extra malware/adware icons in the taskbar where the clock isthere's ishost.exe, issearch.exe, isnotify.exe running in the processorplease helphere's my hack this logLogfile of HijackThis v1.99.1Scan saved at 2:28:33 PM, on 17/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\system32\ishost.exeC:\WINDOWS\system32\issearch.exeC:\WINDOWS\system32\isnotify.exeC:\WINDOWS\system32\ismon.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Common Files\Real\Upda... Read more

A:Help, Suspect Ishost

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

Read other 1 answers
RELEVANCY SCORE 43.2

Hi, can someone be kind enough to review my HJT log and advise me on how to remove these unwanted processes? Here is my log:

Thanks in advance

One more thing: I have FIVE "svchost.exe" processes running in my Windows Task Manager, and one of them is taking up 21,044K. I'm not sure if these are all benevolent processes (but they have "system, network service, and local servcie" as the User Name next to them). Can someone tell me if they are, and if they are not, how to remove them? Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 11:20:09 AM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Prog... Read more

A:ishost.exe , ismini.exe from HJT log! PLEASE HELP!

Read other 14 answers
RELEVANCY SCORE 43.2

I have doing some research about this and was "glad" to see that I am not the only one with this stupid thing. So I have run hijackthis and here is my logfile. I appreciate in advance anyone that can talk me thru this process.

Logfile of HijackThis v1.99.1
Scan saved at 9:54:52 PM, on 7/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS2\system32\LEXBCES.EXE
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\system32\LEXPPS.EXE
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\System32\isnotify.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS2\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee.com\VSO\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS2\System32\tcpsvcs.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\PROGRA~1... Read more

A:ishost problem

Read other 14 answers
RELEVANCY SCORE 43.2

I have the exact same problem followed instructions to the letter and still have the same results. Is there any chance a step got left off? Hope you guys can help my wife doesn't like it when I "restore" the computer I have a tendency to not back EVERYTHING up...

Here's my log
Logfile of HijackThis v1.99.1
Scan saved at 2:02:19 AM, on 7/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pcbuiu.exe
C:\WINDOWS\system32\glsyi.exe
C:\WINDOWS\system32\glsyi.exe
C:\WINDOWS\system32\glsyi.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ismon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Windows Media Connec... Read more

A:suspect ishost.exe

Hi, Welcome to TSG!!
Please move hijackthis.exe into a permanent folder.

To create a permanent folder click My Computer, then C:\
In the menu bar click on File, New, Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder.
Put your HijackThis.exe into that folder and post another log.
 

Read other 1 answers
RELEVANCY SCORE 43.2

Hi there,
i have unfortuantely recieved the trojans ishost.exe, issearch.exe and ismon.exe while downloading a file. I get unnecessary pop ups and security warnings on my computer. I use firefox as my internet explorer gets re-directed to another site related to this virus/trojan. Could someone please help me with the removal of these nasty trojans. I've got the programme hijack this, and would be willing to post my report up with guidance.

thanks,
steff

A:Ishost.exe Removal

This is my log file after running hijack this.Logfile of HijackThis v1.99.1Scan saved at 9:46:34 p.m., on 11/08/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2337f75b6cfb9c1756b2d48701476ee3\update\update.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\... Read more

Read other 3 answers
RELEVANCY SCORE 43.2

Logfile of HijackThis v1.99.1Scan saved at 22:59:00, on 2006-09-25Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program\Billionton\Bluetooth-programvara\bin\btwdins.exeC:\Program\Delade filer\Symantec Shared\ccProxy.exeC:\Program\Delade filer\Symantec Shared\ccSetMgr.exeC:\Program\Norton AntiVirus\navapsvc.exeC:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\Program\Promise\Utility\MsgAgt.exeC:\Program\Delade filer\Symantec Shared\SNDSrvc.exeC:\WINDOWS\System32\svchost.exeC:\Program\Delade filer\Symant... Read more

A:Problem With Ishost.exe

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 2 answers
RELEVANCY SCORE 43.2

I've seen other threads about this infection but much of the help seemed to be specific to the individual which is why I thought I should make a new topic.------Logfile of HijackThis v1.99.1Scan saved at 13:37:45, on 07/10/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\avgamsvr.exeC:\PROGRA~1\AVG\avgupsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\avgcc.exeC:\Program Files\Common Files\{C87C0E6F-05BB-2057-1107-02020711002c}\Update.exeC:\WINDOWS\System32\ishost.exeC:\WINDOWS\System32\ismini.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\NOTEPAD.EXED:\Fish\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)O4 - HKLM\..\Run: [Logon Loader Random] "C:\Program Files\Logon Loa... Read more

A:Ishost Etc. Popups And The Like

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.Let's continue...It is a good idea to print off these instructions:This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!If you have any queries about the process or just general questions, just ask.Now reboot into Safe Mode.This can be done tapping the F8 key as soon as you start your computer You will be brought to a menu where you can choose to boot into safe mode. Make sure you choose the option without networking support.Once in Safe Mode, open the SmitfraudFix folder again. Double-click smitfraudfix.cmd.Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace th... Read more

Read other 20 answers
RELEVANCY SCORE 43.2

HiI followed all the links to download the cleaning programs but i seem to not be able remove ISHOST.exe (is was in small case now in caps)spy bot is blocking it atm.Please can anyone help thanksShawnLogfile of HijackThis v1.99.1Scan saved at 17:24:49, on 11/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\runservice.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\VM_STI.EXEC:\Program Files\Java\jre1.5.0_09\bin\jusched.exeC:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exeC: ... Read more

A:Ishost.exe Problems Plz Help

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

Read other 16 answers
RELEVANCY SCORE 43.2

ishost.exe and some other "is" pieces of malware are in my system. Any help is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 10:08:33 PM, on 10/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\netmsg.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\MUSICM~2\MMDiag.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program... Read more

A:ishost.exe is on my computer (HJT Log within)

Please turn off (uncheck) the Wordwrap feature in Notepad, by going to Format in the menu bar. It creates the double space effect in the HJT log, and is difficult to read. Please post a new HijackThis log.

Read other 1 answers
RELEVANCY SCORE 43.2

Hey..I've had this for a pretty long time and I'm looking to get rid of it..Here's the logfile..Logfile of HijackThis v1.99.1Scan saved at 11:01:05 AM, on 11/25/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\Program Files\Softex\OmniPass\Omniserv.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\ps2.exeC:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre1.5.0_03\bin\jusched.exeC:\PROGRA~1\Grisof... Read more

A:Trouble With Ishost.exe Etc.

Hey metallica572Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Whilst completing the fix please use the Internet as little as posssible. Do not install any programs whilst we fix your computer - even the smallest of programs can wreak havoc.Put Hijackthis in a Permanent Location:Please put Hijackthis in a permanent location i.e. C:\Hijackthis. See here for instructions: First put hijackthis into a permanent folder. Do this first - go to C: and create a new permanent folder. Example C:\hijackthis This is necessary to ensure you have backups should anything go wrong. Then put (or download - choose "save" not "run") the hijackthis.exe file in this folder. If you downloaded a zipped HJT file unzip it to the permanent folder so you have C:\hijackthis\hijackthis.exe.This is an excellent guide if you have any problems:Step-by-step tutorialRename Hijackthis:1. Locate the program Hijackthis.2. Select the file, right-click and select Rename.3. Please change the name to: jamielawSmitFraudFix:Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is det... Read more

Read other 7 answers
RELEVANCY SCORE 42.8

I tried to use EZtrust to remove ishost from my pc, but to no avail. My son dl'ed what he thought was a 'key' to a video game not knowing you should never open an unknown .exe file.

My firewall is keeping ishost from connecting, but it's still running in the background. Here is my log. Any help will be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 6:45:14 AM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ishost.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\HP\Digital Imaging\bi... Read more

A:Ishost problem....can't remove.

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

Read other 2 answers
RELEVANCY SCORE 42.8

i've try to delete all the files.. doesnt work.. it orginially had ishost and all those .exe files, but now, its jus a dll file that is an bho on iexplorer (i think) thats downloading stuff that are infected, my avg every 5 min will pop up sayin at my temp folder there are files infected...below are hijackthis and combofix logs:await further instructions,thank youLogfile of HijackThis v1.99.1
Scan saved at 5:58:08 PM, on 15/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Jav... Read more

A:Ishost Ismini Isnotify

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download AVG Anti-Spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware. Do not run a scan just yet. We will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Clean out your Temporary Internet files.Internet ExplorerClose Internet Explorer and close any instances of Windows Explorer.Click Start -> Control Panel and then double-click Internet Options.On the General tab, click Delete Fil... Read more

Read other 10 answers
RELEVANCY SCORE 42.8

Hi Guys,Total newbie hoping for some help. I have tried using McAfee, Ewido, Ad-Aware and spybot to clean my computer. They have found all kinds of things but there seemst to be some ingering and pissing me off:ismon.exeishost.exewin(something).tmp.exeWhen I go back to McAfee it says I've never ran scans! Help!Any help would be much appreciated.TomHere is a log from Hijack this that shows them running:Logfile of HijackThis v1.99.1Scan saved at 5:17:28 AM, on 7/16/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ZoneLabs\isafe.exeC:\Program Files\ewido anti-spyware 4.0\guard.exec:\progra~1\mcafee\mcafee antispyware\massrv.exeC:\WINDOWS\Explorer.EXEc:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.ex... Read more

A:Spyware (ismon.exe, Ishost.exe?)

Hello tmccas1 and welcome to the BC HijackThis forum. It looks like there are a couple of items to clean up so let's get started.ImportantYour copy of HijackThis needs to be in a folder of it's own. If it is run from Temporary folders the backups and HijackThis itself could be accidentally deleted if the Temporary folders are cleaned. If it is run from the desktop then the backup files and folders can clutter up the desktop and be accidentally deleted.Please open My ComputerDouble-click on Local Disk (C:)Click on the File menu, point to New and then click on Folder. Name the folder 'HijackThis' or 'HJT'.Unzip to or copy and paste HijackThis.exe to the new folder.Next, download SmitfraudFix ? S!RiExtract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 8 answers
RELEVANCY SCORE 42.8

Please cjeck my HJT log. I got infected with spyware including ismini.exe and ishost.exe

Logfile of HijackThis v1.99.1
Scan saved at 9:48:46 pm, on 09/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Fil... Read more

A:My Hijack This log... ismini.exe and ishost.exe along with some more

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

Read other 8 answers
RELEVANCY SCORE 42.4

Logfile of HijackThis v1.99.1
Scan saved at 8:24:19 PM, on 9/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Ratix\Shortcuts\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Log... Read more

A:Check my HJT log. Got infected with ismini.exe and ishost.exe

Please post a HJT log from Normal Mode and we'll take a look. Thanks.

Read other 11 answers
RELEVANCY SCORE 42.4

A office mates computer is having issues with the fake adaware pop-up( ishost.exe) and several other problems with browser highjacking. I have previously cleaned up my computer following instructions on the lavasoft forum but want to be extra sure before working on someone elses. Here is the Hijackthis log file- hope someone can helpLogfile of HijackThis v1.99.1Scan saved at 13:10:41, on 7/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\uqsmckel.UQ\My Documents\Software - New\HijackThis\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar... Read more

A:Ishost.exe And Other Browser Highjack Issues

You have psoted the log from safe mode which is worthlessPlease download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We?ll get them next step.Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 6 answers
RELEVANCY SCORE 42.4

Err hi xP I've been following this forum for a while before actually joining and posting anything but I couldn't find anything that directly helped me with my problem, it seems that I have a whole bunch of problems collected into a lovely ball on my computer. D: Anyway previously I noticed I had ishost.exe running on my computer and found it as malware and I managed to delete it a couple months ago but just recently windows' malware alert thing (I have no idea what it's actually called) alerted me and then ishost.exe came back and this time with what I think is another program related to it called ismini.exe. Also I tried scanning with Ad-Aware but every time after maybe five minutes of running my computer automatically restarts after finding a "critical" file and I believe it has something to do with winlogon.exe (I checked it in the folder but I'm not sure if the logo is supposed to be a window with a moon and star in it o_O) because I have gotten alerts about before. Uhm that's all that I can describe for now, I do have hijackthis and I will be posting a log in the correct forum later on, I just thought I'd post here beforehand. Thanks to any and all who help me. ^^

A:Computer Infected (ishost, Winlogon(?), Etc)

Hello SabeSeems you have some files on your system that are related to smitfraud infections. I checked and saw that you have not posted a hijackthis log yet or lets try this first if your using Win XP or 2000:Print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download, install and update AVG Anti-Spyware 7.5. DO NOT perform a scan yet.Print out the AVG Anti-Spyware Install-Scan Instructions. Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet. Go here and follow the instructions for using SmitfraudFix. You will have to extract the zip file to you Desktop.(Click here for information on how to do this if not sure. Win 9x/2000 users click here. If you need an unzipping utility, download 7zip (its free). After using the tool as instructed, reboot again in "SAFE MODE" and double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu... Read more

Read other 2 answers
RELEVANCY SCORE 42.4

hey guys,

I'm having a similar problem to a few others.
I came back from a weekend away to find my computer running real bad.
Losts of pop-ups trying to get me to buy varying virus software.
There is also a few new processes in my windows task manager that wont go away when i delete them. (ishost.exe, ismon.exe, issearch.exe, isnotify.exe)

anyways... if u could help me tht would be muchly appreciated!!

here is my HJT

Thanks

-----------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:50:33 PM, on 23/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wir... Read more

A:how do i get rid of ishost.exe, ismon.exe, issearch.exe, isnotify.exe????

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

In the meantime, make sure you subscribe to this thread so that you will receive an instant email when I have replied with a fix to your problem. You may do this by clicking the Thread Tools option at the top of your post and then clicking Subscribe to this thread. Then, make sure Instant Notification by email is selected and click Add Subscription

Please be patient with me during this time.

Read other 19 answers
RELEVANCY SCORE 42

i have a hijack this logfile, i have run my norton and spysweeper, yet im still having threats, im going to post my logfile as of now, then repost once i folloe the steps that were listed here(http://forums.techguy.org/security/483862-help-suspect-ishost-exe.html)

if anyone has any other input about my current logfile though, its be greatly appreciated as i dont know if i have any other threats

http://hjt.thegreatchai.com/viewlog.php?log=1153627077_hijackthis.log

thats my loigfile
 

A:Solved: virus infection- ishost.exe and otehrs

Read other 16 answers
RELEVANCY SCORE 42

Thanks for the help, guys.

Logfile of HijackThis v1.99.1
Scan saved at 4:05:54 PM, on 7/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Pr... Read more

A:Solved: Infected with ishost.exe, hijack log posted

Read other 10 answers
RELEVANCY SCORE 42

Hello

Two days ago I opened a site which I shouldn't have I think, because now I'm experiencing all kinds of problems. Norton AV keeps warning me for attacks; ishost, ismon and cool.exe appeared and there's even a new connection besides my adsl connection called "CoolWeb". I tried a couple of programs(hitman pro, adaware se, SmitfraudFix(I still have the reports)) but nothing seems to help.

I'm running Windows XP SP2 and I have Norton IS 2004 (recently renewed).
Can anyone please help me? Furthermore, I fear there are many more problems I'm not even aware of(e.g.: i think i have too many java versions running)...

Now, I'm not sure if it's normal policy to just put the hijackthisreport here straight away, but other people seem to do it that way, so I'll give it a try.
Oh, and, stating the very obvious, I'm a beginner with all this stuff:

Here it goes:
Logfile of HijackThis v1.99.1
Scan saved at 12:24:44, on 2/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files... Read more

A:Can anyone help me removing ishost, ismon, mulbin32[1].exe and cool.exe

Read other 9 answers
RELEVANCY SCORE 42

Hello, I need some help please.

I started having pop ups about having malware threats and pop ups telling me that my
computer is infected and then it loads a trial version Spy-Quake2 that trys to get me to
buy it. (I have not installed Spy-Quake2). When I did a ctrl-alt-del to see the running
processes. I noticed "services.dll" and "update.exe". I rebooted into safe mode and found
both of these in a folder inside of of C:\Program Files\Common Files. I deleted this folder
and did a quick search of the registry and found only 1 key that was in explorer/run, for
the update.exe. I deleted it and restarted. I still have all the pop ups and spy-quake2,
issearch, and ishost is still present. Below is a current HijackThis log. Thank you for
any help.
Logfile of HijackThis v1.99.1
Scan saved at 9:20:36 PM, on 9/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\isse... Read more

A:Solved: Seaking help with issearch, ishost, spy-quake2..

Read other 16 answers
RELEVANCY SCORE 42

Hi, got a couple of problems.

Windows XP Home SP2
IE7
Firefox 1.5.0.8

On board Security Programs:

Spybot
HijackThis
Windows Defender
Spyware Blaster
Spyware Guard
Ad-Aware SE
AVG Free Edition
AVG Anti-Spyware
Zone Alarm v6.5.737.00

Thank you for any help on the following infections.

Well, after almost two years of no virus attacks and an occasional Trojan or other malware that was easily handled, I'm now confronted with a few issues that I can't seem to get rid of through normal means.

Spybot finds and I tell it to Fix the following but, they keep coming back and showing up in new Spybot scans:
YazzleSudoku
Smitfraud-C.
Smitfraud-C.Toolbar888

Note I Searched for Smitfraud remedies in this Forum and downloaded and ran the SmitfraudFix but it still shows up after running the Fix (in Safe Mode)...I'll post the rapport.txt log and a new HJT log at the end of this post.

My AVG Anti-Spyware Program keeps giving me a popup that I have the...
Adware.Softomate on my computer and even though it's in Quarantine, I still get the popup indicating it's an active malware (Medium Risk).

I thought I got rid of....
ishost.exe (Trojan Downloader)
I was unable to delete it normally (after a Search found it and I tried to delete it from there a popup told me it could not be deleted), so I used the Delete on Reboot feature in HJT, and after rebooting I still get a notification from ZoneAlarm to allow permission for it to access the Internet (I deny permission) ... Read more

A:Solved: Victim of Yazzle, Smitfraud-C., ishost.exe and more

Read other 3 answers
RELEVANCY SCORE 42

Every time I open IE after rebooting it has set itself to Work Offline. I thought this had to do with my confirmed smitfraud/ishost infection, but Spybot apparently dealt with that and the symptom's still here. It's not a problem with the Internet connection as Firefox works fine, but I still need IE occasionally. Also, running a scan in AdAware crashes winlogon.exe and I have to reboot - it gets to a certain point in the scan and commits hara-kiri. Ideas?Logfile of HijackThis v1.99.1Scan saved at 22:48:16, on 20/09/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5346.0005)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\system32\cisvc.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\... Read more

A:Something Messing With Ie And Adaware - Can't Seem To Get Rid. Smitfraud, Ishost Mentioned

Hello Assir and welcome to the BC HijackThis forum. Let's start with the following.Download ewido anti-spyware from HERE and save that file to your desktop.Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:Launch ewido-anti-spyware by double-clicking the icon on your desktop.Select the "Scanner" icon at the top and then the "Scan&q... Read more

Read other 8 answers
RELEVANCY SCORE 42

Logfile of HijackThis v1.99.1Scan saved at 7:29:23 PM, on 7/19/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ishost.exeC:\WINDOWS\system32\isnotify.exeC:\WINDOWS\system32\ismon.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\System32\nvraidservice.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy ... Read more

A:Ishost.exe, And Other Unknown Programs In Tasklist Starting With "is"

Hello,It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!* Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Don't use it yet.Please download VundoFix.exe to your C:\.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabClick the "Delete Cookies" buttonNext to it, Click the "Delete Files" buttonWhen prompted, p... Read more

Read other 2 answers
RELEVANCY SCORE 42

Logfile of HijackThis v1.99.1Scan saved at 1:13:54, on 7/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\UPHClean\uphclean.exeC:\Program Files\Microsoft Hardware\Mouse\point32.exeC:\Program Files\Eset\nod32kui.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Java\jre1.5.0_07\bin\jusched.exeC:\Program Files\TuneUp Utilities 2006\MemOptimizer.exeC:\Program Files\PeerGuardian2\pg2.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exeC:\Program Files\Azureus\Azureus.exeC:\WINDOWS\system32\ismon.exeC:\WINDOWS\system32&#... Read more

A:Ishost.exe Infection And Slow Loading Times.

Hello. You are infected with the smitfraud infection...Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 4 answers
RELEVANCY SCORE 40.4

Hi guys.

I got an ISHOST.exe virus which forced me to format and reinstall onto my second hard drive which I suspected would be easier than removing the spyware. I have recontracted an IE redirector and a trojan which as far as I can tell is repeatedly downloading malicous programs and executing malicous code (ewido is unable to repair, spyware doesn't find it etc. AVG heals new programs but won't get rid of the problem)

Anywho I have done a hijackthis log and would appreciate help and would like to express my thanks for you people doing an unpaid and thankless job.

Known details.

AVG reports Trojan Dialer.FR
Files are in system32 folder
ISHOST.exe has been quarunteened apparently
EWIDO showed a number of malicous programs in start up which I deleted, I suspect from your point of view that was a mistake?


Logfile of HijackThis v1.99.1
Scan saved at 12:43:38 AM, on 7/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\alg.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1... Read more

A:Definite trojan, spyware, ishost quarunteened, multiple other suspec programs present

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

O4 - HKLM\..\Run: [cxsrj.exe] D:\WINDOWS\System32\cxsrj.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD599852-1EF8-4E75-92EE-A8528F187D8B}: NameServer = 85.255.116.41,85.255.112.125
O17 - HKLM\System\CCS\Services\Tcpip\..\{F785EE30-E8F5-4C4B-B9AC-48ACEF11E1F8}: NameServer = 85.255.116.41,85.255.112.125
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.41 85.255.112.125
O17 - HKLM\System\CS1\Services\Tcpip\..\{BD599852-1EF8-4E75-92EE-A8528F187D8B}: NameServer = 85.255.116.41,85.255.112.125
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.41 85.255.112.125
O17 - HKLM\System\CS2\Services\Tcpip\..\{BD599852-1EF8-4E75-92EE-A8528F187D8B}: Nam... Read more

Read other 9 answers