Results 1 to 5 of 5

Thread: HJT Log

Threaded View

  1. 11-07-2006, 03:11 PM #3
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Whew!
    Ok, first some questions, is this your internet provider?

    qld.bigpond.net.au

    Did you run HiJackThis before or after the scans with Spybot and AdAware?
    The reason I ask is because the HJT log shows this in Running Processes;

    C:\WINDOWS\system32\ishost.exe

    While the Spybot scan shows it as fixed.

    Did you have AdAwareSE fix everything found?

    I may be trying a shortcut but let's see how much of this works;
    Download CCleaner and install it.

    Update both AdWareSE and Spybot.
    Reboot to SAFE MODE.

    Run CCleaner and run ONLY the default scan (Windows Tab). Do Not “Scan For Issues”
    Have it remove everything it finds.

    Next run Spybot. Full system Scan. Remove everything found.
    Run AdAwareSE, remove everything found.
    Run your AVG, full system scan and remove everything found.

    Reboot to normal mode.
    Run HJT and place checkmarks next to all of the following;
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30B10014-095F-3081-0124-03022503003d}\MyToolBar.dll

    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtag.dll,startup
    O4 - HKLM\..\Run: [ravdhpf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ravdhpf.dll,plpcgc
    O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
    O4 - HKLM\..\Run: [wyzgdkk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wyzgdkk.dll,zbjnhsb
    O4 - HKLM\..\Run: [zxjquyl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zxjquyl.dll,qejmsx

    O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.ato.gov.au/formflow/codebase/FormCtl.cab
    O16 - DPF: {224F7DEA-B7C1-11D3-AB40-00902712A5C9} (PLSAddin Class) - http://www.ato.gov.au/formflow/codebase/plsspeller.cab
    O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.ato.gov.au/formflow/codeb...riptobject.cab
    O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.ato.gov.au/formflow/codeb...tinstaller.cab

    Now if qld.bigpond.net.au is NOT your internet provider then you will need to place checkmarks here, BUT if it IS your internet provider then ignore these;
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au

    Once you have placed all the checkmarks then click the FIX button. Exit HJT.
    Then run a new HJT scan and post the log here.
    Last edited by jholland1964; 11-07-2006 at 03:29 PM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules