TechSpot

SLow Computer....Hijiack log included

By magicman_Josh
Apr 12, 2005
  1. Hello,

    I've been tinkering with this computer for sometime now, but the girl who uses it refuses to discontinue using downloading programs, that come with bundled spyware.... after using cwshredder, about buster and spybot s&d
    here is the hijack log..
     
  2. HeddaLora

    HeddaLora TS Rookie Posts: 17

    Have you wiped the temp files, defragged, etc., as well? Here's a checklist:

    -- Delete all temp files (c:\windows\temp\*.tmp, or on XP C:\Documents and Settings\username\Local Settings\Temp)

    -- Delete temporary internet files (c:\windows\temporary internet files\*.*, or on XP C:\Documents and Settings\username\Local Settings\Temporary Internet Files)

    -- If you use I.E., click on Tools, Internet Options, Delete Files, select "delete all off-line content", click OK

    -- Click on Start, Programs, Accessories, Systems Tools, Disk Cleanup

    -- Download AdAware, check for updates, run it and remove whatever it finds

    -- Periodically empty the browser cache and the java plug-in cache

    -- Download Diskeeper and defrag

    -- Download, update and turn on SpywareBlaster and SpywareGuard (or your spyware removal tool of choice).
     
  3. magicman_Josh

    magicman_Josh TS Rookie Topic Starter

    yes i've done that, what i need is my log file checked
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your version of Hijackthis is out of date, and doesn`t seem complete.

    Go HERE and follow the instructions carefully. Print them out if you can.

    Once you have done that, post another HJT log.

    Regards Howard :wave: :wave:
     
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    First, update your copy of Hijackthis!

    Boot in Safe Mode.
    Switch System restore OFF.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    LOADQM.EXE
    N20050308.EXE
    VIRTUALBOUNCER.EXE
    BUDDY.EXE
    SBGORXU.EXE
    AdDestroyer.exe
    istsvc.exe

    Next, try to uninstall anything to do with:
    C:\PROGRAM FILES\VBOUNCER\VIRTUALBOUNCER.EXE
    C:\Program Files\ISTsvc\istsvc.exe
    C:\Program Files\AdDestroyer\AdDestroyer.exe

    Next run a HJT scan and place a tick-mark in the little square before (if still there):
    C:\WINDOWS\LOADQM.EXE
    C:\N20050308.EXE
    C:\PROGRAM FILES\VBOUNCER\VIRTUALBOUNCER.EXE
    C:\WINDOWS\BUDDY.EXE
    C:\WINDOWS\BUDDY.EXE

    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [¢‰¸ï0 4Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\SBGORXU.EXE
    O4 - HKLM\..\Run: [nsvcin] C:\N20050308.EXE
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
    O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

    When done, delete the highlighted bold files. When a directory-name is bold, delete everything in it, including that directory itself.
    Boot normal. When all OK, switch System Restore back on.
     
  6. magicman_Josh

    magicman_Josh TS Rookie Topic Starter

    every time I attempt to extract the files from the latest hijack this!

    Mcafee finds a worm in it and deletes it..

    I have tried several sites and several mirrors, and they are all doing it
     
  7. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Download it on another PC and unzip it there. It has only the one program-file in it.
    Copy that on a floppy to transfer.
    Use http://www.tomcoyote.org/hjt/
    Your McAfee is giving you a false positive. Boot the infected PC in Safe Mode and switch McAfee off (and disconnect PC physically from the web!). Then make a directory C:\HJT on your diak and copy Hijackthis.exe into it.
     
  8. magicman_Josh

    magicman_Josh TS Rookie Topic Starter

    ok here is my current log..

    (attached)
     
  9. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Using the same procedure as in my previous post (stop .exe process, run HJT, delete bold), get rid of these:

    O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\ikkm.exe
    O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\WINUP2DATE.DLL,SHStart
    O4 - Startup: riip.exe
     
  10. magicman_Josh

    magicman_Josh TS Rookie Topic Starter

    Thanks for the help.. he is my newst log
     
  11. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Clean.
    Now get a rope and tie your ladyfriend up, away from any computer, until she swears to you, by everything that is sacred to her, that she will NOT download anymore rubbish. :knock:
     
  12. magicman_Josh

    magicman_Josh TS Rookie Topic Starter

    In a perfect world maybe,

    I got a call from her mom last night because she was crying about "AIM" not working, the files were corrupted and infected with all kinds of crap.

    Thanks again


    Josh
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...