SLow Computer....Hijiack log included

Status
Not open for further replies.

magicman_Josh

Posts: 6   +0
Hello,

I've been tinkering with this computer for sometime now, but the girl who uses it refuses to discontinue using downloading programs, that come with bundled spyware.... after using cwshredder, about buster and spybot s&d
here is the hijack log..
 
Have you wiped the temp files, defragged, etc., as well? Here's a checklist:

-- Delete all temp files (c:\windows\temp\*.tmp, or on XP C:\Documents and Settings\username\Local Settings\Temp)

-- Delete temporary internet files (c:\windows\temporary internet files\*.*, or on XP C:\Documents and Settings\username\Local Settings\Temporary Internet Files)

-- If you use I.E., click on Tools, Internet Options, Delete Files, select "delete all off-line content", click OK

-- Click on Start, Programs, Accessories, Systems Tools, Disk Cleanup

-- Download AdAware, check for updates, run it and remove whatever it finds

-- Periodically empty the browser cache and the java plug-in cache

-- Download Diskeeper and defrag

-- Download, update and turn on SpywareBlaster and SpywareGuard (or your spyware removal tool of choice).
 
Hello and welcome to Techspot.

Your version of Hijackthis is out of date, and doesn`t seem complete.

Go HERE and follow the instructions carefully. Print them out if you can.

Once you have done that, post another HJT log.

Regards Howard :wave: :wave:
 
First, update your copy of Hijackthis!

Boot in Safe Mode.
Switch System restore OFF.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

LOADQM.EXE
N20050308.EXE
VIRTUALBOUNCER.EXE
BUDDY.EXE
SBGORXU.EXE
AdDestroyer.exe
istsvc.exe

Next, try to uninstall anything to do with:
C:\PROGRAM FILES\VBOUNCER\VIRTUALBOUNCER.EXE
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\AdDestroyer\AdDestroyer.exe

Next run a HJT scan and place a tick-mark in the little square before (if still there):
C:\WINDOWS\LOADQM.EXE
C:\N20050308.EXE
C:\PROGRAM FILES\VBOUNCER\VIRTUALBOUNCER.EXE
C:\WINDOWS\BUDDY.EXE
C:\WINDOWS\BUDDY.EXE

O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [¢‰¸ï0 4Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\SBGORXU.EXE
O4 - HKLM\..\Run: [nsvcin] C:\N20050308.EXE
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

When done, delete the highlighted bold files. When a directory-name is bold, delete everything in it, including that directory itself.
Boot normal. When all OK, switch System Restore back on.
 
every time I attempt to extract the files from the latest hijack this!

Mcafee finds a worm in it and deletes it..

I have tried several sites and several mirrors, and they are all doing it
 
Download it on another PC and unzip it there. It has only the one program-file in it.
Copy that on a floppy to transfer.
Use http://www.tomcoyote.org/hjt/
Your McAfee is giving you a false positive. Boot the infected PC in Safe Mode and switch McAfee off (and disconnect PC physically from the web!). Then make a directory C:\HJT on your diak and copy Hijackthis.exe into it.
 
Using the same procedure as in my previous post (stop .exe process, run HJT, delete bold), get rid of these:

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\ikkm.exe
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\WINUP2DATE.DLL,SHStart
O4 - Startup: riip.exe
 
Clean.
Now get a rope and tie your ladyfriend up, away from any computer, until she swears to you, by everything that is sacred to her, that she will NOT download anymore rubbish. :knock:
 
In a perfect world maybe,

I got a call from her mom last night because she was crying about "AIM" not working, the files were corrupted and infected with all kinds of crap.

Thanks again


Josh
 
Status
Not open for further replies.
Back