i need help again......

[stuveltje]

Quote:

Originally Posted by Linkster

can you run hijackthis on the infected computer? If so could you post the log from running it and maybe we can get rid of whatevers causing it

oke:
Logfile of HijackThis v1.99.0
Scan saved at 11:53:15, on 28-1-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\PROGRA~1\QUICKH~1\MailSvr.exe
C:\PROGRA~1\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~1\QHM32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\QUICKH~1\QHONLINE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\QUICKH~1\QHWSCSVC.EXE
C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\hopeloos\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Quick Heal e-mail Protection] C:\PROGRA~1\QUICKH~1\MailSvr.exe
O4 - HKLM\..\Run: [QH Live Update Scheduler] C:\PROGRA~1\QUICKH~1\UPSCHD.EXE /Check
O4 - HKLM\..\Run: [QH Office 2K Check] C:\PROGRA~1\QUICKH~1\O2KCHECK.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Quick Heal Messenger] C:\PROGRA~1\QUICKH~1\QHM32.EXE
O4 - HKLM\..\Run: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.EXE /LOADRUN
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.EXE /check
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096750544656
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...23/mcfscan.cab
O23 - Service: Quick Heal Helper Service WSC - Unknown - C:\PROGRA~1\QUICKH~1\QHWSCSVC.EXE
O23 - Service: Quick Heal Online Protection - Unknown - C:\PROGRA~1\QUICKH~1\QHONSVC.EXE

[Linkster]

Stuveltje - that log file looks clean except that I would shut off some of the virus programs as they may conflict with each other. I would also shut down Windows messenger unless you need it.
It looks like you have raid set up for your drives?
I noticed youre also loading Windows Media activeX on startup - unless youre doing a lot of D/L of movies and music constantly, it might be better to run that when you really need it.
I would then run the update to SP2 for Windows XP which will get a pretty fresh copy of all of the windows drivers - and if ya want the extra protection, the IE SP2 update as well - Ive been running it for some time and it seems to be running a little cleaner - has a builtin popup blocker.

I would also D/L and install the Webroot Spy Sweeper and let it run once to make sure that nothing is in your hosts file and some other little hidden places

[stuveltje]

Quote:

Originally Posted by Linkster

Stuveltje - that log file looks clean except that I would shut off some of the virus programs as they may conflict with each other. I would also shut down Windows messenger unless you need it.
It looks like you have raid set up for your drives?
I noticed youre also loading Windows Media activeX on startup - unless youre doing a lot of D/L of movies and music constantly, it might be better to run that when you really need it.
I would then run the update to SP2 for Windows XP which will get a pretty fresh copy of all of the windows drivers - and if ya want the extra protection, the IE SP2 update as well - Ive been running it for some time and it seems to be running a little cleaner - has a builtin popup blocker.

I would also D/L and install the Webroot Spy Sweeper and let it run once to make sure that nothing is in your hosts file and some other little hidden places

oh ah well i dont even know what that stuff what is running all do, lol, i am gonna try to shut most of...wish me luck

[Linkster]

One other thing you could do - run the task manager (ctrl-alt-del) and do a screen copy of it and post it

[stuveltje]

Quote:

Originally Posted by Linkster

One other thing you could do - run the task manager (ctrl-alt-del) and do a screen copy of it and post it

oke me gonna tr that too. just tried pcdoc lol that one got stopped too and the puter restarted again, it stopts and restarts herë:
documents and settings\hopeloos\local settings\temporary.......... the rest i couldnt see

[GenXer]

I use this to clean up my computer, it seems to do a great job.

It's freeware and I've used it for a while now, always cleans up some stuff that some of my other programs can't.

The download site is here in case you are interested.

http://www.xblock.com/download-freeware.shtml

[stuveltje]

Quote:

Originally Posted by GenXer

I use this to clean up my computer, it seems to do a great job.

It's freeware and I've used it for a while now, always cleans up some stuff that some of my other programs can't.

The download site is here in case you are interested.

http://www.xblock.com/download-freeware.shtml

Genxer, i have use that also but nothing goes thru my puter realy every programs stops when getting to that certain folder.

[Linkster]

Stuveltje - did you have any luck removing those tmp and dmp files? You can also change the location of your IE temp file directory in IE - from tools/temporary internet files/setting/move folder - once thats done you should be able to go back to the original directory and delete it including all the contents - if there is a specific file in the temp/dmp files that wont allow you to delete it let me know

[stuveltje]

Quote:

Originally Posted by Linkster

Stuveltje - did you have any luck removing those tmp and dmp files? You can also change the location of your IE temp file directory in IE - from tools/temporary internet files/setting/move folder - once thats done you should be able to go back to the original directory and delete it including all the contents - if there is a specific file in the temp/dmp files that wont allow you to delete it let me know

lol i deleted all the tmp and dmp files, then still it wont work normally so i got pissed and put the rest of the files in the trash even that didnt help so me have put them backlol i keep trying things, i am almost on that poitn me going to kill the puter