Also now it tells me that my windows memory is infected. windows explorer keeps ending and starting every 5 seconds…I tried moving/deleting the files but then usually my windows won’t run at all and then I have to reinstall it…HELP ME PLEASE!
Ok well I don’t think I’ve ever been so frustrated in my life. For the past 3 months, the internet on the 2 computers here at the house have worked for about 2-3 weeks. We had alot of problems, sent the router to Net gear and had it tested, couldn’t figure it out. I knew my computer here had spyware and has had it now for almost aslong as I can remember. And one day, my friend reccomended avast. Fortunately, Avast was able to remove most of the viruses, but the computer still has some problems(I can get online most of the time) He also told me about lots of the windows XP bugs (Sasser virus, etc).I had tried Spybot, then Adaware, then CWshredder, all in conjuntion, but they would work only temporarily. And then, it got real bad (About 3 months ago). I’ve tried searching, talking to dell, cox communications, and netgear, among 1000 different things. At times I had better sucess by simply unplugging the computer and then plugging back in. None of the above stated companies (nor Microsoft) was able to help, infact, Net gear charged me for it! (At the time everyone was telling us it was the router, since neither computer worked). Dell tried selling us Anti Virus stuff, but we refused to give in.(What a surprise : : , it’s in their better interest to PROMOTE this spyware stuff, since it puts people in a bind with their computers).
Anyways, here’s a hijack this scan. I’m about 99% sure these virus’s are scripting, as a few programs (Windows Media Player) doesn’t work. (And yes I’ve tried updating that stuff too). (There are some yahoo and other stuff, norton anti virus, etc).
I truly appreciate the help, as I have no other ideas, and I refuse to give in (and pay more money for a product that Manufacturers should stand behind). Thanks again
-Mike
Northern Virginia
USA
PS: My email is Illicon2003 @ hotmail . com just trying to prevent spam!!
Logfile of HijackThis v1.98.2
Scan saved at 4:13:35 PM, on 8/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Logfile of HijackThis v1.97.7
Scan saved at 3:50:44 PM, on 11/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\inetsrv\services.exe
C:\AIM95\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Config\Desktop\HijackThis.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onlygoodsearch.com/10022/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vwubx.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abosearch.com/sp.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
F1 - win.ini: run=C:\WINDOWS\inetsrv\services.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34445616-9EEE-FCBC-1F9E-CA0C63B82DDD} - (no file)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {DC710D77-5A09-2FBF-A797-DCAE7E649FA3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM..\Run: [xp_system] C:\WINDOWS\inetsrv\services.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [AIM] C:\AIM95\aim.exe -cnetwait.odl
O4 - HKCU..\Run: [xp_system] C:\WINDOWS\inetsrv\services.exe
O9 - Extra button: AIM (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1096432297265
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37609.4224074074
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab