I cannot access the task manager

Well, I finished my scan, and still, nothing was found except for spyware.

Anyways, here is my new HJT log.

Okay, I currently have another problem.

-When I go to Start > Search, I get an error that says "A file that is needed to run Search Companion is not found. You may need to run setup."

-Are you sure that I am infected with the "gaobot bc worm(winupdates.exe)"?

No longer. You've cleaned it out.

Oh, really? Thank you all very much for the help then.
But, my disk defragment is broken, my search companion is broken, how can I get these programs working again?


-Disk defrag with error "MMC cannot open the file C:\Windows\System32\dfrg.msc. This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient right to access the file."

-when I go to start > run > regedit, the command prompt opens then quickly closes.
-and I cannot find my system32 folder.
-the only good thing is that taskmgr is working again

Let HJT fix the following.

O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [Advanced Message Server] rundll32.exe ams491.dat,Execute

O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart

O4 - Global Startup: gameutil.exe.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe

Regards Howard

So does this mean I'm free of the trojan/virus?

Looks that way to me.

Regards Howard

:grinthumb Okay, thank you so much, I'm so glad to get rid of the ugly virus :grinthumb :grinthumb :giddy:

I have one more suggestion for you.

Download and install Firefox from www.mozilla.org

It`s a lot safer than IE. Just use IE for windows updates.

Regards Howard :grinthumb

blah3 to find your system files:

Open Windows Explorer. Navigate to Tools | Folder Options | View (tab)
Select: Showhidden files and folders.
Untick: Hide protected operating system files (recommended)

hi i have same problem..
i scanned using trojan hunter, adaware, trend micro and panda and killed fixed everything there but problem still occurs..
pls help me..

Logfile of HijackThis v1.99.1
Scan saved at 2:12:44 AM, on 6/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\Themes\ThemeManager\wbload.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Falcanium\My Documents\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13151D1E-0283-4AB3-BD88-F15486C16E90}: NameServer = 209.250.128.6 209.250.128.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{13151D1E-0283-4AB3-BD88-F15486C16E90}: NameServer = 209.250.128.6 209.250.128.8
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\Themes\ThemeManager\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Hello and welcome to Techspot.

Go HERE and follow the instructions carefully.

Once you have done that, go HERE for instructions on how to post your Hijackthis log.

Regards Howard :wave: :wave:

wow, this has become a popular thread!

yep, this sure has become a popular thread

I want to headbutt this fvcking thing in the tit. I'm having the same problem as most have mentioned (some programs do not open at all, task manager won't open except in Safe Mode.) all occuring at my uncle's office where the workers apparently open up any email they recieve. Nothing unusual in MSCONFIG that I can see, just AVG and a few other things I googled that turn out OK. No winupdates.exe found as recommended by Symantec's gaobot fix that was previously brought up in this thread. When I went to try the windows/system32 as mentioned earlier, it tries to access a webpage, but the internet is not currently working at all on one infected computer and VERY sporadically on the other. Here's that fancy HJT dealy that all the kids seem to be using these days:

Baba please read & digest this post from realblackstuff

Yay, I fixed two of my programs. Search Companion, and Disk Defragmenter. Here's how I fixed it,

I solved two of these problems WITHOUT reformatting. It was simple. All I did was run my Norton Disk Doctor, Norton WinDoctor, and a few other Norton Utilities. These things only come with Norton System Works though, I think. Regedit still doesn't work for me, but maybe I'll find a way to fix, if I need to, becuase I just use regedit.exe now.

I did another scan a few days ago, and I was STILL infected. I did an online virus scan from Panda. And it found that I was still infected with the virus W32/Alcan.A.worm. Well, anyways the scan got rid of it, but I'm still wondering if I'm still infected.

Try a scan with Trend Housecall. See if that finds anything.

help me

i m having a problem......i cannot access to my task manager,my 'folder option' is disappear and lots more...........i have send my hijack log file