Another Task Manager not working thread....possible worm, HJT attatched

[Matt_M_123]

Ok, I have been reading around here for the last few days taking all this in. I have done a lot of stuff by following several of the stickys and still havent fixed it. Task manager will not come up with C.A.D. or right clicking the task bar and selecting it. So far I have done this......I followed most of the instructions on the coolwebsearch sticky. I ran all those programs (Adaware, SB S&D ect.) and came up with a bunch of stuff but one thing stood out. When I did a scan in Ad Aware, it came up with several critical objects labelled "worm". Below is a copy of the data from one of the files that I figure is in question. There were several other files in the list, all under this category and vendor: bszip.dll, cmd.com, netstat.com, ping.com, regedit.com, taskkill.com, and tracert.com.

"Vendor:Win32.P2P-Worm.Alcan.a
"Category:Worm
"Object Type:File
"Size:2 Bytes
"Location:C:\WINDOWS\system32\taskkill.com
"Last Activity:11-17-2005 2:49:07 AM
"Risk Level:Low
"TAC index:8
"Comment:
"Description2P worm

I selected remove and it said it removed them, and on a restart and rescan, they were back again. This may or may not have anything to do with the problem I am having but seeing that it was a reoccuring problem and wouldn't go away it made me think a little. I then went through the tutorial some more and booted in safe mode and went through and "fixed" a few items and deleted everything it told me to. I also noticed Task Manager works fine in safe mode. Anyway, I went back and booted normally and still have no task manager. I have attatched my HJT file for further diagnosis. Any help is GREATLY appreciated! Thanks a lot for helping!

 

[RealBlackStuff]

You don't run any Antivirus or Firewall (except perhaps that lousy XP-one).
That's absolutely stupid in this day and age.
And you did not follow the instructions EXACTLY either, you missed 2.
Come back when you have an AV.

 

[Matt_M_123]

I'll get on that today.......but which 2 did I miss?

The coolwebsearch sticky mentioned windows update(s) with a space in bewteen it and I had the line
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

I figured this one was not the same since it wasn't exctly the same and was afraid to delete it!
The other I'm guessing is the line
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

But again, in that walkthrough I didn't see anything pointing to a line 18 and was also afraid to delete it. If these are the 2 lines let me know and I'll get rid of em and go get me some anti-virus software. Are there any that you recommend highly??

 

[RealBlackStuff]

They were the ones.
Apparently the text between [ and ] can vary, I've taken them all out now.
Go to http://free.grisoft.com for their free AVG
Go to http://soho.sygate.com for their free Sygate personal firewall

 

[Matt_M_123]

Problem Fixed!!!!!!! :grinthumb

Ok, first thing I did was download the antivirus program and run a full scan. It found the WINUPDATES folder in program files and 3 files that were linked to that worm (called Worm/VB.CC). If you go into program files and try to get to this folder even with "show hidden files/folders" enabled, it doesn't show up, you have to manually enter it in the address box to get to it. Anyway, it deleted these and also the "winsupdate" line in hijack this and upon restart task manager works! Thanks for the link to that virus scanner and the usefull info on this site!