CWShredder not fully helping, Task manager locked

Vandersveldt · 06-Jul-2008, 12:34 PM #1

Alright, this is my first time posting somewhere like this, I am very sorry if it comes out noobish.
I made the mistake of downloading an executable off of limewire, now lo and behold limewire continuously opens itself and shares about 1000 tiny little 100k zips, all with the same setup.exe that I ran inside of them. (I'm keeping the computer disconnected whenever I'm not attempting to find solutions)
Among many other problems that showed up at the same time, the task manager is blocked, when I try and open it from the command window, it says it's locked by the administrator, I am logged in as the administrator when receiving this message.
Spyware and adware are running rampant, internet explorer windows pop up everywhere, I've ran CWShredder from tips I've found based on filenames that seem to be virii, I've also found and ran SmitFraud, which looked like it had fixed everything, and yes, most of the problems are gone, or I wouldn't have been able to sit here and ask for help. However, the ones I've listed are still very much alive.
I've taken the liberty of making a hijackthis log, and hopefully this is what you need....

------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:25:55, on 7/6/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\hidserv.exe
C:\WINNT\444.470
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\portsv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\uoyzsydz.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\Fonts\svchost.exe
C:\winnt\system32\rswnw64r.exe
C:\Documents and Settings\Administrator\winlogon.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\Rundll32.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINNT\system32\kcntntdm.exe
C:\Program Files\Tor\tor.exe
C:\Program Files\limewire\limewire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\uoyzsydz.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Host Process] C:\WINNT\Fonts\svchost.exe
O4 - HKLM\..\Run: [{1F-F2-2F-F1-DW}] C:\winnt\system32\rswnw64r.exe DWram02FF
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\kcntntdm.exe DWram02FF
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Administrator\winlogon.exe
O4 - HKLM\..\Run: [6951f25e] rundll32.exe "C:\WINNT\system32\mgdntkci.dll",b
O4 - HKLM\..\Run: [{b846517e-9a1d-f3bb-4e5d-adeace8206a3}] C:\WINNT\System32\Rundll32.exe "C:\WINNT\system32\{0bc785dc-77f5-b37c-19a9-7a2f101caf56}.dll" DllInit
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [slide.exe] c:\program files\slide\slide.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Deewoo.lnk = C:\WINNT\system32\kcntntdm.exe
O4 - Startup: DW_Start.lnk = C:\WINNT\system32\rswnw64r.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1162316481812
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINNT\444.470.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINNT\portsv.exe

-------------------------------------------------

The file ended with an error message saying hijack this needed to be closed. The log is 6.56k if that matters. I'm hoping someone here can help, I really seem to have the same problem as http://forums.techguy.org/malware-re...k-manager.html , but due to things people said, I decided to post my own personal problem, as it may have different solutions than that one. Please help, and thanks for your time.

Vandersveldt · 06-Jul-2008, 11:15 PM #2

The popups have gotten so bad, I don't know what to do. I ran adaware, and it seemed to have most of it fixed, 6 hours later my GF wakes me up and says it has gotten 10 times worse, I come over and there's an IE page opening every 30 seconds. We don't USE IE, it's not the default browser! If ANYONE could help it would be very much appreciated!

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)