TechSpot

[Not curable - Sality] I Can't Install Antivirus in my Computer

By r0b0tic
Dec 15, 2010
  1. pls help i think there is virus that preventing me from installing any antivirus program
    i tried running on safe mode -failed
    also when im running a program such as CCleaner.exe im getting a
    runtime error Program C:\Program Files\CCleaner\CCleaner.exe R6002 - floating point support not loaded

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5319

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/1/2002 3:46:58 AM
    mbam-log-2002-01-01 (03-46-58).txt

    Scan type: Quick scan
    Objects scanned: 122870
    Time elapsed: 1 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\btkjih.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.



    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2002-01-01 00:51:30
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST340014A rev.3.06
    Running: 1h5bd3z7.exe; Driver: C:\DOCUME~1\Windows\LOCALS~1\Temp\uwlyypob.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE sysaudio.sys F54174C9 1 Byte [5D]
    PAGE sysaudio.sys F5418B39 1 Byte [65]
    .text ipfltdrv.sys F07DEB81 1 Byte [7E]
    ? C:\WINDOWS\system32\drivers\ookge.sys The system cannot find the file specified. !
    ? C:\DOCUME~1\Windows\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[784] WININET.dll!FindFirstUrlCacheEntryExW + 43AA 3D988B39 1 Byte [AB]
    .text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!FindFirstUrlCacheEntryExW + 43AA 3D988B39 1 Byte [AB]
    .text C:\WINDOWS\Explorer.EXE[1284] WININET.dll!FindFirstUrlCacheEntryExW + 43AA 3D988B39 1 Byte [AB]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1628] WININET.dll!FindFirstUrlCacheEntryExW + 43AA 3D988B39 1 Byte [AB]

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) 01100000-02140000 (17039360 bytes)

    ---- EOF - GMER 1.0.15 ----



    DDS (Ver_10-12-12.02) - FAT32x86
    Run by Windows at 0:42:32.85 on Tue 01/01/2002
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.735.587 [GMT 4.5:30]


    ============== Running Processes ===============

    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Windows\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

    ============= SERVICES / DRIVERS ===============

    R3 amsint32;amsint32;\??\c:\windows\system32\drivers\ookge.sys --> c:\windows\system32\drivers\ookge.sys [?]
    S2 BeatTrojanHelperOne;BeatTrojanHelperOne;\??\c:\documents and settings\windows\my documents\mosoforcedelete\forcedelete\beattrojanhelperone.sys --> c:\documents and settings\windows\my documents\mosoforcedelete\forcedelete\BeatTrojanHelperOne.sys [?]
    S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\advanced system optimizer 3\adasprot32.sys --> c:\program files\advanced system optimizer 3\adasprot32.sys [?]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
    S4 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\aso3defragsrv.exe --> c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [?]

    =============== Created Last 30 ================

    2010-12-14 04:49:48 2588 ----a-w- c:\windows\system32\ASOROSet.bin
    2010-12-14 04:49:48 16184 ----a-w- c:\windows\system32\ROBoot.exe
    2010-12-14 04:44:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Systweak
    2010-12-14 04:40:47 17136 ----a-w- c:\windows\system32\sasnative32.exe
    2010-12-14 04:38:28 -------- d-----w- c:\docume~1\windows\applic~1\Systweak
    2010-12-07 04:01:56 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
    2010-12-05 19:31:33 18944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
    2010-12-05 19:31:33 17920 ----a-w- c:\windows\system32\mdimon.dll
    2010-12-05 19:31:02 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-12-05 19:30:48 -------- d-----w- c:\windows\SHELLNEW
    2010-03-18 05:39:00 49488 ----a-w- c:\windows\system32\netfxperf.dll
    2010-03-18 05:39:00 297808 ----a-w- c:\windows\system32\mscoree.dll
    2009-11-11 15:36:20 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2009-09-23 20:00:08 156488 ----a-w- c:\windows\system32\mscorier.dll
    2009-07-29 21:27:14 23040 ----a-w- c:\windows\system32\dllcache\setup.exe
    2009-07-29 21:18:15 915456 ----a-w- c:\windows\system32\dllcache\wininet.dll
    2009-07-29 21:18:14 1208832 ----a-w- c:\windows\system32\dllcache\urlmon.dll
    2009-07-29 21:16:55 74240 ----a-w- c:\windows\system32\dllcache\mscms.dll
    2009-07-29 21:16:45 245248 ----a-w- c:\windows\system32\dllcache\mswsock.dll
    2009-07-29 21:16:45 147968 ----a-w- c:\windows\system32\dllcache\dnsapi.dll
    2009-07-29 21:15:15 105984 ----a-w- c:\windows\system32\dllcache\url.dll
    2009-07-29 21:15:03 128512 ----a-w- c:\windows\system32\dllcache\advpack.dll
    2009-07-29 13:27:15 3186 ----a-w- c:\windows\system32\presetup.cmd
    2009-07-29 13:27:14 28672 ----a-w- c:\windows\system32\setupold.exe
    2009-07-29 13:27:14 23040 ----a-w- c:\windows\system32\setup.exe
    2009-07-29 13:26:43 13976 ----a-w- c:\windows\system32\drivers\viaide.sys
    2009-07-29 13:16:59 247326 ----a-w- c:\windows\system32\strmdll.dll
    2009-07-29 13:15:43 253952 ----a-w- c:\windows\system32\es.dll
    2009-07-29 13:12:55 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll
    2009-03-08 00:52:46 1241088 ----a-w- c:\windows\system32\ieframe.dll.mui
    2009-03-08 00:52:30 49152 ----a-w- c:\windows\system32\msrating.dll.mui
    2009-03-08 00:52:18 2560 ----a-w- c:\windows\system32\mshta.exe.mui
    2009-03-08 00:51:06 4096 ----a-w- c:\windows\system32\ie4uinit.exe.mui
    2009-03-08 00:50:54 81920 ----a-w- c:\windows\system32\iedkcs32.dll.mui
    2009-02-09 13:26:35 715264 ----a-w- c:\windows\system32\dllcache\ntdll.dll
    2009-02-09 05:26:35 715264 ----a-w- c:\windows\system32\ntdll.dll
    2009-02-06 06:00:40 2066176 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2008-11-09 08:50:50 31768 ----a-w- c:\windows\system32\wucltui.dll.mui
    2008-11-09 08:50:48 92696 ----a-w- c:\windows\system32\dllcache\cdm.dll
    2008-11-09 08:50:48 23576 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2008-11-09 08:50:48 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2008-11-09 08:50:46 23576 ----a-w- c:\windows\system32\wuapi.dll.mui
    2008-04-14 06:30:00 99840 ----a-w- c:\windows\system32\mprmsg.dll
    2008-04-13 17:12:46 294912 ----a-w- c:\windows\system32\msh263.drv
    2008-04-13 17:12:46 23552 ------w- c:\windows\system32\wdmaud.drv
    2008-04-13 17:12:12 52736 ----a-w- c:\windows\system32\wzcsapi.dll
    2008-04-13 17:12:12 483840 ----a-w- c:\windows\system32\wzcsvc.dll
    2008-04-13 17:12:04 35328 ----a-w- c:\windows\system32\pid.dll
    2008-04-13 17:12:04 15360 ----a-w- c:\windows\system32\pjlmon.dll
    2008-04-13 17:12:02 16896 ----a-w- c:\windows\system32\msyuv.dll
    2008-04-13 17:11:56 47616 ----a-w- c:\windows\system32\iyuv_32.dll
    2008-04-13 17:11:56 20992 ----a-w- c:\windows\system32\hid.dll
    2008-04-13 17:11:54 52224 ----a-w- c:\windows\system32\dmutil.dll
    2008-04-13 17:11:52 47104 ----a-w- c:\windows\system32\cnbjmon.dll
    2008-04-13 12:16:38 141056 ----a-w- c:\windows\system32\drivers\ks.sys
    2008-04-13 12:16:38 141056 ----a-w- c:\windows\system32\dllcache\ks.sys
    2008-04-13 12:00:20 30080 ----a-w- c:\windows\system32\drivers\modem.sys
    2008-04-13 11:56:02 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
    2008-04-13 11:56:00 14592 ----a-w- c:\windows\system32\drivers\ndisuio.sys
    2008-04-13 11:51:26 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
    2008-04-13 11:51:26 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
    2008-04-13 11:46:08 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys
    2008-04-13 11:45:44 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys
    2008-04-13 11:45:42 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
    2008-04-13 11:45:42 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
    2008-04-13 11:45:16 49408 ----a-w- c:\windows\system32\drivers\stream.sys
    2008-04-13 11:45:16 49408 ----a-w- c:\windows\system32\dllcache\stream.sys
    2008-04-13 11:40:12 80128 ----a-w- c:\windows\system32\drivers\parport.sys
    2008-04-13 11:39:54 4352 ----a-w- c:\windows\system32\drivers\swenum.sys
    2008-04-13 11:39:48 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
    2008-04-13 11:36:48 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
    2008-04-13 11:36:42 63744 ----a-w- c:\windows\system32\drivers\mf.sys
    2008-04-13 11:31:34 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
    2008-04-13 11:31:34 37376 ----a-w- c:\windows\system32\drivers\amdk6.sys
    2008-04-13 11:31:34 36736 ----a-w- c:\windows\system32\drivers\crusoe.sys
    2008-04-13 11:31:32 42752 ----a-w- c:\windows\system32\drivers\p3.sys
    2008-04-13 11:31:32 35840 ----a-w- c:\windows\system32\drivers\processr.sys
    2006-08-24 11:45:06 150808 ----a-w- c:\windows\system32\rgb9rast_2.dll
    2005-09-23 02:58:52 74240 ----a-w- c:\windows\system32\mscories.dll
    2005-09-23 02:58:52 150016 ----a-w- c:\program files\internet explorer\mui\0409\mscorier.dll
    2005-04-25 09:15:46 40648 ----a-w- c:\program files\common files\microsoft shared\dw\DWDCW20.DLL
    2005-04-25 09:15:42 109768 ----a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE
    2005-04-25 09:14:40 701120 ----a-w- c:\program files\common files\microsoft shared\dw\DW20.EXE
    2004-09-20 15:42:48 109256 ----a-w- c:\program files\common files\microsoft shared\dw\1025\DWINTL20.DLL
    2004-01-07 06:51:24 237936 ----a-w- c:\windows\system32\unicows.dll
    2003-08-08 11:14:48 111192 ----a-w- c:\program files\common files\microsoft shared\dw\3082\DWINTL20.DLL
    2003-08-08 10:05:44 112216 ----a-w- c:\program files\common files\microsoft shared\dw\1036\DWINTL20.DLL
    2003-08-08 10:04:08 111704 ----a-w- c:\program files\common files\microsoft shared\dw\1040\DWINTL20.DLL
    2003-07-14 18:24:00 109120 ----a-w- c:\program files\common files\microsoft shared\dw\1042\DWINTL20.DLL
    2003-07-14 18:23:46 109120 ----a-w- c:\program files\common files\microsoft shared\dw\1028\DWINTL20.DLL
    2003-07-14 18:23:28 112704 ----a-w- c:\program files\common files\microsoft shared\dw\1031\DWINTL20.DLL
    2003-07-14 18:23:22 109120 ----a-w- c:\program files\common files\microsoft shared\dw\1041\DWINTL20.DLL
    2003-07-14 18:23:12 109120 ----a-w- c:\program files\common files\microsoft shared\dw\2052\DWINTL20.DLL
    2002-01-01 04:41:40 77824 ----a-w- c:\windows\system32\dllcache\spcommon.dll
    2002-01-01 04:41:40 61440 ----a-w- c:\windows\system32\dllcache\spcplui.dll
    2002-01-01 04:41:40 61440 ----a-w- c:\program files\common files\microsoft shared\speech\1033\spcplui.dll
    2002-01-01 04:41:38 774144 ----a-w- c:\windows\system32\dllcache\spttseng.dll
    2002-01-01 04:41:36 741376 ----a-w- c:\windows\system32\dllcache\sapi.dll
    2002-01-01 04:41:36 741376 ----a-w- c:\program files\common files\microsoft shared\speech\sapi.dll
    2002-01-01 04:41:36 36864 ----a-w- c:\windows\system32\dllcache\sapisvr.exe
    2002-01-01 04:41:36 36864 ----a-w- c:\program files\common files\microsoft shared\speech\sapisvr.exe
    2002-01-01 02:09:17 -------- d-----w- c:\docume~1\windows\applic~1\Malwarebytes
    2002-01-01 02:09:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2002-01-01 02:09:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2002-01-01 02:09:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2002-01-01 02:09:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2002-01-01 01:38:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2002-01-01 01:38:52 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2002-01-01 01:13:47 -------- d-----w- c:\docume~1\windows\applic~1\DriverCure
    2002-01-01 01:13:46 -------- d-----w- c:\docume~1\windows\applic~1\ParetoLogic
    2002-01-01 01:13:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
    2002-01-01 00:45:14 458240 ----a-r- c:\docume~1\windows\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2002-01-01 00:18:01 -------- d-----w- c:\program files\CCleaner
    2001-12-31 23:38:14 -------- d-----w- c:\docume~1\windows\locals~1\applic~1\Temp
    2001-12-31 23:38:14 -------- d-----w- c:\docume~1\windows\locals~1\applic~1\Adobe
    2001-12-31 23:24:25 -------- d-----w- c:\windows\SxsCaPendDel
    2001-12-31 21:05:20 -------- d-s---w- c:\windows\system32\Microsoft
    2001-12-31 21:02:58 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
    2001-12-31 21:01:59 5632 ----a-w- c:\windows\system32\dllcache\kbddiv2.dll
    2001-12-31 21:00:59 267776 ----a-w- c:\windows\system32\dllcache\fxssvc.exe

    ==================== Find3M ====================

    2009-07-29 21:17:12 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
    2009-07-29 21:17:12 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
    2009-07-29 21:17:08 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
    2009-07-29 21:16:52 956928 ----a-w- c:\windows\system32\msdtctm.dll
    2009-07-29 21:16:52 91648 ----a-w- c:\windows\system32\mtxoci.dll
    2009-07-29 21:16:52 161792 ----a-w- c:\windows\system32\msdtcuiu.dll
    2009-07-29 21:16:50 58880 ----a-w- c:\windows\system32\msdtclog.dll
    2009-07-29 21:16:50 428032 ----a-w- c:\windows\system32\msdtcprx.dll
    2009-07-29 21:15:46 691712 ----a-w- c:\windows\system32\inetcomm.dll
    2009-07-29 13:18:16 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-29 13:18:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2009-07-29 13:16:58 1379840 ----a-w- c:\windows\system32\msxml6.dll
    2009-07-29 13:16:56 74240 ----a-w- c:\windows\system32\mscms.dll
    2009-07-29 13:16:52 66560 ----a-w- c:\windows\system32\mtxclu.dll
    2009-07-29 13:16:48 90112 ----a-w- c:\windows\system32\wshext.dll
    2009-07-29 13:16:48 180224 ----a-w- c:\windows\system32\scrobj.dll
    2009-07-29 13:16:48 172032 ----a-w- c:\windows\system32\scrrun.dll
    2009-07-29 13:16:48 155648 ----a-w- c:\windows\system32\wscript.exe
    2009-07-29 13:16:48 135168 ----a-w- c:\windows\system32\wshom.ocx
    2009-07-29 13:16:48 135168 ----a-w- c:\windows\system32\cscript.exe
    2009-07-29 13:16:46 245248 ----a-w- c:\windows\system32\mswsock.dll
    2009-07-29 13:12:56 4096 ----a-w- c:\windows\system32\wmvdmod.dll
    2008-11-09 16:50:52 213528 ----a-w- c:\windows\system32\wuaucpl.cpl
    2008-04-14 06:30:00 997376 ----a-w- c:\windows\system32\msgina.dll
    2008-04-13 17:12:44 129536 ----a-w- c:\windows\system32\ksproxy.ax
    2008-04-13 17:12:10 74240 ----a-w- c:\windows\system32\usbui.dll
    2008-04-13 17:12:08 74752 ----a-w- c:\windows\system32\storprop.dll
    2008-04-13 17:12:06 397056 ----a-w- c:\windows\system32\s3gnb.dll
    2008-04-13 17:11:58 4096 ----a-w- c:\windows\system32\ksuser.dll
    2007-06-30 20:22:46 22752 ----a-w- c:\windows\system32\spupdsvc.exe
    2006-11-01 23:51:54 319456 ----a-w- c:\windows\system32\difxapi.dll
    2006-10-27 08:56:56 69632 ----a-w- c:\windows\system32\vuins32.dll
    2002-01-01 01:38:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2001-12-31 20:00:30 103140 ----a-w- C:\btkjih.pif

    ============= FINISH: 0:43:09.71 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/31/2001 10:04:08 PM
    System Uptime: 1/1/2002 12:35:32 AM (0 hours ago)

    Motherboard: | | KM266-8235
    Processor: AMD Athlon(tm) XP 2000+ | Socket A | 1665/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (FAT32) - 15 GiB total, 9.439 GiB free.
    D: is FIXED (FAT32) - 23 GiB total, 2.543 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: VIA Rhine II Fast Ethernet Adapter
    Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_74\3&61AAA01&0&90
    Manufacturer: VIA Technologies, Inc.
    Name: VIA Rhine II Fast Ethernet Adapter
    PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_74\3&61AAA01&0&90
    Service: FET5X86V

    Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318}
    Description: Floppy disk drive
    Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&371082C9&0&0
    Manufacturer: (Standard floppy disk drives)
    Name: Floppy disk drive
    PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&371082C9&0&0
    Service: flpydisk

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X
    CCleaner
    Dev-C++ 5 beta 9 release (4.9.9.2)
    HiJackThis
    Java Auto Updater
    Java(TM) 6 Update 23
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office Professional Edition 2003
    NetBeans IDE 6.9.1
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB973346)
    Update for Windows XP (KB967715)
    VIA Audio Driver Setup Program
    VIA Rhine-Family Fast-Ethernet Adapter
    WebFldrs XP
    WinRAR 4.00 beta 2 (32-bit)

    ==== Event Viewer Messages From Past Week ========

    12/6/2010 12:28:51 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -95868 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
    12/6/2010 10:14:53 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000D876B1DEA. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    12/31/2001 10:28:49 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281701325 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
    12/31/2001 10:13:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
    12/31/2001 10:13:27 PM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2001 10:04:23 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
    12/14/2010 9:10:50 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Advanced System Optimizer 3\mfc90u.dll. Reference error message: The operation completed successfully. .
    12/14/2010 9:10:50 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Advanced System Optimizer 3\Microsoft.VC90.MFCLOC.MANIFEST" on line 4.
    12/14/2010 9:10:50 AM, error: SideBySide [34] - Component identity found in manifest does not match the identity of the component requested
    12/10/2010 7:16:25 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +73512 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
    1/1/2002 5:40:24 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    1/1/2002 5:33:09 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    1/1/2002 12:21:50 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
    1/1/2002 12:17:46 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281852019 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
    1/1/2002 12:16:59 AM, error: SRService [104] - The System Restore initialization process failed.
    1/1/2002 12:16:59 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
    1/1/2002 12:16:36 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281905804 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
    1/1/2002 12:16:14 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281970888 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
    1/1/2002 12:16:14 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281888319 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
    1/1/2002 12:16:13 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281721485 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
    1/1/2002 12:16:12 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281940971 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
    1/1/2002 12:16:09 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282576000 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
    1/1/2002 12:16:08 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282030846 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
    1/1/2002 12:16:05 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282061186 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
    1/1/2002 12:08:43 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281910367 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
    1/1/2002 12:02:12 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282042472 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
    1/1/2002 12:01:46 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282487438 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
    1/1/2002 12:01:38 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    1/1/2002 12:01:33 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281991159 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
    1/1/2002 12:01:31 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282070822 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
    1/1/2002 12:01:30 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281726194 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
    1/1/2002 12:01:27 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282117091 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
    1/1/2002 12:01:22 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282255933 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
    1/1/2002 12:01:21 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282204866 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 48,005   +271

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. r0b0tic

    r0b0tic TS Rookie Topic Starter

    i posted the logs you requested sir... im waiting for your reply i really need some help
     
  4. Broni

    Broni Malware Annihilator Posts: 48,005   +271

    Never edit your previous reply just to post logs.
    Editing doesn't trigger email notification, so I'm not aware you did something.

    I'm afraid I have very bad news.

    You are infected with a polymorphic file infector (Sality). This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

    Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
    *.exe
    *.scr
    *.htm
    *.html
    *.xml
    *.zip
    *.rar
    *.doc
    *.jpg
    *.pdf

    Backup all your documents and important items only.
    DO NOT backup any files mentioned above.

    I suggest you do the following immediately:

    * Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
    * From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
    * DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

    For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

    To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

    Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

    To find out more information about how you may have got infected in the first place, you can read this article.

    I am sorry I cannot give any better news.
     
  5. r0b0tic

    r0b0tic TS Rookie Topic Starter

    thanks for giving some information about the virus... i did that before the complete reformat and reinstall but it comes back again and again... no hope on getting rid of this
     
  6. Broni

    Broni Malware Annihilator Posts: 48,005   +271

    Perhaps, you saved some infected files and moved them back, or you simply got reinfected.
    Formatting will remove any kind of infection.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.