[Not curable - Sality] I Can't Install Antivirus in my Computer

[r0b0tic]

pls help i think there is virus that preventing me from installing any antivirus program
i tried running on safe mode -failed
also when im running a program such as CCleaner.exe im getting a
runtime error Program C:\Program Files\CCleaner\CCleaner.exe R6002 - floating point support not loaded

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5319

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/1/2002 3:46:58 AM
mbam-log-2002-01-01 (03-46-58).txt

Scan type: Quick scan
Objects scanned: 122870
Time elapsed: 1 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\btkjih.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2002-01-01 00:51:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST340014A rev.3.06
Running: 1h5bd3z7.exe; Driver: C:\DOCUME~1\Windows\LOCALS~1\Temp\uwlyypob.sys


---- Kernel code sections - GMER 1.0.15 ----

PAGE sysaudio.sys F54174C9 1 Byte [5D]
PAGE sysaudio.sys F5418B39 1 Byte [65]
.text ipfltdrv.sys F07DEB81 1 Byte [7E]
? C:\WINDOWS\system32\drivers\ookge.sys The system cannot find the file specified. !
? C:\DOCUME~1\Windows\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[784] WININET.dll!FindFirstUrlCacheEntryExW + 43AA 3D988B39 1 Byte [AB]
.text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!FindFirstUrlCacheEntryExW + 43AA 3D988B39 1 Byte [AB]
.text C:\WINDOWS\Explorer.EXE[1284] WININET.dll!FindFirstUrlCacheEntryExW + 43AA 3D988B39 1 Byte [AB]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1628] WININET.dll!FindFirstUrlCacheEntryExW + 43AA 3D988B39 1 Byte [AB]

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 01100000-02140000 (17039360 bytes)

---- EOF - GMER 1.0.15 ----



DDS (Ver_10-12-12.02) - FAT32x86
Run by Windows at 0:42:32.85 on Tue 01/01/2002
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.735.587 [GMT 4.5:30]


============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Windows\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

============= SERVICES / DRIVERS ===============

R3 amsint32;amsint32;\??\c:\windows\system32\drivers\ookge.sys --> c:\windows\system32\drivers\ookge.sys [?]
S2 BeatTrojanHelperOne;BeatTrojanHelperOne;\??\c:\documents and settings\windows\my documents\mosoforcedelete\forcedelete\beattrojanhelperone.sys --> c:\documents and settings\windows\my documents\mosoforcedelete\forcedelete\BeatTrojanHelperOne.sys [?]
S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\advanced system optimizer 3\adasprot32.sys --> c:\program files\advanced system optimizer 3\adasprot32.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S4 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\aso3defragsrv.exe --> c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [?]

=============== Created Last 30 ================

2010-12-14 04:49:48 2588 ----a-w- c:\windows\system32\ASOROSet.bin
2010-12-14 04:49:48 16184 ----a-w- c:\windows\system32\ROBoot.exe
2010-12-14 04:44:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Systweak
2010-12-14 04:40:47 17136 ----a-w- c:\windows\system32\sasnative32.exe
2010-12-14 04:38:28 -------- d-----w- c:\docume~1\windows\applic~1\Systweak
2010-12-07 04:01:56 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-12-05 19:31:33 18944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2010-12-05 19:31:33 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-12-05 19:31:02 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-12-05 19:30:48 -------- d-----w- c:\windows\SHELLNEW
2010-03-18 05:39:00 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 05:39:00 297808 ----a-w- c:\windows\system32\mscoree.dll
2009-11-11 15:36:20 1130824 ----a-w- c:\windows\system32\dfshim.dll
2009-09-23 20:00:08 156488 ----a-w- c:\windows\system32\mscorier.dll
2009-07-29 21:27:14 23040 ----a-w- c:\windows\system32\dllcache\setup.exe
2009-07-29 21:18:15 915456 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-07-29 21:18:14 1208832 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2009-07-29 21:16:55 74240 ----a-w- c:\windows\system32\dllcache\mscms.dll
2009-07-29 21:16:45 245248 ----a-w- c:\windows\system32\dllcache\mswsock.dll
2009-07-29 21:16:45 147968 ----a-w- c:\windows\system32\dllcache\dnsapi.dll
2009-07-29 21:15:15 105984 ----a-w- c:\windows\system32\dllcache\url.dll
2009-07-29 21:15:03 128512 ----a-w- c:\windows\system32\dllcache\advpack.dll
2009-07-29 13:27:15 3186 ----a-w- c:\windows\system32\presetup.cmd
2009-07-29 13:27:14 28672 ----a-w- c:\windows\system32\setupold.exe
2009-07-29 13:27:14 23040 ----a-w- c:\windows\system32\setup.exe
2009-07-29 13:26:43 13976 ----a-w- c:\windows\system32\drivers\viaide.sys
2009-07-29 13:16:59 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-07-29 13:15:43 253952 ----a-w- c:\windows\system32\es.dll
2009-07-29 13:12:55 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll
2009-03-08 00:52:46 1241088 ----a-w- c:\windows\system32\ieframe.dll.mui
2009-03-08 00:52:30 49152 ----a-w- c:\windows\system32\msrating.dll.mui
2009-03-08 00:52:18 2560 ----a-w- c:\windows\system32\mshta.exe.mui
2009-03-08 00:51:06 4096 ----a-w- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 00:50:54 81920 ----a-w- c:\windows\system32\iedkcs32.dll.mui
2009-02-09 13:26:35 715264 ----a-w- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 05:26:35 715264 ----a-w- c:\windows\system32\ntdll.dll
2009-02-06 06:00:40 2066176 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-11-09 08:50:50 31768 ----a-w- c:\windows\system32\wucltui.dll.mui
2008-11-09 08:50:48 92696 ----a-w- c:\windows\system32\dllcache\cdm.dll
2008-11-09 08:50:48 23576 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2008-11-09 08:50:48 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2008-11-09 08:50:46 23576 ----a-w- c:\windows\system32\wuapi.dll.mui
2008-04-14 06:30:00 99840 ----a-w- c:\windows\system32\mprmsg.dll
2008-04-13 17:12:46 294912 ----a-w- c:\windows\system32\msh263.drv
2008-04-13 17:12:46 23552 ------w- c:\windows\system32\wdmaud.drv
2008-04-13 17:12:12 52736 ----a-w- c:\windows\system32\wzcsapi.dll
2008-04-13 17:12:12 483840 ----a-w- c:\windows\system32\wzcsvc.dll
2008-04-13 17:12:04 35328 ----a-w- c:\windows\system32\pid.dll
2008-04-13 17:12:04 15360 ----a-w- c:\windows\system32\pjlmon.dll
2008-04-13 17:12:02 16896 ----a-w- c:\windows\system32\msyuv.dll
2008-04-13 17:11:56 47616 ----a-w- c:\windows\system32\iyuv_32.dll
2008-04-13 17:11:56 20992 ----a-w- c:\windows\system32\hid.dll
2008-04-13 17:11:54 52224 ----a-w- c:\windows\system32\dmutil.dll
2008-04-13 17:11:52 47104 ----a-w- c:\windows\system32\cnbjmon.dll
2008-04-13 12:16:38 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2008-04-13 12:16:38 141056 ----a-w- c:\windows\system32\dllcache\ks.sys
2008-04-13 12:00:20 30080 ----a-w- c:\windows\system32\drivers\modem.sys
2008-04-13 11:56:02 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2008-04-13 11:56:00 14592 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2008-04-13 11:51:26 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
2008-04-13 11:51:26 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2008-04-13 11:46:08 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2008-04-13 11:45:44 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys
2008-04-13 11:45:42 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2008-04-13 11:45:42 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2008-04-13 11:45:16 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2008-04-13 11:45:16 49408 ----a-w- c:\windows\system32\dllcache\stream.sys
2008-04-13 11:40:12 80128 ----a-w- c:\windows\system32\drivers\parport.sys
2008-04-13 11:39:54 4352 ----a-w- c:\windows\system32\drivers\swenum.sys
2008-04-13 11:39:48 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2008-04-13 11:36:48 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2008-04-13 11:36:42 63744 ----a-w- c:\windows\system32\drivers\mf.sys
2008-04-13 11:31:34 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
2008-04-13 11:31:34 37376 ----a-w- c:\windows\system32\drivers\amdk6.sys
2008-04-13 11:31:34 36736 ----a-w- c:\windows\system32\drivers\crusoe.sys
2008-04-13 11:31:32 42752 ----a-w- c:\windows\system32\drivers\p3.sys
2008-04-13 11:31:32 35840 ----a-w- c:\windows\system32\drivers\processr.sys
2006-08-24 11:45:06 150808 ----a-w- c:\windows\system32\rgb9rast_2.dll
2005-09-23 02:58:52 74240 ----a-w- c:\windows\system32\mscories.dll
2005-09-23 02:58:52 150016 ----a-w- c:\program files\internet explorer\mui\0409\mscorier.dll
2005-04-25 09:15:46 40648 ----a-w- c:\program files\common files\microsoft shared\dw\DWDCW20.DLL
2005-04-25 09:15:42 109768 ----a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE
2005-04-25 09:14:40 701120 ----a-w- c:\program files\common files\microsoft shared\dw\DW20.EXE
2004-09-20 15:42:48 109256 ----a-w- c:\program files\common files\microsoft shared\dw\1025\DWINTL20.DLL
2004-01-07 06:51:24 237936 ----a-w- c:\windows\system32\unicows.dll
2003-08-08 11:14:48 111192 ----a-w- c:\program files\common files\microsoft shared\dw\3082\DWINTL20.DLL
2003-08-08 10:05:44 112216 ----a-w- c:\program files\common files\microsoft shared\dw\1036\DWINTL20.DLL
2003-08-08 10:04:08 111704 ----a-w- c:\program files\common files\microsoft shared\dw\1040\DWINTL20.DLL
2003-07-14 18:24:00 109120 ----a-w- c:\program files\common files\microsoft shared\dw\1042\DWINTL20.DLL
2003-07-14 18:23:46 109120 ----a-w- c:\program files\common files\microsoft shared\dw\1028\DWINTL20.DLL
2003-07-14 18:23:28 112704 ----a-w- c:\program files\common files\microsoft shared\dw\1031\DWINTL20.DLL
2003-07-14 18:23:22 109120 ----a-w- c:\program files\common files\microsoft shared\dw\1041\DWINTL20.DLL
2003-07-14 18:23:12 109120 ----a-w- c:\program files\common files\microsoft shared\dw\2052\DWINTL20.DLL
2002-01-01 04:41:40 77824 ----a-w- c:\windows\system32\dllcache\spcommon.dll
2002-01-01 04:41:40 61440 ----a-w- c:\windows\system32\dllcache\spcplui.dll
2002-01-01 04:41:40 61440 ----a-w- c:\program files\common files\microsoft shared\speech\1033\spcplui.dll
2002-01-01 04:41:38 774144 ----a-w- c:\windows\system32\dllcache\spttseng.dll
2002-01-01 04:41:36 741376 ----a-w- c:\windows\system32\dllcache\sapi.dll
2002-01-01 04:41:36 741376 ----a-w- c:\program files\common files\microsoft shared\speech\sapi.dll
2002-01-01 04:41:36 36864 ----a-w- c:\windows\system32\dllcache\sapisvr.exe
2002-01-01 04:41:36 36864 ----a-w- c:\program files\common files\microsoft shared\speech\sapisvr.exe
2002-01-01 02:09:17 -------- d-----w- c:\docume~1\windows\applic~1\Malwarebytes
2002-01-01 02:09:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2002-01-01 02:09:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2002-01-01 02:09:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2002-01-01 02:09:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2002-01-01 01:38:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2002-01-01 01:38:52 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2002-01-01 01:13:47 -------- d-----w- c:\docume~1\windows\applic~1\DriverCure
2002-01-01 01:13:46 -------- d-----w- c:\docume~1\windows\applic~1\ParetoLogic
2002-01-01 01:13:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2002-01-01 00:45:14 458240 ----a-r- c:\docume~1\windows\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2002-01-01 00:18:01 -------- d-----w- c:\program files\CCleaner
2001-12-31 23:38:14 -------- d-----w- c:\docume~1\windows\locals~1\applic~1\Temp
2001-12-31 23:38:14 -------- d-----w- c:\docume~1\windows\locals~1\applic~1\Adobe
2001-12-31 23:24:25 -------- d-----w- c:\windows\SxsCaPendDel
2001-12-31 21:05:20 -------- d-s---w- c:\windows\system32\Microsoft
2001-12-31 21:02:58 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2001-12-31 21:01:59 5632 ----a-w- c:\windows\system32\dllcache\kbddiv2.dll
2001-12-31 21:00:59 267776 ----a-w- c:\windows\system32\dllcache\fxssvc.exe

==================== Find3M ====================

2009-07-29 21:17:12 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-07-29 21:17:12 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-07-29 21:17:08 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-29 21:16:52 956928 ----a-w- c:\windows\system32\msdtctm.dll
2009-07-29 21:16:52 91648 ----a-w- c:\windows\system32\mtxoci.dll
2009-07-29 21:16:52 161792 ----a-w- c:\windows\system32\msdtcuiu.dll
2009-07-29 21:16:50 58880 ----a-w- c:\windows\system32\msdtclog.dll
2009-07-29 21:16:50 428032 ----a-w- c:\windows\system32\msdtcprx.dll
2009-07-29 21:15:46 691712 ----a-w- c:\windows\system32\inetcomm.dll
2009-07-29 13:18:16 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-29 13:18:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2009-07-29 13:16:58 1379840 ----a-w- c:\windows\system32\msxml6.dll
2009-07-29 13:16:56 74240 ----a-w- c:\windows\system32\mscms.dll
2009-07-29 13:16:52 66560 ----a-w- c:\windows\system32\mtxclu.dll
2009-07-29 13:16:48 90112 ----a-w- c:\windows\system32\wshext.dll
2009-07-29 13:16:48 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-07-29 13:16:48 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-07-29 13:16:48 155648 ----a-w- c:\windows\system32\wscript.exe
2009-07-29 13:16:48 135168 ----a-w- c:\windows\system32\wshom.ocx
2009-07-29 13:16:48 135168 ----a-w- c:\windows\system32\cscript.exe
2009-07-29 13:16:46 245248 ----a-w- c:\windows\system32\mswsock.dll
2009-07-29 13:12:56 4096 ----a-w- c:\windows\system32\wmvdmod.dll
2008-11-09 16:50:52 213528 ----a-w- c:\windows\system32\wuaucpl.cpl
2008-04-14 06:30:00 997376 ----a-w- c:\windows\system32\msgina.dll
2008-04-13 17:12:44 129536 ----a-w- c:\windows\system32\ksproxy.ax
2008-04-13 17:12:10 74240 ----a-w- c:\windows\system32\usbui.dll
2008-04-13 17:12:08 74752 ----a-w- c:\windows\system32\storprop.dll
2008-04-13 17:12:06 397056 ----a-w- c:\windows\system32\s3gnb.dll
2008-04-13 17:11:58 4096 ----a-w- c:\windows\system32\ksuser.dll
2007-06-30 20:22:46 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2006-11-01 23:51:54 319456 ----a-w- c:\windows\system32\difxapi.dll
2006-10-27 08:56:56 69632 ----a-w- c:\windows\system32\vuins32.dll
2002-01-01 01:38:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2001-12-31 20:00:30 103140 ----a-w- C:\btkjih.pif

============= FINISH: 0:43:09.71 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/31/2001 10:04:08 PM
System Uptime: 1/1/2002 12:35:32 AM (0 hours ago)

Motherboard: | | KM266-8235
Processor: AMD Athlon(tm) XP 2000+ | Socket A | 1665/133mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 15 GiB total, 9.439 GiB free.
D: is FIXED (FAT32) - 23 GiB total, 2.543 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_74\3&61AAA01&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_74\3&61AAA01&0&90
Service: FET5X86V

Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&371082C9&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&371082C9&0&0
Service: flpydisk

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
CCleaner
Dev-C++ 5 beta 9 release (4.9.9.2)
HiJackThis
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft .NET Framework 4 Client Profile
Microsoft Office Professional Edition 2003
NetBeans IDE 6.9.1
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB973346)
Update for Windows XP (KB967715)
VIA Audio Driver Setup Program
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
WinRAR 4.00 beta 2 (32-bit)

==== Event Viewer Messages From Past Week ========

12/6/2010 12:28:51 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -95868 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
12/6/2010 10:14:53 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000D876B1DEA. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
12/31/2001 10:28:49 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281701325 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
12/31/2001 10:13:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
12/31/2001 10:13:27 PM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/31/2001 10:04:23 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
12/14/2010 9:10:50 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Advanced System Optimizer 3\mfc90u.dll. Reference error message: The operation completed successfully. .
12/14/2010 9:10:50 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Advanced System Optimizer 3\Microsoft.VC90.MFCLOC.MANIFEST" on line 4.
12/14/2010 9:10:50 AM, error: SideBySide [34] - Component identity found in manifest does not match the identity of the component requested
12/10/2010 7:16:25 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +73512 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
1/1/2002 5:40:24 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
1/1/2002 5:33:09 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
1/1/2002 12:21:50 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
1/1/2002 12:17:46 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281852019 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
1/1/2002 12:16:59 AM, error: SRService [104] - The System Restore initialization process failed.
1/1/2002 12:16:59 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
1/1/2002 12:16:36 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281905804 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
1/1/2002 12:16:14 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281970888 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
1/1/2002 12:16:14 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281888319 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
1/1/2002 12:16:13 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281721485 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
1/1/2002 12:16:12 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281940971 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
1/1/2002 12:16:09 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282576000 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
1/1/2002 12:16:08 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282030846 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
1/1/2002 12:16:05 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282061186 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
1/1/2002 12:08:43 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281910367 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
1/1/2002 12:02:12 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282042472 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
1/1/2002 12:01:46 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282487438 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
1/1/2002 12:01:38 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/1/2002 12:01:33 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281991159 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
1/1/2002 12:01:31 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282070822 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
1/1/2002 12:01:30 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +281726194 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
1/1/2002 12:01:27 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282117091 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.197.32:123) is working properly.
1/1/2002 12:01:22 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282255933 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.
1/1/2002 12:01:21 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +282204866 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|112.200.84.86:123->207.46.232.182:123) is working properly.

==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[r0b0tic]

i posted the logs you requested sir... im waiting for your reply i really need some help

 

[Broni]

Never edit your previous reply just to post logs.
Editing doesn't trigger email notification, so I'm not aware you did something.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

I'm afraid I have very bad news.

You are infected with a polymorphic file infector (Sality). This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
*.exe
*.scr
*.htm
*.html
*.xml
*.zip
*.rar
*.doc
*.jpg
*.pdf

Backup all your documents and important items only.
DO NOT backup any files mentioned above.

I suggest you do the following immediately:

* Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
* From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
* DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

To find out more information about how you may have got infected in the first place, you can read this article.

I am sorry I cannot give any better news.

 

[r0b0tic]

thanks for giving some information about the virus... i did that before the complete reformat and reinstall but it comes back again and again... no hope on getting rid of this

 

[Broni]

Perhaps, you saved some infected files and moved them back, or you simply got reinfected.
Formatting will remove any kind of infection.