Weird Virus, Please Help, Im Desprate

THE MOST OBVIOUS SYMPTOM~~~~~~~~~~~~~~~~

As u know, some virus's name are those common stuff in TASK MANAGER, like,

svchost, right? to trick u? last time the bs's anti hack was called

taskmgr!!!

cuz they don wan us to notice it in task manager (alt+ctrl+del)

BUT!!!
u can see it obviously using microsoft anti spyware's RUNNING PROCESSES
it tells u IN DETAIL,
-process icon
-process location
-process file version
-process company
-process publisher
-and some details abt the process

and if its a KNOWN process like WINLOGON.exe, it tells u!!!

NOW,
I HAVE 3 FAKE FILES

winlogon.exe
lsass.exe
services.exe

IF U DONT UNDERSTAND...
i have two winlogon.exe, two lsass.exe, and two services.exe RUNNING IN MY

TASK MANAGER

its also in my startup, when i block it (using anti spy) it will 'revive'

again

even if i clear it using ad-aware, it also 'revives'

since ad-aware tells the file position in windows registry, i tried going

into windows registry to clear it myself!!!
i've did it on some spyware i kena last time and it worked

not now....

whenever i open regedit.exe from C:\Windows
OR
type regedit at start menu>run

it says:::

WINDOWS REGISTRY HAS BEEN DISABLED BY YOUR ADMINISTRATOR!

***??? I AM THE ADMINISTRATOR!!!!!!!!

i've used anti virus scanners
norton anti virus cannot detect
yahoo anti spy cannot detect
microsoft anti spyware also cannot detect
dont ask me to get windows defender cuz im on SP1

ad aware FOUND SOMETHING~~~~~~~~~~~~~~~~~~~~~~
ad aware detected 3 stuff

one MALWARE
two VULNERABILITY (*** is this)


===================================

if you are saying that i disabled my own FOLDER OPTIONS from gpedit.msc
think again
look at this image, my screen shot
http://upload4.postimage.org/online_gaming/blueserver/494579/gaming.html
(the link looks like lots of games, the fact is, i posted the pic at a

gaming forum too, so i dont have to repost another screen...)
if u notice, my MY COMPUTER got a weird foler with no name and is

UN-clickable

thats NOKIA PC SUITE
something went wrong with the nokia update and the software messed up
un-install does not clear stuff properly
so i went into the installed folder and clear it MYSELF (pressing DEL)
and went to registry to clear the NOKIA software

so i think thats nothing to worry about (stupid nokia!)

===========================================


IF IT CLEARS DA VIRUS, IM GONNA THANK EVERYONE HERE AND HANDSOMELY REWARD

U GUYS!!!
(dont ask whats the price until my virus is cleared!)

 

OK, welcome to WindowsBBS forums.

Lets try and get a couple of scans and see if we can't narrow this down.

There are more than one nasty out there that will disable your task manager among other things.

TrendMicroâ„¢ HouseCall Java Scan

• Please go HERE to run the Trend Microâ„¢ HouseCall Scan.
• Click Scan now. It's free!
• Read and put a Check next to Yes I accept the terms of use.
• Click the Launching HouseCall>> button.
• If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
• You may receive a Security Warning about the TrendMicro Java applet, click YES.
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
• Please be patient while it installs, updates, and scans your system.
• Once the scan is complete, it will take you to the summary page.
• Under Cleanup options, choose clean all detected infections automatically.
• Click the Clean now>> button.
• If anything was found you may be prompted to run the scan again, you can just close the browser window.

Then lets run Ewido.

First download Ewido Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
6. Under "Reports "
   • Select "Automatically generate report after every scan "
   • Un-Select "Only if threats were found "

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
4. ewido will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
5. If you have any infections you will prompted, then select "Apply all actions "
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
8. Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

BTW if you're running AdAwares Adwatch, we need to disable it first along with any other registry monitoring tools you may have. they will hinder any removal processes.

Once the two above scans are done, please post a HijackThis! log file for us to review.

HiJackThis v:1.99.1zip.
DL the zip file to your desktop, then create a new folder on your C drive, called 'HJT' or 'HijackThis'. Then unzip the files to the new folder. When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.
Run the program, and press Scan. You will notice the Scan button will turn into a "Save Log" button. Save the log and Post that log onto this topic. DO NOT DELETE or modify anything yet, as some of it is needed to keep your system in proper working order.

 

thanks, im trying

when HOuseCall is scanning (i think)
then my IE lags
and freeze