Solved gpedit.msc failing on me.

qaisjp

New member
Local time
10:13 AM
Messages
19
Location
Bradford, England
I think I have been attacked by some kind of malware, which is very clever.

1) Registry editing has been disabled by your admin
2) Task manager has been disabled by your admin

I am the real person who uses my computer, I am the admin and the only 'virtual user' I have is the hidden vmware user.

I have run Malwarebytes FULL scan twice and deleted 11 infected items, Task manager works! Yay, I restart, task manager is disabled, alongside regedit.

I use gpedit.msc and set the CTRL+ALT+DLT values to DISABLED.

In run I type gpupdate /force Taskmanager is enabled for 3 seconds, regedit stays disabled.

I just ran a quick scan now and got the following details that FULL SCAN didn't get:

Code:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5285

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/12/2010 7:09:19 pm
mbam-log-2010-12-11 (19-09-19).txt

Scan type: Quick scan
Objects scanned: 144707
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I have just deleted it now...

regedit and taskmanager is still disabled upon reboot.

Help me please!
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bitDuo T21301024MBATi Radeon Xpress 1100
Computer Manufacturer/Model Number
ASUS (X6 i think)
OS
Windows 7 Ultimate 32bit
CPU
Duo T2130
Memory
1024MB
Graphics Card(s)
ATi Radeon Xpress 1100
Monitor(s) Displays
1 - Generic PnP Monitor
Hard Drives
160 GB inbuilt HD.
149 GB External HD (Transcend StoreJet)

74.5 GB External HD: 3 partitions - WBFS, ntfs and fat32
Case
An Orange One!
I'm not sure exactly what you are enabling in gpedit. Try doing it this way.

Click Start, Run.Type GPEDIT.MSC and Press Enter. Go to the following location

User Configuration- Administrative Templates- System

In the Settings Window, find the option "Prevent Access to Registry Editing Tools" and double-click on it to change. Select Disabled or Not Configured and choose OK. Close gpeditor and restart your computer.Try opening REGEDIT again.
 

My Computer My Computer

At a glance

Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86
Computer Manufacturer/Model Number
Too many to describe...
OS
Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86
Bill2, I did exactly what you said.
On reboot the settings were the same (in gpedit) but still taskmanager and regedit is disabled
Then i did gpupdate /force
Taskmanager was temporarily enabled, and regedit remained disabled... :/
After another test I got this:
Code:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5285

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/12/2010 7:47:50 pm
mbam-log-2010-12-11 (19-47-50).txt

Scan type: Quick scan
Objects scanned: 144974
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\piffv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bitDuo T21301024MBATi Radeon Xpress 1100
Computer Manufacturer/Model Number
ASUS (X6 i think)
OS
Windows 7 Ultimate 32bit
CPU
Duo T2130
Memory
1024MB
Graphics Card(s)
ATi Radeon Xpress 1100
Monitor(s) Displays
1 - Generic PnP Monitor
Hard Drives
160 GB inbuilt HD.
149 GB External HD (Transcend StoreJet)

74.5 GB External HD: 3 partitions - WBFS, ntfs and fat32
Case
An Orange One!
If malwarebytes says it has cleaned the infections and on reboot, the same infections are detected all over again, you have a problem. While one could try scanning with multiple security software, I would not be very optimistic. I'll refer this to Jacee but I've seen this before and reinstalling was the only way out.
 

My Computer My Computer

At a glance

Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86
Computer Manufacturer/Model Number
Too many to describe...
OS
Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86
Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
Include the contents of both logs in your new topic.
The scan will instruct you to post Attach.txt as an attachment.
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
*

Here it is, tell me if I still need to copy attach:
DDS.tt

Code:
DDS (Ver_10-12-05.01) - NTFSx86  
Run by Qais at 23:10:13.08 on Sat 11/12/2010
Internet Explorer: 8.0.7600.16385

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Abyss Web Server\abyssws.exe
C:\Abyss Web Server\abyssws.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Dokan\DokanLibrary\mounter.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
D:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
D:\Program Files\Xfire\Xfire.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\vmnetdhcp.exe
D:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\TEMP\winbtgx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\TEMP\w2785db.exe
C:\Windows\System32\osk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\Users\Qais\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\Qais\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\Qais\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\Qais\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\Qais\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\Qais\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\Qais\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\Qais\AppData\Local\RockMelt\Application\rockmelt.exe
C:\Users\Qais\AppData\Local\RockMelt\Application\rockmelt.exe
D:\Program Files\MTA San Andreas\Multi Theft Auto.exe
D:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe
C:\Users\Qais\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k WerSvcGroup

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - d:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [VMware hqtray] "d:\program files\vmware\vmware player\hqtray.exe"
mRun: [LogMeIn Hamachi Ui] "d:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download all with Free Download Manager - file://d:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: d:\program files\vmware\vmware player\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
Hosts: 127.0.0.1	www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? cpuz134;cpuz134
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? netr73;RT73 USB Wireless LAN Card Driver for Vista
R? osppsvc;Office Software Protection Platform
S? AbyssWebServer;Abyss Web Server
S? Akamai;Akamai NetSession Interface
S? Dokan;Dokan
S? DokanMounter;DokanMounter
S? fssfltr;fssfltr
S? fsssvc;Windows Live Family Safety Service
S? Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine
S? mv2;mv2
S? TuneUp.UtilitiesSvc;TuneUp Utilities Service
S? TuneUpUtilitiesDrv;TuneUpUtilitiesDrv
S? uvnc_service;uvnc_service
S? VMUSBArbService;VMware USB Arbitration Service
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service

=============== Created Last 30 ================

2010-12-11 15:17:49	103140	----a-w-	C:\piffv.exe
2010-12-10 15:23:35	26176	---ha-w-	c:\windows\system32\hamachi.sys
2010-12-10 11:20:34	--------	d-----w-	c:\users\qais\appdata\roaming\Malwarebytes
2010-12-10 11:20:10	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-10 11:20:09	--------	d-----w-	c:\progra~2\Malwarebytes
2010-12-10 11:20:04	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-10 11:20:04	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-12-08 14:38:26	737280	----a-w-	c:\windows\iun6002.exe
2010-12-08 09:49:17	--------	d-----w-	c:\program files\EA GAMES
2010-12-08 09:49:13	445504	----a-r-	c:\windows\system32\vp6vfw.dll
2010-12-07 12:31:57	--------	d-----w-	C:\The Sims 2
2010-12-01 11:05:05	--------	d-----w-	c:\users\qais\appdata\local\RockMelt
2010-11-30 14:09:04	--------	d-----w-	C:\Abyss Web Server
2010-11-27 12:52:14	--------	d-----w-	C:\ERDNT
2010-11-27 12:52:13	--------	d-----w-	c:\windows\ERUNT
2010-11-27 12:51:53	--------	d-----w-	C:\!FixIEDef
2010-11-27 08:59:49	--------	d-----w-	c:\program files\Rockstar Games
2010-11-22 14:28:39	--------	d-----w-	c:\program files\common files\Steam
2010-11-22 13:25:02	--------	d-----w-	c:\progra~2\IObit
2010-11-15 08:06:48	90624	----a-w-	c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
2010-11-14 12:21:47	--------	d-----w-	c:\program files\common files\Symantec Shared
2010-11-14 12:06:45	--------	d-----w-	c:\progra~2\Symantec
2010-11-14 12:06:45	--------	d-----w-	c:\progra~2\Norton
2010-11-14 12:06:40	--------	d-----w-	c:\progra~2\NortonInstaller
2010-11-13 16:12:40	--------	d-----w-	c:\windows\USB Vibration
2010-11-13 16:11:56	634880	----a-w-	c:\program files\common files\installshield\professional\runtime\0700\intel32\iKernel.dll
2010-11-13 16:11:56	57344	----a-w-	c:\program files\common files\installshield\professional\runtime\0700\intel32\ctor.dll
2010-11-13 16:11:56	5632	----a-w-	c:\program files\common files\installshield\professional\runtime\0700\intel32\DotNetInstaller.exe
2010-11-13 16:11:56	32768	----a-w-	c:\program files\common files\installshield\professional\runtime\Objectps.dll
2010-11-13 16:11:56	237568	----a-w-	c:\program files\common files\installshield\professional\runtime\0700\intel32\iscript.dll
2010-11-13 16:11:56	151552	----a-w-	c:\program files\common files\installshield\professional\runtime\0700\intel32\iuser.dll
2010-11-13 16:11:55	159876	----a-w-	c:\program files\common files\installshield\professional\runtime\0700\intel32\IGdi.dll
2010-11-13 16:11:54	270468	----a-w-	c:\program files\common files\installshield\professional\runtime\0700\intel32\Setup.dll
2010-11-13 16:11:51	--------	d-----w-	c:\program files\USB Vibration
2010-11-12 17:37:08	--------	d-----w-	c:\users\qais\appdata\roaming\GetRightToGo

==================== Find3M  ====================

2010-11-20 20:04:42	5642	--sha-w-	c:\progra~2\KGyGaAvL.sys
2010-09-22 19:17:28	49016	----a-w-	c:\windows\system32\sirenacm.dll
2010-09-22 19:02:56	301936	----a-w-	c:\windows\WLXPGSS.SCR
2010-09-21 08:33:14	208768	----a-w-	c:\windows\system32\LIVESSP.DLL
2010-09-20 21:11:56	760368	----a-w-	c:\windows\system32\vnetlib.dll
2010-09-20 21:11:38	334384	----a-w-	c:\windows\system32\vmnetdhcp.exe
2010-09-20 21:11:34	404016	----a-w-	c:\windows\system32\vmnat.exe
2010-09-20 19:45:54	252464	----a-w-	c:\windows\system32\vmnc.dll
2010-09-20 17:48:14	59952	----a-w-	c:\windows\system32\vnetinst.dll
2010-09-20 17:48:14	51248	----a-w-	c:\windows\system32\vmnetbridge.dll
2010-09-14 23:20:37	472808	----a-w-	c:\windows\system32\deployJava1.dll

============= FINISH: 23:18:11.31 ===============

Why does it say I must not post attach.txt?
I am aware piffv.exe is a virus...it appeared on the fifth malwarebytes quick scan, and is still there apparently
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bitDuo T21301024MBATi Radeon Xpress 1100
Computer Manufacturer/Model Number
ASUS (X6 i think)
OS
Windows 7 Ultimate 32bit
CPU
Duo T2130
Memory
1024MB
Graphics Card(s)
ATi Radeon Xpress 1100
Monitor(s) Displays
1 - Generic PnP Monitor
Hard Drives
160 GB inbuilt HD.
149 GB External HD (Transcend StoreJet)

74.5 GB External HD: 3 partitions - WBFS, ntfs and fat32
Case
An Orange One!
Tell me about this item rockmelt.exe
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio

My Computer My Computer

At a glance

Windows7 Pro 64bit SP-1; Windows XP Pro 32bitIntel Core i7-870 Lynnfield 2.93GHz LGA 1156 ...8GB@1400MHz Crucial Ballistix DDR3-1600 4x2GBASUS ENGTX460 DirectCU/2DI/1GD5 1GB 256-bit G...
Computer Manufacturer/Model Number
Hopalong/ Godzilla
OS
Windows7 Pro 64bit SP-1; Windows XP Pro 32bit
CPU
Intel Core i7-870 Lynnfield 2.93GHz LGA 1156 95W Quad-Core
Motherboard
ASUS P7P55D-E PRO
Memory
8GB@1400MHz Crucial Ballistix DDR3-1600 4x2GB
Graphics Card(s)
ASUS ENGTX460 DirectCU/2DI/1GD5 1GB 256-bit GDDR5
Sound Card
VIA Onboard
Monitor(s) Displays
Asus VS248H-P 24"; Samsung SyncMaster 941BW 19"ws
Screen Resolution
1920x1080; 1440x900
Hard Drives
Samsung 830 120GB SSD
Intel 320 120GB SSD
Western Digital Caviar Black WD7501AALS 750GB 7200 RPM SATA 3.0Gb/s
Western Digital Caviar Black WD6401AALS 640GB 7200 RPM SATA 3.0Gb/s
PSU
COOLER MASTER Silent Pro RS850-AMBAJ3-US 850W Modular
Case
COOLER MASTER HAF 932 RC-932-KKN5-GP Black
Cooling
Scythe "Mugen-2 Rev.B" (2 ScytheKaze-Jyuni PWM fans)
Keyboard
Logitech K-320
Mouse
Kensington
Antivirus
Avast Inernet Suite
Browser
IE 9 ; Chrome
Yes, I see that ... is it still in Beta?

anyway, qaisjp ---> utorrent
I see a few things going on here. First of all Please read this on P2P applications:
US-CERT Cyber Security Tip ST05-007 -- Risks of File-Sharing Technology
Risks of File-Sharing Technology
File-sharing technology is a popular way for users to exchange, or "share," files. However, using this technology makes you susceptible to risks such as infection, attack, or exposure of personal information.

Do you have someone, or are you accessing someone else's machine?

Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!

Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Next, I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
    esetListThreats.png
  11. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the
    esetBack.png
    button.
  13. Push
    esetFinish.png
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Code:
###Added by qaisjp
Infected files: 294
Scanned Files: 128407
Scan duration: 04:39:47
CLEANED files : 293
##/Added by qaisjp







C:\autorun.inf	INF/Autorun.gen trojan	cleaned by deleting (after the next restart) - quarantined
C:\piffv.exe	Win32/Sality.NBA virus	cleaned by deleting - quarantined
C:\Abyss Web Server\abysssc.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Abyss Web Server\uninstall.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\ATI\Support\10-02_legacy_vista32-64_dd_ccc\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\ATI\Support\10-02_legacy_vista32-64_dd_ccc\Bin\ATISetup.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\ATI\Support\10-02_legacy_vista32-64_dd_ccc\Bin\InstallManagerApp.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\ATI\Support\10-02_legacy_vista32-64_dd_ccc\Bin\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\ATI\Support\10-11_vista32_win7_32_dd_ccc_enu\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\ATI\Support\10-11_vista32_win7_32_dd_ccc_enu\Bin\ATISetup.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\ATI\Support\10-11_vista32_win7_32_dd_ccc_enu\Bin\InstallManagerApp.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\ATI\Support\10-11_vista32_win7_32_dd_ccc_enu\Bin\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\ERDNT\FixIEDef\ERDNT.EXE	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Apple Software Update\SoftwareUpdate.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\ATI\CIM\Bin\ATISetup.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\ATI\CIM\Bin\InstallManagerApp.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\ATI\CIM\Bin\SetACL.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\ATI\CIM\Bin\Setup.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\CCleaner\CCleaner.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\LogTransport2.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\Akamai\AdminTool.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\Akamai\rswinui.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\Akamai\uninstall.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\Java\Java Update\jucheck.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\Java\Java Update\jusched.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\logishrd\WUApp32.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\vs7jit.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\PX Storage Engine\drvins64.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\PX Storage Engine\pxhpinst.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\Steam\SteamService.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\Steam\SteamServiceTmp.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Common Files\VMware\USB\vnetlib.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Corel\MLE\MetadataMgr.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\Corel\MLE\MLEMonitor.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\DAEMON Tools Lite\DTLite.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\DAEMON Tools Lite\DTLiteHlp.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\DAEMON Tools Lite\uninst.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\DivX\DivX Control Panel\DivXControlPanelLauncher.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\DivX\DivX Control Panel\dplreg.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\DivX\DivX Update\DivXUpdate.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Program Files\uTorrent\uTorrent.exe	Win32/Sality.NBA virus	error while cleaning
C:\Users\Qais\AppData\Local\RockMelt\Update\RockMeltUpdate.exe	Win32/Sality.NBA virus	cleaned - quarantined
C:\Users\Qais\AppData\Local\Temp\wintghuta.exe	probably a variant of Win32/Agent.HLU trojan	cleaned by deleting - quarantined
D:\autorun.inf	INF/Autorun.gen trojan	cleaned by deleting (after the next restart) - quarantined
D:\auue.exe	Win32/Sality.NBA virus	cleaned by deleting - quarantined
D:\Fraps 3.2.2 Build 11496 Retail-[HB]\fo-fr322.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\MTA San Andreas\Multi Theft Auto.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\MTA San Andreas\Uninstall.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\MTA San Andreas\server\MTA Server.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Notepad++\nppIExplorerShell.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Notepad++\uninstall.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Notepad++\updater\gpup.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Notepad++\updater\GUP.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Peggle Nights Deluxe\Peggle Nights Deluxe v1.0 Trainer.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Plants vs. Zombies\Plants vs. Zombies\PlantsVsZombies.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Rockstar Games\GTA San Andreas\GTA_SA.EXE	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Rockstar Games\GTA San Andreas\mod\enb\configenv_sa.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Sony\Media Go\CreateMinidumpx86.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Sony\Media Go\ErrorReportClient.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Sony\Media Go\ErrorReportLauncher.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Sony\Media Go\MediaGo.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Sony\Vegas Pro 9.0\ApplicationRegistration.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Sony\Vegas Pro 9.0\CreateMinidumpx86.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Sony\Vegas Pro 9.0\ErrorReportClient.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Sony\Vegas Pro 9.0\ErrorReportLauncher.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Sony\Vegas Pro 9.0\FileIOSurrogate.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Sony\Vegas Pro 9.0\sfvstserver.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Sony\Vegas Pro 9.0\vegas90.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Sony\Vegas Pro 9.0\vidcap60.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Sony\Vegas Pro 9.0\FileIO Plug-Ins\ac3plug\ac3market\ApplicationRegistration.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\TechSmith\Camtasia Studio 7\CamMenuMaker.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\TechSmith\Camtasia Studio 7\CamMenuPlayer.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\TechSmith\Camtasia Studio 7\CamPlay.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\TechSmith\Camtasia Studio 7\Setup_EnSharpen_Decoder.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\TechSmith\Camtasia Studio 7\TSCC.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\TechSmith\Camtasia Studio 7\TscHelp.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\TechSmith\Camtasia Studio 7\TSMSIhlp.EXE	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\farexec-service.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\hqtray.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\mkisofs.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\unzip.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vixDiskMountServer.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vmnat.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\VMnetDHCP.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vmplayer-service.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vmplayer.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vmUpdateLauncher.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vmware-acetool.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vmware-remotemks-debug.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vmware-remotemks.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vmware-ufad.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vmware-unity-helper.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vmware-vmx.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vnetlib.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vnetsniffer.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vnetstats.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vprintproxy.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\OVFTool\ovftool.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\OVFTool\vcredist_x86.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\Resources\bootrun.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\Resources\customize.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\Resources\deployPkg.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\Resources\guestcustutil.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\Resources\StorePwd.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\tools-upgraders\VMwareToolsUpgrader.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\tools-upgraders\VMwareToolsUpgrader9x.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\tools-upgraders\VMwareToolsUpgraderNT.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\VMware\VMware Player\vmware-tools\upgrader.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\WBFS\WBFS Manager 3.0\uninstall.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Xfire\uninst.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Xfire\xfencoder.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Xfire\xfire_exception.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Xvid\AviC.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Xvid\MiniCalc.exe	a variant of Win32/Kryptik.AOH trojan	cleaned by deleting - quarantined
D:\Program Files\Xvid\OGMCalc.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Xvid\StatsReader.exe	Win32/Sality.NBA virus	cleaned - quarantined
D:\Program Files\Xvid\vidccleaner.exe	Win32/Sality.NBA virus	cleaned - quarantined
E:\gpmbs.exe	Win32/Sality.NBA virus	cleaned by deleting - quarantined

After rebooting and Task Manager was still unavailable, i used gpupdate /force and now it's allowed permanently :)

I just tried regedit - It's not allowed again :O

I installed Panda-Cloud-Antivirus and it has neutralized a few more viruses, again, thanks Jacee!
:thumbsup:

Again PandaCloud has found some more viruses, uTorrent has been infected for some reason D:
A few more Sality stuff has been found (and neutralized)

Sality.AK.drp
Sality.AA
Suspicious! ( official trial adobe downloader) (/commonfiles/akamai/admintool.exe)
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Ultimate 32bitDuo T21301024MBATi Radeon Xpress 1100
Computer Manufacturer/Model Number
ASUS (X6 i think)
OS
Windows 7 Ultimate 32bit
CPU
Duo T2130
Memory
1024MB
Graphics Card(s)
ATi Radeon Xpress 1100
Monitor(s) Displays
1 - Generic PnP Monitor
Hard Drives
160 GB inbuilt HD.
149 GB External HD (Transcend StoreJet)

74.5 GB External HD: 3 partitions - WBFS, ntfs and fat32
Case
An Orange One!
Sality is a polymorphic virus that modifies its own code at any new infection trying to avoid antivirus recognition, and spread through networks. It replaces the original code at the entry point with viral code and stores an encrypted copy of the original code in the appended space of the file. Just like Virut and any other file infector, the only way to be truly free from infection is a reformat.
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Back
Top