jhess56

Members
  • Content count

    23
  • Joined

  • Last visited

About jhess56

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. I didn't see anything come up when searching for 'fbi moneypack' so dunno if this was covered already. I do not know how to get infected files of this stuff to submit so hopefully this is still a useful post in the right forum. I woke up today with my screenlocked, showing this 'fbi warning' that my computer was locked for downloading illegal mp3 or some nonesense. I have to go get a moneypack for $200 and submit the info within 48hrs to get my comp unlocked etc Could not open task manager to kill the process, had to turn on another laptop to access the net and see how to start win7 (which is new to me) in safemode, which is where I'm at now. I am on the infected comp in safemode now, and running full scan of mwb and micro sec. essent. and going over other websites talking about manual removal of all the nasty crap involved with this thing. My main question and reason for posting here is...why/how did this slip past my real time pro/paid version of mwv and micro sec. essent.? Is this something that can be added to mwb to prevent reinfection? If anyone has any specific tips on this thing I would appreciate it too, or a link to an existing thread on here that I was unable to find via search function. Thanks
  2. yes i was not going to start a fresh thread for help here, i was more posting to try and get this horrible dubrute thing added to mwb..im sick of dealing with this thing and having to restore backups or lose files etc. especially while having paid programs running i appreciate your time and advice, dont mean to be bitchy, just real aggravated that there are people out there that purposeful do this to their fellow man
  3. other than emailing support as a paid customer of mwb pro....would i have a better chance of someone helping me recover the files that got moved/deleted by signing up and having someone help me via the premium monthly services option?
  4. When trying to reverse engineer how this is happening to better protect myself I found this link explaining what people are doing...scraping for ip addies being used by vps and then using dubrute to crack the password http://raditya-w.blogspot.com/2011/12/tuthow-to-hack-rdpstools.html Free speech at its finest there I guess, bunch of scumbags. Is there anything mwb or anything else you are aware of protect against the first ip scanner software? If not can the dubrute stuff be blocked effectively? It looks like perhaps they get the ip and crack the password and then go in manually and leave a virus or start messing around themselves.
  5. Thanks for a speedy response and the advice. I will read it more thouroughly tomorrow after I get some sleep as it is very late here. With respect, this is the same thing that got thru before despite having mwb paid pro real time activated and running. The guy from mwb paid support that helped me last time did help me get it cleaned out but unable to recover the 'deleted' files...and he did the cleaning by telling me to use doc web which found the dubture where mwb did not. I dunno if it wasnt cleaned totally the first time or if it just hit me again separately Very discouraging as I thought I had all my stuff tightened up since then
  6. I saw the other forums for reporting new threats...but I am unsure what I am supposed to do really. I read we are supposed to check it against virustotal or other similar sites and upload it and a report zipped. But how do I get these bad files to do so in the first place? The only time I seem able to see them is when I have them quarantined after mwb or mse or another program finds them for fixing. Last night I got hit again with a password changing pos...managed to get back in via another user acct (this is on a vps) and run malwarebytes on the whole drive..it didnt find anything, neither did mse. Doc web did though and it was the same horrid crap that hit me a few weeks ago and caused me a lot of problems. dubrute.exe why is this still slipping thru? I have mwb paid pro active real time version going along with micro sec essentials I dont know if it is starting on my desktop and then hacking into my vps pass via the remote access login section or if it is originating on my vps itself somehow and changing the password on me and messing stuff up from there. Do I need to get an active mwb and mse going on each user acct on my vps? What else can I add? Can mwb be set to block this dubrute crap? I still dont understand its purpose either...I can at least understand why a virus would make it look like files are deleted so I buy a fake recovery program...but I cant buy something if I am locked out of my accts and dont even see them? Unless this is something that is fishing for sensitive credit card or similar information? If that's the case, why did it delete my files before? I truly hate these wankers that make these awful things and hope someday I somehow meet one in person. Thanks
  7. I was looking closer at this one http://www.bestbuy.com/site/Gateway+-+Desktop+-+10GB+Memory+-+2TB+Hard+Drive/5619219.p;jsessionid=2BBF29506585B79B4439F0C9B4C868C3.bbolsp-app02-53?id=1218674164674&skuId=5619219 Perhaps a dumb question but...when it says 'speakers-none' does that just mean external speakers? Or does that mean there are no default speakers internally in the tower either and it will not give off any audio unless I hook something up? When looking at just towers, I forgot I was needing a good microphone/audio to have skype conversations/screen video recordings and a good webcam. I guess I'll just hook up my separate webcam and buy a good micro to use...and hook up external speakers if need be.
  8. I had a virus hit my vps that kept changing my password, preventing me or my vps admin from logging in to do anything. My vps admin switched me to a new vps desktop, and added my old vps desktop as drive E so I could try and access my files at least. I could technically access the old E:user/admin/desktop from my new desktop but the virus had deleted/hid virtually all of my old desktop files Someone from mwb support kindly guided me thru the process of getting rid of the nasty stuff from that drive (dubrute and some other crap, pretty nasty). Since the virus was no longer active and therefor could not change my passwords and lock me out anymore, my vps admin put me back directly onto my old vps desktop. I thought all would be well and I could try and run unhide.exe and get my stuff back or find a system restore point and do it that way. My problem is that he seems unable to get me directly logged in as the original user/profile 'admin' where all my desktop stuff is, and from what I was told, where I need to directly run unhide.exe for it to have any chance for effect. I was setup with multiple user names to get access including a new 'Administrator' but my vps admin is unable to help me further to connect to the original 'admin' I hope that makes sense as I find it very confusing myself, yet I've done the best I could to post what I'm dealing with in hopes of getting my files back. Any ideas or if you need further clarification just let me know. Thanks
  9. Thanks, I wasnt planning on using their geek squad for anything at all...I've had family members interact with them in the recent past with results telling me they are a bunch of idiots. It doesnt make a difference on where I purchase the machine though right? If so what's a good physical shop to grab one from as I would like to go out and pick one up asap vs wait for something to ship and risk having it damaged in transit.
  10. cool , so is this an example what your talking about? http://www.bestbuy.com/site/Asus+-+Essentio+Desktop+-+8GB+Memory+-+1TB+Hard+Drive/5555478.p?id=1218658995316&skuId=5555478 Specifically "Get brilliant performance from the Intel® Core™ i7 processor with four multithreaded cores." Is one brand better than the others or are they all pretty much being manufactured in the same few places making it moot?
  11. I'm getting a new computer and am amazed at how much more powerful they are for the price compared to when I bought my last one (probably 6-7 years yikes!) I currently have a compaq laptop with 384mb ram (haha) with mobile amd sempron 3300+ 1.99Ghz and it is very slow and lags a lot, got it on some blow out sale for like 400 bucks or so... Now I am seeing desktop towers (I have a huge sweet screen, wireless mouse and keyboard already so all I need is the main tower) for 5-700+ bucks with 10GB ram and 1-2 TB hard drive and about had a heart attack that is so amazingly great! What I am hung up on though is what kind of brand/processor should I be looking for to get the best performance and fastest speed. I run my business via othe internet and use a lot of resource intensive software, so I am embarassed I have waited this long to get a new computer. I need something with a lot of balls so I don't get lagged down anymore. I'm looking for max performance speed for navigating the net and running various softwares...I do not care about video graphics for gaming or anything like that. I would sacrifice that sort of stuff for increased speed for what I do...if that's even relevant. Though I do admit it would be nice to get better picture and smoother play for watching netflix movies....that is far secondary as I can always watch that on my TV, so I do not want to sacrifice my main needs for that in any way. Thanks for any advice.
  12. I remote access a vps to do a lot of work on. Yesterday I tried connecting as usual and it said my password wasnt right. I contacted the vps admin and he said there was a virus changing the password. He reset the password a couple times but whatever hit me kept changing it to fast to do anything. So he set me up on a new drive C using the same ip, and added my old desktop as drive E so that I could get my files (at least thats generally how I understood it) Anyways, I can login to the new setup just fine, yet when I navigate to E:user/admin/desktop to retrieve my files off the other drive the only thing I can find is one folder and inside that folder there are only a couple of random files. I'm missing 5 or so other main folders and 99.9% of the actual files from the one folder that actually shows. I have tried running unhide.exe and nothing changed. I don't know what else to do or where to look for my files... I ran microsoft security essentials on drive E and it found something it deemed 'high risk' so it quarantined it and deleted it. MWB found nothing which I thought was strange. I think there is one or more bad guys still on that drive..the day before this happened I saw something called dubrute.exe in my task manager running. I hoped that nights full anti v scan would take care of it but apparently not. I attached the two requested files, though not sure if they provide what is needed due to the switching of the vps drives. I'm not sure how to get the reports made for drive E? So to recap...I guess drive E is safe from infecting me since its not on the live server I dont know. I really need to find and get those missing old desktop files. I backup regularly to an external hd but had some important changes made just recently that were not saved yet. I cannot access a folder that I think some good data is on E:/documentsandsettings i get access denied, dunno if that is relevant or not Thanks for any help and advice Attach.txt DDS.txt
  13. I remote access a vps to do a lot of work on. Yesterday I tried connecting as usual and it said my password wasnt right. I contacted the vps admin and he said there was a virus changing the password. He reset the password a couple times but whatever hit me kept changing it to fast to do anything. So he set me up on a new drive C using the same ip, and added my old desktop as drive E so that I could get my files (at least thats generally how I understood it) Anyways, I can login to the new setup just fine, yet when I navigate to E:user/admin/desktop to retrieve my files off the other drive the only thing I can find is one folder and inside that folder there are only a couple of random files. I'm missing 5 or so other main folders and 99.9% of the actual files from the one folder that actually shows. I have tried running unhide.exe and nothing changed. I don't know what else to do or where to look for my files... I ran microsoft security essentials on drive E and it found something it deemed 'high risk' so it quarantined it and deleted it. MWB found nothing which I thought was strange. I think there is one or more bad guys still on that drive..the day before this happened I saw something called dubrute.exe in my task manager running. I hoped that nights full anti v scan would take care of it but apparently not. I attached the two requested files, though not sure if they provide what is needed due to the switching of the vps drives. I'm not sure how to get the reports made for drive E? So to recap...I guess drive E is safe from infecting me since its not on the live server I dont know. I really need to find and get those missing old desktop files. I backup regularly to an external hd but had some important changes made just recently that were not saved yet. Thanks for any help and advice sorry for the double post, plz delete this one. i could not figure out how to edit a post after i realized i attached a wrong file. didnt want to just make a reply so it wouldnt look like someone was already helping me..sorry and thanks Attach.txt dds.zip
  14. This pretty much disabled one of my laptops. The typical symptoms I'm reading about around the net...black screen with no desktop icons,etc etc Here are my logs DDS Txt . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Chica at 10:31:53 on 2011-09-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.2131 [GMT -4:00] . . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\locator.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Sony\VAIO Smart Network\VSNService.exe C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Care\VCSpt.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Apoint\Apvfb.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\system32\conhost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Sony\VAIO Care\VCPerfService.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Program Files\Sony\VAIO Update 5\VUAgent.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [d3dEventdrm] rundll32.exe "C:\Users\Chica\AppData\Local\mfcMapARM\d3dEventdrm.dll",isanetlib CatDBobjmon2 uRun: [labedt32] rundll32 "C:\Users\Chica\AppData\Local\Temp\makeHost.dll",CreateProcessNotify uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe -update activex mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{57A09F4D-5472-450A-88FA-CD092971DA04} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{57A09F4D-5472-450A-88FA-CD092971DA04}\36A616D656E647 : DhcpNameServer = 68.87.74.166 68.87.68.166 TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DhcpNameServer = 10.100.26.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun-x64: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Chica\AppData\Roaming\Mozilla\Firefox\Profiles\on3htua1.default\ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . ---- FIREFOX POLICIES ---- user_pref(security.warn_viewing_mixed,false); user_pref(security.warn_viewing_mixed.show_once,false); FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false user_pref(security.warn_submit_insecure,false); FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: network.http.accept-encoding - . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336] R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-3-14 47616] R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?] R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?] R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?] R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-27 136176] S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-27 136176] . =============== Created Last 30 ================ . 2011-09-24 14:25:20 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-09-16 17:10:32 5632 --sha-w- C:\Users\Chica\wevtapi.dll 2011-09-16 17:10:32 257024 ---ha-w- C:\Users\Chica\taskmgr.exe 2011-09-16 07:17:38 -------- d--h--w- C:\Users\Chica\AppData\Local\{357B2495-E0A8-4BB4-94BB-3D4B385BBD53} 2011-09-16 07:17:20 -------- d--h--w- C:\Users\Chica\AppData\Local\{715E0206-789A-4E85-AFC7-51B08B04FDBA} 2011-09-15 21:48:51 -------- d-----w- C:\Windows\System32\wbem\repository 2011-09-07 21:09:45 -------- d-----w- C:\Windows\System32\SPReview 2011-09-02 14:15:15 -------- d--h--r- C:\Sandbox 2011-09-02 05:17:07 -------- d--h--w- C:\Users\Chica\AppData\Roaming\Remote 2011-09-02 05:17:06 146 ---ha-w- C:\Users\Chica\AppData\Roaming\mesmfpwk.bat 2011-09-02 04:26:10 -------- d--h--w- C:\Users\Chica\AppData\Local\mfcMapARM 2011-09-01 20:42:45 -------- d--h--w- C:\Users\Chica\AppData\Local\{2D95E30E-99F2-4D72-88D1-D2EACBAD3F63} 2011-08-28 17:44:39 -------- d--h--w- C:\Users\Chica\AppData\Local\{61067345-1507-4A7B-BC59-9B968CCFF4E1} 2011-08-28 17:44:28 -------- d--h--w- C:\Users\Chica\AppData\Local\{1F606B6F-2FAF-4706-B023-E3D98CE12AA7} 2011-08-28 00:55:37 -------- d--h--w- C:\Users\Chica\AppData\Local\{5A3BF8C4-DE1B-4B85-9993-5598E30D2863} 2011-08-28 00:55:25 -------- d--h--w- C:\Users\Chica\AppData\Local\{9AFD0925-479F-42B7-9BF1-DE983662A510} 2011-08-26 02:20:23 -------- d--h--w- C:\Users\Chica\AppData\Local\{30AC366B-3547-43EF-B87E-A091685A3DB9} 2011-08-26 02:20:12 -------- d--h--w- C:\Users\Chica\AppData\Local\{3EF64192-56CF-4237-AE14-95B39E568E46} . ==================== Find3M ==================== . 2011-09-07 21:18:10 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-09-07 21:18:10 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-09-01 21:43:26 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-08-05 17:28:39 188544 ----a-w- C:\Windows\Submitter Uninstaller.exe 2011-08-01 19:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys 2011-08-01 19:59:06 23960 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys 2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys . ============= FINISH: 10:33:03.71 =============== Malwarebytes Log - I was very surprised when it didn't find this and fix it Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7789 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 9/24/2011 10:30:44 AM mbam-log-2011-09-24 (10-30-44).txt Scan type: Quick scan Objects scanned: 206907 Time elapsed: 5 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The ark and attach files, I tried to zip them to attach them to this post per the sticky post instructions but this thing apparently has disabled my zip function somehow. I can upload them as plain text via posting the info if needed. Thanks for any help.
  15. ps.would any of this be causing my current problem of exe files not running right? i double click on what i know is a valid program i got from an associate(who wouldnt, at least knowingly, have any sort of mal/virus in it) and all i get is 'this program is not a valid win32 application' ???