Jump to content

Recommended Posts

Hi As directed I have followed the directions and run the necessary test. Results posted as directed:

I don't know what's going on with my newly installed windows 7 OS, but I am suspicious I have been hacked. I have run a scan using my ESET security software and it revealed nothing other than a bunch of files Iit was unable to open-error 4, listed in the log file. I'm running a Dell Inspiron 1525, notebook, with Windows 7 Home premium. I had a very difficult time trying to activate my product key and after a couple days it read 2 days until automatic activation.See odd things when I run netstat -a. I'm looking for your expertise to help solve my situation.

Thank You

Malwarebytes' Anti-Malware 1.44

Database version: 3649

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/28/2010 2:16:08 AM

mbam-log-2010-01-28 (02-16-08).txt

Scan type: Quick Scan

Objects scanned: 94565

Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

r_09-12-01.01) - NTFSx86

Run by tom at 2:25:48.52 on Thu 01/28/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.1044 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\OEM02Mon.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\SysInspector.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\mmc.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\tom\Desktop\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\tom\Desktop\dds.pif

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRunOnce: [Malwarebytes' Anti-Malware] c:\users\tom\desktop\malwarebytes' anti-malware\mbamgui.exe /install /silent

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 95896]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CFTM;CFTM;c:\users\tom\appdata\local\temp\CFTM.exe [2010-1-25 560000]

S3 PFORX;PFORX;c:\users\tom\appdata\local\temp\PFORX.exe [2010-1-25 498560]

S3 STPLCLOOJW;STPLCLOOJW;c:\users\tom\appdata\local\temp\STPLCLOOJW.exe [2010-1-25 527232]

S3 YAEOWFD;YAEOWFD;c:\users\tom\appdata\local\temp\YAEOWFD.exe [2010-1-25 535424]

=============== Created Last 30 ================

2010-01-28 09:17:01 0 ----a-w- c:\users\tom\defogger_reenable

2010-01-28 09:10:34 0 d-----w- c:\users\tom\appdata\roaming\Malwarebytes

2010-01-28 09:10:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-28 09:10:27 0 d-----w- c:\programdata\Malwarebytes

2010-01-28 09:10:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-28 05:53:48 0 d-----w- c:\program files\ESET

2010-01-28 01:44:58 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys

2010-01-28 01:44:57 90112 ----a-w- c:\windows\system32\snymsico.dll

2010-01-28 01:44:57 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys

2010-01-28 01:44:57 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys

2010-01-28 01:41:53 0 d-----w- c:\windows\system32\vmm32

2010-01-27 10:15:20 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-01-27 10:13:35 2048 ----a-w- c:\windows\system32\tzres.dll

2010-01-27 00:16:42 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-01-27 00:16:42 2614272 ----a-w- c:\windows\explorer.exe

2010-01-27 00:16:37 34816 ----a-w- c:\windows\system32\msasn1.dll

2010-01-27 00:16:17 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2010-01-27 00:16:17 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2010-01-27 00:16:15 507568 ----a-w- c:\windows\system32\winload.exe

2010-01-27 00:16:14 442920 ----a-w- c:\windows\system32\winresume.exe

2010-01-27 00:16:10 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-01-27 00:15:53 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-01-27 00:15:53 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-01-27 00:15:53 108544 ----a-w- c:\windows\system32\t2embed.dll

2010-01-27 00:15:33 977920 ----a-w- c:\windows\system32\wininet.dll

2010-01-26 01:42:25 0 d-----w- c:\windows\Panther

2010-01-26 01:33:51 0 d--h--w- C:\$WINDOWS.~Q

2010-01-26 01:33:18 0 d--h--w- C:\$INPLACE.~TR

2010-01-26 01:08:23 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI

2010-01-26 01:05:20 0 d-----w- c:\windows\system32\wbem\Performance

2010-01-26 01:01:36 20 --sh--w- c:\users\tom\ntuser.ini

2010-01-26 00:54:17 21316 ----a-w- c:\windows\system32\emptyregdb.dat

2010-01-26 00:30:51 8192 --sha-r- C:\BOOTSECT.BAK

2010-01-26 00:30:49 383562 --sha-r- C:\bootmgr

2010-01-26 00:30:49 0 d-sh--w- C:\Boot

2010-01-26 00:23:45 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-26 00:11:49 1890 ----a-w- c:\windows\diagwrn.xml

2010-01-26 00:11:49 1890 ----a-w- c:\windows\diagerr.xml

2010-01-25 23:54:37 0 d-----w- c:\programdata\ESET

2010-01-25 23:47:44 0 d-----w- c:\programdata\Dell

2010-01-25 23:47:44 0 d-----w- C:\Dell

2010-01-25 23:47:17 0 d-sh--w- c:\windows\Installer

2010-01-25 23:47:15 0 d-----w- c:\programdata\CyberLink

2010-01-25 23:46:53 89088 ----a-w- c:\windows\system32\atl71.dll

2010-01-25 23:46:53 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-01-25 23:46:53 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-01-25 23:46:53 1060864 ----a-w- c:\windows\system32\MFC71.dll

2010-01-25 23:46:53 1047552 ----a-w- c:\windows\system32\MFC71u.dll

2010-01-25 23:46:52 0 d-----w- c:\program files\Dell

2010-01-25 23:44:36 0 d-sh--w- C:\Recovery

==================== Find3M ====================

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 2:26:05.78 ===============

Attach.zip

ark.zip

Link to post
Share on other sites

Hello and welcome to Malwarebytes.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please take a read in this thread on instructions on running the tools and posting the logs for instructions: http://www.malwarebytes.org/forums/index.php?showtopic=9573

In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please note that the forum is very busy and if I don

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.