Jump to content

Request a review


Recommended Posts

My SOHO was recently hacked. I have successfully reconfigured, and changed passwords on everything I can think of internally and externally. I did reuse the HDs in both my laptop and desktop after removing partitions and recreating using a Linux distrib on a jump drive. Requesting a quick look to see if anything out of the ordinary jumps out as reinfection. Thanks! DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16482

Run by loadmin at 21:27:37 on 2013-03-12

Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.1.1033.18.3964.3055 [GMT -7:00]

.

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\uAuQuuvK\GqBjSLXB.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\dwm.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\dashost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskhostex.exe

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16455_none_624a7aa150f57306\TiWorker.exe

C:\Windows\Explorer.EXE

C:\Program Files\uAuQuuvK\GqBjSLXB.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\splwow64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll

TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll

uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect

mRun: [WRSVC] "C:\Program Files\uAuQuuvK\GqBjSLXB.exe" -ul

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{9369A876-E6E7-47E0-9FAC-6213CC920CFD} : DHCPNameServer = 192.168.1.1

SSODL: WebCheck - <orphaned>

x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll

x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll

x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 WRkrn;WRkrn;C:\Windows\System32\Drivers\WRkrn.sys [2013-3-10 111080]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-12 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-12 682344]

R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-9-24 231752]

R2 WRSVC;WRSVC;C:\Program Files\uAuQuuvK\GqBjSLXB.exe [2013-3-10 727456]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-3-12 24176]

R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]

S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]

.

=============== Created Last 30 ================

.

2013-03-13 03:14:02 -------- d-----w- C:\Users\loadmin\AppData\Roaming\Malwarebytes

2013-03-13 03:13:42 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-13 03:13:35 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-13 03:13:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-13 03:13:20 -------- d-----w- C:\Users\loadmin\AppData\Local\Programs

2013-03-13 02:52:14 -------- d-----w- C:\ProgramData\SecTaskMan

2013-03-13 02:51:57 -------- d-----w- C:\Program Files (x86)\Security Task Manager

2013-03-13 01:49:30 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-13 01:49:30 -------- d-----w- C:\Program Files\iPod

2013-03-13 01:49:30 -------- d-----w- C:\Program Files (x86)\iTunes

2013-03-13 01:49:04 -------- d-----w- C:\Users\loadmin\AppData\Local\Apple

2013-03-13 01:48:07 -------- d-----w- C:\Program Files\Bonjour

2013-03-13 01:48:07 -------- d-----w- C:\Program Files (x86)\Bonjour

2013-03-11 04:00:03 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-03-10 23:00:36 -------- d-----w- C:\Users\loadmin\AppData\Local\NETGEARGenie

2013-03-10 23:00:31 369168 ----a-w- C:\Windows\System32\wpcap.dll

2013-03-10 23:00:31 35344 ----a-w- C:\Windows\System32\drivers\npf.sys

2013-03-10 23:00:31 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll

2013-03-10 23:00:31 106000 ----a-w- C:\Windows\System32\packet.dll

2013-03-10 23:00:30 96784 ----a-w- C:\Windows\SysWow64\packet.dll

2013-03-10 23:00:27 -------- d-----w- C:\Program Files (x86)\NETGEAR Genie

2013-03-10 22:31:59 -------- d-----w- C:\Windows\ehome

2013-03-10 22:03:24 8552448 ----a-w- C:\Windows\SysWow64\glcndFilter.dll

2013-03-10 22:02:52 84992 ----a-w- C:\Windows\SysWow64\wbem\PolicMan.dll

2013-03-10 20:56:57 76288 ----a-w- C:\Windows\System32\newdev.exe

2013-03-10 20:56:57 75264 ----a-w- C:\Windows\System32\ndadmin.exe

2013-03-10 20:56:57 74240 ----a-w- C:\Windows\SysWow64\newdev.exe

2013-03-10 20:56:57 73728 ----a-w- C:\Windows\SysWow64\ndadmin.exe

2013-03-10 20:56:57 301568 ----a-w- C:\Windows\System32\newdev.dll

2013-03-10 20:56:57 275968 ----a-w- C:\Windows\SysWow64\newdev.dll

2013-03-10 20:56:56 68608 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-10 20:56:56 446976 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-10 20:46:20 -------- d-----w- C:\Users\loadmin\AppData\Local\ElevatedDiagnostics

2013-03-10 20:23:00 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-03-10 20:22:59 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-03-10 20:18:01 -------- d-----w- C:\Program Files\Synaptics

2013-03-10 20:15:11 405504 ----a-w- C:\Windows\System32\pcasvc.dll

2013-03-10 20:15:11 31232 ----a-w- C:\Windows\System32\pcadm.dll

2013-03-10 20:15:11 13312 ----a-w- C:\Windows\System32\pcalua.exe

2013-03-10 20:15:11 11776 ----a-w- C:\Windows\System32\pcaevts.dll

2013-03-10 20:15:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-03-10 20:15:08 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-03-10 20:13:20 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll

2013-03-10 20:13:18 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll

2013-03-10 20:10:59 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-03-10 20:09:45 96256 ----a-w- C:\Windows\System32\fontsub.dll

2013-03-10 20:09:45 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-10 20:09:45 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll

2013-03-10 20:09:45 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-03-10 20:09:45 362496 ----a-w- C:\Windows\System32\atmfd.dll

2013-03-10 20:09:45 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-03-10 20:09:45 3072 ----a-w- C:\Windows\SysWow64\lpk.dll

2013-03-10 20:09:45 3072 ----a-w- C:\Windows\System32\lpk.dll

2013-03-10 20:09:45 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-03-10 20:09:45 14336 ----a-w- C:\Windows\System32\dciman32.dll

2013-03-10 20:09:45 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-10 20:09:45 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll

2013-03-10 20:08:24 2361344 ----a-w- C:\Windows\System32\msxml6.dll

2013-03-10 20:08:23 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll

2013-03-10 20:08:23 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2013-03-10 20:08:23 2048 ----a-w- C:\Windows\System32\msxml6r.dll

2013-03-10 20:08:23 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2013-03-10 20:08:23 1836032 ----a-w- C:\Windows\System32\msxml3.dll

2013-03-10 20:08:23 1802240 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-03-10 20:08:23 1438720 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-03-10 19:45:40 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe

2013-03-10 19:13:02 -------- d-----w- C:\temp

2013-03-10 17:29:18 150160 ----a-w- C:\Windows\SysWow64\WRusr.dll

2013-03-10 17:29:18 111080 ----a-w- C:\Windows\System32\drivers\WRkrn.sys

2013-03-10 17:29:18 102280 ----a-w- C:\Windows\System32\WRusr.dll

2013-03-10 17:29:15 -------- d-----w- C:\Program Files\uAuQuuvK

2013-03-10 17:26:31 -------- d-----w- C:\Windows\Panther

2013-03-10 17:26:18 -------- d-sh--w- C:\Boot

2013-03-10 17:25:56 -------- d-----w- C:\ProgramData\WRData

.

==================== Find3M ====================

.

2013-02-21 07:29:31 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-21 07:29:30 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-31 03:29:52 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-17 04:04:06 4055552 ----a-w- C:\Windows\System32\win32k.sys

2013-01-16 00:35:49 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-01-16 00:31:26 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-01-16 00:25:17 1437696 ----a-w- C:\Windows\SysWow64\GdiPlus.dll

2013-01-16 00:23:19 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll

2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys

2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2013-01-10 01:29:54 1934056 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe

2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe

2013-01-09 23:26:35 410624 ----a-w- C:\Windows\SysWow64\Windows.Networking.dll

2013-01-09 23:26:35 261120 ----a-w- C:\Windows\SysWow64\Windows.Media.dll

2013-01-09 23:26:25 278528 ----a-w- C:\Windows\SysWow64\srm.dll

2013-01-09 23:26:25 202752 ----a-w- C:\Windows\SysWow64\srmstormod.dll

2013-01-09 23:26:23 1752064 ----a-w- C:\Windows\SysWow64\setupapi.dll

2013-01-09 23:26:20 67584 ----a-w- C:\Windows\SysWow64\samlib.dll

2013-01-09 23:26:08 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll

2013-01-09 23:26:04 890880 ----a-w- C:\Windows\SysWow64\msctf.dll

2013-01-09 23:26:03 436736 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL

2013-01-09 23:25:55 582144 ----a-w- C:\Windows\SysWow64\gpprefcl.dll

2013-01-09 23:23:32 95232 ----a-w- C:\Windows\System32\wiaacmgr.exe

2013-01-09 23:23:25 2094592 ----a-w- C:\Windows\System32\mmc.exe

2013-01-09 23:23:18 256000 ----a-w- C:\Windows\System32\WSDMon.dll

2013-01-09 23:23:16 1964544 ----a-w- C:\Windows\System32\wlidsvc.dll

2013-01-09 23:23:14 594944 ----a-w- C:\Windows\System32\Windows.Networking.dll

2013-01-09 23:23:14 406016 ----a-w- C:\Windows\System32\Windows.Media.dll

2013-01-09 23:23:09 274432 ----a-w- C:\Windows\System32\srmstormod.dll

2013-01-09 23:23:08 279040 ----a-w- C:\Windows\System32\srm.dll

2013-01-09 23:23:07 1886208 ----a-w- C:\Windows\System32\setupapi.dll

2013-01-09 23:23:05 728064 ----a-w- C:\Windows\System32\samsrv.dll

2013-01-09 23:22:53 464384 ----a-w- C:\Windows\System32\netprofmsvc.dll

2013-01-09 23:22:53 151040 ----a-w- C:\Windows\System32\netprofm.dll

2013-01-09 23:22:43 1120768 ----a-w- C:\Windows\System32\msctf.dll

2013-01-09 23:22:41 666112 ----a-w- C:\Windows\System32\MP4SDECD.DLL

2013-01-09 23:22:35 438272 ----a-w- C:\Windows\System32\lsm.dll

2013-01-09 23:22:29 894464 ----a-w- C:\Windows\System32\iphlpsvc.dll

2013-01-09 23:22:29 159232 ----a-w- C:\Windows\System32\inetpp.dll

2013-01-09 23:22:26 49152 ----a-w- C:\Windows\System32\drivers\UMDF\HidBthLE.dll

2013-01-09 23:22:25 820736 ----a-w- C:\Windows\System32\gpprefcl.dll

2013-01-09 23:22:05 1918464 ----a-w- C:\Windows\System32\wbem\cimwin32.dll

2013-01-09 03:59:47 341504 ----a-w- C:\Windows\System32\drivers\HdAudio.sys

2013-01-04 05:32:36 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:19:53 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2012-12-20 00:37:37 1775616 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-12-20 00:37:04 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-12-20 00:37:02 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2012-12-20 00:37:02 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2012-12-20 00:36:50 431616 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2012-12-20 00:29:16 2246656 ----a-w- C:\Windows\System32\wininet.dll

2012-12-20 00:29:11 907776 ----a-w- C:\Windows\System32\uxtheme.dll

2012-12-20 00:28:29 3966464 ----a-w- C:\Windows\System32\jscript9.dll

2012-12-20 00:28:26 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2012-12-20 00:28:04 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll

2012-12-18 01:56:27 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2012-12-15 04:55:40 443392 ----a-w- C:\Windows\System32\ReAgent.dll

2012-12-15 04:55:40 1010688 ----a-w- C:\Windows\System32\reseteng.dll

2012-12-15 04:55:18 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll

.

============= FINISH: 21:28:05.34 ===============

Attach.zip

Link to post
Share on other sites

Hello bidol13 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.