Jump to content

Recommended Posts

DDS LOGS

Windows XP Service Pack 3

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by lpena at 9:54:43 on 2011-10-24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.909 [GMT -5:00]

.

FW: Trend Micro Client-Server Security Agent Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kaseya\Agent\AgentMon.exe

C:\Program Files\Kaseya\Agent\KasAVSrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Kaseya\Agent\KaUsrTsk.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\AIM\AIM Pro\aimpro.exe

C:\Program Files\Kaseya\EXPCMT06009376618562\KaUsrTsk.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

c:\program files\internet explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QuickBooksDB19] c:\progra~1\intuit\quickb~1.0\qbdbmgrn.exe -n qb_scc-sg01_19 -qs -gd all -gk all -gp 4096 -gu all -ch 512m -c 256m -x tcpip(broadcastlistener=no;port=55333) -ti 0 -ec simple -qi -qw -tl 120 -oe "c:\documents and settings\all users.windows\application data\intuit\quickbooks\DBStartup.log" -y

mRun: [KASHENTSLT13125939423609] "c:\program files\kaseya\agent\KaUsrTsk.exe"

mRun: [QuickBooksDB21] c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -n qb_scc-sg01_21 -qs -gd all -gk all -gp 4096 -gu all -ch 512m -c 256m -x tcpip(broadcastlistener=no;port=55343) -ti 0 -ec simple -qi -qw -tl 120 -oe "c:\documents and settings\all users.windows\application data\intuit\quickbooks\DBStartup.log" -y

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [AIMPro] "c:\program files\aim\aim pro\aimpro.exe"

mRun: [KASHEXPCMT06009376618562] "c:\program files\kaseya\expcmt06009376618562\KaUsrTsk.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {3269A168-A467-4236-9D77-FF36D8DFB20F} - hxxps://bis.na.blackberry.com/html/web/client_tools/RIM-PwpClient.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287157146598

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} - hxxp://www.dvrstation.com/pdvratl.php?vendor=14

TCP: DhcpNameServer = 192.168.0.22 192.168.0.1

TCP: Interfaces\{44D9E581-90BC-4280-BA15-F74C4E45D60A} : DhcpNameServer = 10.200.65.10 10.200.65.12

TCP: Interfaces\{47D24606-375F-4F4B-AAFA-6DD9281CC1FA} : DhcpNameServer = 192.168.0.22 192.168.0.1

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks enterprise solutions 9.0\HelpAsyncPluggableProtocol.dll

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\136\g2ax_winlogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-8-19 52872]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-19 29712]

R2 CmosTime;CmosTime;c:\windows\system32\cmostime.sys [2005-9-14 3502]

R2 KAENTSLT13125939423609;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2008-10-13 835584]

R2 KaseyaAVService;Kaseya Security Service;c:\program files\kaseya\agent\KasAVSrv.exe [2009-8-19 221184]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-6 374152]

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]

R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2008-10-13 17920]

R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-3-26 20352]

R3 TdxVGAMINI;TdxVGAMINI;c:\windows\system32\drivers\TdxVgaMini.sys [2007-12-13 234496]

R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [2008-2-12 242944]

R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [2008-2-12 244736]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-19 216400]

S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-12-16 308136]

S2 KAEXPCMT06009376618562;Kaseya Agent #2;c:\program files\kaseya\expcmt06009376618562\AgentMon.exe [2011-4-29 741376]

S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.sys [2007-12-13 27135]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-9-5 30192]

S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\136\g2ax_service.exe [2009-1-19 46392]

S3 mamovec;mamovec;c:\windows\system32\drivers\mamovec.sys [2007-2-22 24784]

S3 mamovem;mamovem;c:\windows\system32\drivers\mamovem.sys [2007-2-22 25044]

S3 mamoveu;mamoveu;c:\windows\system32\drivers\mamoveu.sys [2007-2-22 51584]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-2-22 20992]

S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2006-4-12 38272]

S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2006-4-12 38272]

S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2006-4-12 21376]

S3 TdxMrMINI;TdxMrMINI;c:\windows\system32\drivers\TdxMrMini.sys [2007-12-13 233984]

S3 TdxVGAUSB;TARGUS USB2.0 VGA DOCK DEVICE(USB);c:\windows\system32\drivers\TdxVGAUSB.sys [2007-12-13 22528]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

S3 xVGAUSB;USB2.0 VGA DEVICE(USB);c:\windows\system32\drivers\xVGAUSB.sys [2008-2-12 31616]

S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~1.0\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~1.0\QBDBMgrN.exe -hvQuickBooksDB19 [?]

S4 QuickBooksDB21;QuickBooksDB21;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb21 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]

.

=============== Created Last 30 ================

.

2011-10-21 18:11:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2011-10-21 18:03:12 -------- d-----w- c:\program files\x-Malwarebytes' Anti-Malware

2011-10-21 17:58:27 -------- d-----w- c:\documents and settings\lpena\application data\Malwarebytes

2011-10-21 17:34:44 393216 ----a-w- c:\windows\system32\Ati2evxx.exe

2011-10-21 17:18:39 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys

2011-10-21 17:18:39 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-10-21 17:06:32 48016 --sha-w- c:\windows\system32\c_34160.nl_

2011-10-21 17:00:04 -------- d-----w- C:\Lop SD

2011-10-21 16:13:50 -------- d-sha-r- C:\cmdcons

2011-10-21 16:06:43 98816 ----a-w- c:\windows\sed.exe

2011-10-21 16:06:43 518144 ----a-w- c:\windows\SWREG.exe

2011-10-21 16:06:43 256000 ----a-w- c:\windows\PEV.exe

2011-10-21 16:06:43 208896 ----a-w- c:\windows\MBR.exe

2011-10-19 19:07:21 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-10-19 19:07:21 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-19 19:04:51 -------- d-----w- c:\documents and settings\all users.windows\application data\avg8

2011-10-19 19:04:49 -------- d-----w- c:\windows\system32\drivers\Avg

2011-10-19 19:04:49 -------- d-----w- c:\documents and settings\lpena\application data\AVG9

2011-10-19 19:04:49 -------- d-----w- c:\documents and settings\all users.windows\application data\avg9

2011-10-19 19:04:49 -------- d-----w- C:\$AVG

2011-10-19 19:03:41 -------- d-----w- c:\program files\Coupons

2011-10-19 18:09:23 -------- d-----w- c:\program files\Microsoft Security Client

.

==================== Find3M ====================

.

2011-10-21 17:06:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-09-29 12:56:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 9:55:09.01 ===============

////Do I need to attach the file titled 'attach.txt' as well?

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.