Author Topic: [Inactive - K]Malware in registry, AV definitions not updating on SystemSuite  (Read 2584 times)

Offline Coolyfett

  • Bronze Member
  • Posts: 10
Good day fellow techs, i recently allowed my AV Software to expire on an XP machine. I recently updated the license, but now I am not able to update the definitions. There is some Malware on the machine the generates a Shift Key error where all inputs on the keyboard go from capped to uncapped randomly flickering back and forth. Also not able to install any applications, mainly Chrome and iTunes updates. Ive ran a disk check, and registry repairs with the System Suite software, still not luck. I am able to type when the Cap Lock is on and I press the Shift key while typing, but if I just have the Cap Lock ON, the flickering between lowercase and cap letters continue.
« Last Edit: January 12, 2015, 05:05:26 AM by kevinf80 »



Offline Coolyfett

  • Bronze Member
  • Posts: 10
Re: Malware in registry, AV definitions not updating on SystemSuite 15
« Reply #1 on: January 01, 2015, 11:45:52 PM »
Guys I think I have what this guy had
[Inactive] Virus that enables sticky keys all the time.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: Malware in registry, AV definitions not updating on SystemSuite 15
« Reply #2 on: January 02, 2015, 06:04:56 AM »
Hello Coolyfett and welcome to SpywareHammer,

Follow the instructions here: [NEW Instructions!] What Do I Do First? and post the requested logs...

Thank you,

Kevin.

Offline Coolyfett

  • Bronze Member
  • Posts: 10
Re: Malware in registry, AV definitions not updating on SystemSuite 15
« Reply #3 on: January 02, 2015, 03:58:06 PM »
Here you are KeviN.

Text file

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by JAY TECH at 16:50:20 on 2015-01-02
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2039.1394 [GMT -5:00]
.
AV: Avanquest SystemSuite *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\90.4 The Gutta!\Local Settings\Application Data\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: Browser Companion Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files\browsercompanion\jsloader.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {237205B6-89CB-46CD-ACCA-5EC4F1AF5E4B} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Browser Companion Helper Verifier: {963B125B-8B21-49A2-A3A8-E37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>
BHO: Search-Results Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>
TB: Search-Results Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\progra~1\micros~2\wcescomm.exe"
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [PINGER] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [SBRegRebootCleaner] "c:\program files\avanquest\systemsuite\antivirus\SBRC.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
dRunOnce: [Installer] "c:\program files\vcomupdate\SS_PRO_15.0.2.32_ENU.exe" --SerialNumber=C312-0271-00005-0BDR-E05U-4GVS-K2RY
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2014-2-24 22064]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2014-8-12 39056]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2014-2-24 66344]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2014-2-24 11496]
S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 .AVQWindowsMonitorService;SystemSuite Professional Process Monitor;c:\program files\avanquest\systemsuite\AVQWinMonEngine.exe [2014-2-24 249176]
S2 AQFileRestoreSrv;AQFileRestoreSrv;c:\program files\avanquest\systemsuite\AQFileRestoreSrv.exe [2014-2-24 82808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBAMSvc;SystemSuite;c:\program files\avanquest\systemsuite\antivirus\SBAMSvc.exe [2012-11-6 3677000]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]
S2 VCOMCloudAgent;VCOM Cloud Agent;c:\program files\avanquest\systemsuite\VcomCloudAgent.exe [2014-2-24 133496]
S3 AQFileRestore;AQFileRestore;c:\windows\system32\drivers\AQFileRestore.sys [2014-2-24 17856]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2014-2-25 43368]
S3 KFilter;KFilter;c:\progra~1\avanqu~1\system~1\KFilter.sys [2014-2-24 63576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: vlc.exe: Open="c:\program files\easy media player\emp.exe" --started-from-file "%1"
.
=============== Created Last 30 ================
.
2015-01-02 08:40:00   --------   d-----w-   c:\documents and settings\jay tech\application data\com.w3i.FlipToast
2015-01-02 08:35:41   --------   d-----w-   c:\documents and settings\jay tech\application data\RealNetworks
2015-01-02 08:29:45   --------   d-----w-   c:\program files\RealNetworks
2015-01-02 08:29:33   --------   d-----w-   c:\documents and settings\all users\application data\RealNetworks
2015-01-02 08:28:11   --------   d-----w-   c:\program files\common files\xing shared
2015-01-02 07:50:45   --------   d-----w-   c:\documents and settings\jay tech\local settings\application data\Google
2015-01-02 07:50:11   --------   d-----w-   c:\documents and settings\jay tech\local settings\application data\Mozilla
2015-01-02 07:48:18   --------   d-----w-   c:\documents and settings\jay tech\local settings\application data\Adobe
2015-01-02 07:45:38   --------   d-----w-   c:\documents and settings\jay tech\application data\Avanquest
2015-01-02 07:43:12   --------   d-sh--w-   c:\documents and settings\jay tech\IETldCache
2015-01-02 02:28:02   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2015-01-02 02:28:02   --------   d-----w-   c:\windows\system32\wbem\Repository
2015-01-01 04:39:11   6750   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
.
==================== Find3M  ====================
.
2015-01-02 08:27:01   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2015-01-02 08:27:01   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2015-01-01 04:44:21   701616   -c--a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-01-01 04:44:19   71344   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-18 19:56:48   1202848   ----a-w-   c:\windows\system32\FM20.DLL
.
============= FINISH: 16:50:29.33 ===============


AnD herE Is THE ATtAChment filE

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/14/2010 3:50:29 AM
System Uptime: 1/2/2015 4:31:14 PM (0 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor:         Intel(R) Pentium(R) M processor 1.60GHz | mFCPGA | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 44.804 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Toshiba USB 109 Japanese keyboard
Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_FF101179&REV_10\4&16F6A662&0&00E0
Manufacturer: Toshiba
Name: Toshiba USB 109 Japanese keyboard
PNP Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_FF101179&REV_10\4&16F6A662&0&00E0
Service: kbdhid
.
==== System Restore Points ===================
.
RP222: 6/25/2014 10:26:33 AM - System Checkpoint
RP223: 6/27/2014 4:41:14 PM - System Checkpoint
RP224: 7/2/2014 3:16:35 PM - System Checkpoint
RP225: 7/13/2014 7:28:50 PM - Removed Apple Software Update
RP226: 7/20/2014 7:07:09 PM - System Checkpoint
RP227: 8/2/2014 4:54:22 PM - Installed Windows Media Player 11 KB939683.
RP228: 8/2/2014 4:57:21 PM - Installed Windows Media Player 11 KB939683.
RP229: 8/2/2014 5:00:10 PM - Installed Windows Media Player 11 KB939683.
RP230: 8/2/2014 8:59:32 PM - Installed Windows Media Player 11
RP231: 8/2/2014 9:16:51 PM - Installed Windows XP MSCompPackV1.
RP232: 8/3/2014 2:22:44 AM - Software Distribution Service 3.0
RP233: 8/18/2014 7:45:12 PM - System Checkpoint
RP234: 9/12/2014 7:56:48 PM - System Checkpoint
RP235: 9/20/2014 1:06:02 PM - System Checkpoint
RP236: 10/4/2014 1:56:17 PM - Removed Microsoft ActiveSync
RP237: 10/4/2014 2:05:33 PM - Removed QuickTime
RP238: 12/31/2014 11:30:08 PM - Restore Operation
RP239: 1/1/2015 1:02:26 AM - Removed PlayStation(R)Network Downloader.
RP240: 1/1/2015 1:03:31 AM - Removed PlayStation(R)Store.
RP241: 1/1/2015 1:29:20 AM - Removed QuickTime
RP242: 1/1/2015 2:03:00 AM - Software Distribution Service 3.0
RP243: 1/1/2015 8:37:03 AM - Software Distribution Service 3.0
RP244: 1/1/2015 9:21:55 AM - Software Distribution Service 3.0
RP245: 1/1/2015 8:10:22 PM - Restore Operation
RP246: 1/1/2015 9:16:28 PM - Restore Operation
RP247: 1/2/2015 3:00:27 AM - Software Distribution Service 3.0
RP248: 1/2/2015 7:49:09 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader 9.5.0
Apple Application Support
Atheros Wireless LAN MiniPCI card Driver
BrowserCompanion
DriverNavigator 1.3.2
DVD-RAM Driver
Easy Media Player 1.1.12
Free YouTube to iPhone Converter version 2.12.2.430
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HTC Shift Control Center Version 1.2.6.122
Intel(R) Graphics Media Accelerator Driver for Mobile
InterActual Player
Media Go
Media Go Video Playback Engine 1.84.107.07010
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 32.0.2 (x86 en-US)
Mozilla Maintenance Service
MSI to redistribute MS VS2005 CRT libraries
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MyVideoConverter 1.34
Nero 6 Ultra Edition
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
SAM Broadcaster v4
SD Secure Module
Search-Results Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920790) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920792) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2984942) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2920793) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SoundMAX
SystemSuite
TOSHIBA Power Saver
TOSHIBA Software Modem
TOSHIBA Software Upgrades
Toshiba Tbiosdrv Driver
TOSHIBA Virtual Sound
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2920789) 32-Bit Edition
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual CertExam Suite 1.9
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
12/31/2014 8:04:02 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.7 for the Network Card with network address 000E35452329 has been denied by the DHCP server 192.168.169.1 (The DHCP Server sent a DHCPNACK message).
12/31/2014 11:41:45 PM, error: Service Control Manager [7034]  - The SystemSuite Professional Process Monitor service terminated unexpectedly.  It has done this 1 time(s).
12/31/2014 11:37:30 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SBRE
12/31/2014 11:37:20 PM, error: Service Control Manager [7000]  - The SXUPTP Driver service failed to start due to the following error:  The system cannot find the file specified.
12/31/2014 11:23:07 PM, error: Service Control Manager [7034]  - The VCOM Cloud Agent service terminated unexpectedly.  It has done this 1 time(s).
12/31/2014 10:26:45 PM, error: Cdrom [11]  - The driver detected a controller error on \Device\CdRom0.
1/1/2015 8:38:11 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2977218).
1/1/2015 8:11:10 PM, error: Service Control Manager [7034]  - The SystemSuite Professional Task Manager service terminated unexpectedly.  It has done this 1 time(s).
1/1/2015 1:04:08 AM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
.
==== End Of File ===========================


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: Malware in registry, AV definitions not updating on SystemSuite 15
« Reply #4 on: January 02, 2015, 04:06:44 PM »
Thanks for the logs, continue as follows:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Now select > Scan > Threat scan > Scan now
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

Next,

Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here

Next,

Download Combofix from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/

  • Ensure that Combofix is saved directly to the Desktop <--- Very important

  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.

  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.

  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Offline Coolyfett

  • Bronze Member
  • Posts: 10
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 1/3/2015 10:33:41 AM, SYSTEM, DACOOLGUYSBOX, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 1/3/2015 10:33:42 AM, SYSTEM, DACOOLGUYSBOX, Manual, Rootkit Database, 2014.11.18.1, 2014.12.30.1,
Update, 1/3/2015 10:33:54 AM, SYSTEM, DACOOLGUYSBOX, Manual, Malware Database, 2014.11.20.6, 2015.1.3.5,
Scan, 1/3/2015 11:43:21 AM, SYSTEM, DACOOLGUYSBOX, Manual, Start:1/3/2015 10:36:44 AM, Duration:49 min 41 sec, Threat Scan, Completed, 0 Malware Detections, 609 Non-Malware Detections,

(end)

Offline Coolyfett

  • Bronze Member
  • Posts: 10
disregard above post
« Last Edit: January 03, 2015, 11:44:52 AM by Coolyfett »

Offline Coolyfett

  • Bronze Member
  • Posts: 10
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/3/2015
Scan Time: 12:40:45 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.03.07
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: JAY TECH

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 429779
Time Elapsed: 28 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Offline Coolyfett

  • Bronze Member
  • Posts: 10
ComboFix 15-01-02.01 - JAY TECH 01/03/2015  13:31:42.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2039.1650 [GMT -5:00]
Running from: c:\documents and settings\JAY TECH\Desktop\ComboFix.exe
AV: Avanquest SystemSuite *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Search Toolbar
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\SETE3.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mv2
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-03 to 2015-01-03  )))))))))))))))))))))))))))))))
.
.
2015-01-03 15:33 . 2015-01-03 17:40   114904   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-03 15:33 . 2015-01-03 15:33   --------   d-----w-   c:\program files\Malwarebytes Anti-Malware
2015-01-03 15:33 . 2015-01-03 15:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2015-01-03 15:33 . 2014-11-21 11:14   54360   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2015-01-03 15:33 . 2014-11-21 11:14   23256   ----a-w-   c:\windows\system32\drivers\mbam.sys
2015-01-02 08:28 . 2015-01-02 08:28   --------   d-----w-   c:\program files\Common Files\xing shared
2015-01-02 08:26 . 2015-01-02 08:28   --------   d-----w-   c:\program files\Real
2015-01-02 07:42 . 2015-01-03 02:29   --------   d-----w-   c:\documents and settings\JAY TECH
2015-01-02 02:28 . 2015-01-02 02:28   --------   d-----w-   c:\windows\system32\wbem\Repository
2015-01-02 02:23 . 2015-01-02 02:23   --------   d-----w-   c:\program files\QuickTime
2015-01-01 05:18 . 2015-01-01 05:18   --------   d-sh--w-   c:\documents and settings\LocalService\PrivacIE
2015-01-01 05:18 . 2015-01-01 05:26   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
2015-01-01 04:39 . 2015-01-02 01:49   6750   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-12-20 21:45 . 2015-01-02 01:32   --------   d-----w-   c:\program files\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-02 08:27 . 2009-12-22 20:56   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2015-01-02 08:27 . 2009-12-22 20:56   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2015-01-01 04:44 . 2012-04-15 23:25   701616   -c--a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-01-01 04:44 . 2012-02-23 04:30   71344   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-18 19:56 . 2014-11-18 19:56   1202848   ----a-w-   c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\progra~1\MICROS~2\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 73728]
"TPSMain"="TPSMain.exe" [2004-12-28 270336]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-10-08 126976]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-06 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 88363]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-15 368640]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2004-11-03 147456]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395240]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]
"SBRegRebootCleaner"="c:\program files\Avanquest\SystemSuite\Antivirus\SBRC.exe" [2012-11-06 201608]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2015-01-02 295512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Installer"="c:\program files\VCOMUpdate\SS_PRO_15.0.2.32_ENU.exe" [2014-01-21 76758480]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fliptoast.lnk]
backup=c:\windows\pss\Fliptoast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
backup=c:\windows\pss\RAMASST.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07   843712   -c--a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Fix-It Task Manager"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"Swupdtmr"=2 (0x2)
"AffinegyService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2/24/2014 10:27 PM 22064]
R2 .AVQWindowsMonitorService;SystemSuite Professional Process Monitor;c:\program files\Avanquest\SystemSuite\AVQWinMonEngine.exe [2/24/2014 10:19 PM 249176]
R2 AQFileRestoreSrv;AQFileRestoreSrv;c:\program files\Avanquest\SystemSuite\AQFileRestoreSrv.exe [2/24/2014 10:18 PM 82808]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/12/2014 11:34 AM 39056]
R2 SBAMSvc;SystemSuite;c:\program files\Avanquest\SystemSuite\Antivirus\SBAMSvc.exe [11/6/2012 11:19 AM 3677000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2/24/2014 10:27 PM 66344]
R2 VCOMCloudAgent;VCOM Cloud Agent;c:\program files\Avanquest\SystemSuite\VcomCloudAgent.exe [2/24/2014 10:18 PM 133496]
R3 AQFileRestore;AQFileRestore;c:\windows\system32\drivers\AQFileRestore.sys [2/24/2014 10:20 PM 17856]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2/25/2014 12:25 AM 43368]
S3 KFilter;KFilter;c:\progra~1\AVANQU~1\SYSTEM~1\KFilter.sys [2/24/2014 10:18 PM 63576]
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 04:44]
.
2014-09-17 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2010-09-18 17:27]
.
2015-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-789336058-1957994488-1005Core.job
- c:\documents and settings\90.4 The Gutta!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-01-02 06:52]
.
2015-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-789336058-1957994488-1005UA.job
- c:\documents and settings\90.4 The Gutta!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-01-02 06:52]
.
2015-01-03 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-08-02 01:59]
.
2014-12-12 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-08-02 01:59]
.
2015-01-03 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-789336058-1957994488-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2014-08-30 00:12]
.
2015-01-03 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1482476501-789336058-1957994488-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2014-08-30 00:12]
.
2014-09-06 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]
.
2015-01-01 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2015-01-01 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{237205B6-89CB-46CD-ACCA-5EC4F1AF5E4B} - (no file)
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-03 13:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3744)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\dlcfcoms.exe
c:\windows\System32\DVDRAMSV.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\progra~1\AVANQU~1\SYSTEM~1\MxTask.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\progra~1\AVANQU~1\SYSTEM~1\mxtask2.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TPSMain.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2015-01-03  13:47:46 - machine was rebooted
ComboFix-quarantined-files.txt  2015-01-03 18:47
.
Pre-Run: 52,500,631,552 bytes free
Post-Run: 52,418,269,184 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 814874A23DA8E4C5240C36728E34B586
8F558EB6672622401DA993E1E865C861

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Continue as follows please:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code: [Select]
File::
c:\windows\Tasks\SpeedyPC Registration3.job
Folder::
c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
c:\program files\Ask.com
c:\program files\Common Files\SpeedyPC Software
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
ClearJavaCache::

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
Click Start
  • When asked, allow the add/on to be installed
Click Start
  • Make sure that the option "Remove found threats"  is UNticked
  • Click on Advanced Settings, ensure the following options are checked:
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

Copy and paste the report in next reply.

Let me see those logs in your next reply, also give an update on any remaining issues or concerns...

Thanks,

Kevin.



Offline Coolyfett

  • Bronze Member
  • Posts: 10
Hey Kevin in step 3 you mention the text, should I be running Combofix for a 2nd time?

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Yes Combofix will run again, copy the script to notepad as instructed, name and save as instructed. Drag the file and drop onto Combofix. It will run and produce another log..

Offline Coolyfett

  • Bronze Member
  • Posts: 10
CFScript Log

ComboFix 15-01-04.01 - JAY TECH 01/04/2015  17:12:03.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2039.1609 [GMT -5:00]
Running from: c:\documents and settings\JAY TECH\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\JAY TECH\Desktop\CFScript.txt
AV: Avanquest SystemSuite *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
FILE ::
"c:\windows\Tasks\SpeedyPC Registration3.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar\cache.dat
c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar\config.xml
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_26b.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Common Files\SpeedyPC Software
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\Logo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\topbar_gradient.png
c:\program files\Common Files\SpeedyPC Software\UUS3\LiteUnzip.dll
c:\program files\Common Files\SpeedyPC Software\UUS3\settings.xml
c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-04 to 2015-01-04  )))))))))))))))))))))))))))))))
.
.
2015-01-03 15:33 . 2015-01-03 17:40   114904   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-03 15:33 . 2015-01-03 15:33   --------   d-----w-   c:\program files\Malwarebytes Anti-Malware
2015-01-03 15:33 . 2015-01-03 15:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2015-01-03 15:33 . 2014-11-21 11:14   54360   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2015-01-03 15:33 . 2014-11-21 11:14   23256   ----a-w-   c:\windows\system32\drivers\mbam.sys
2015-01-02 08:28 . 2015-01-02 08:28   --------   d-----w-   c:\program files\Common Files\xing shared
2015-01-02 08:26 . 2015-01-02 08:28   --------   d-----w-   c:\program files\Real
2015-01-02 07:42 . 2015-01-04 00:44   --------   d-----w-   c:\documents and settings\JAY TECH
2015-01-02 02:28 . 2015-01-02 02:28   --------   d-----w-   c:\windows\system32\wbem\Repository
2015-01-02 02:23 . 2015-01-02 02:23   --------   d-----w-   c:\program files\QuickTime
2015-01-01 05:18 . 2015-01-01 05:18   --------   d-sh--w-   c:\documents and settings\LocalService\PrivacIE
2015-01-01 04:39 . 2015-01-02 01:49   6750   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-12-20 21:45 . 2015-01-02 01:32   --------   d-----w-   c:\program files\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-02 08:27 . 2009-12-22 20:56   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2015-01-02 08:27 . 2009-12-22 20:56   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2015-01-01 04:44 . 2012-04-15 23:25   701616   -c--a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-01-01 04:44 . 2012-02-23 04:30   71344   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-18 19:56 . 2014-11-18 19:56   1202848   ----a-w-   c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\progra~1\MICROS~2\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 73728]
"TPSMain"="TPSMain.exe" [2004-12-28 270336]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-10-08 126976]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-06 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 88363]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-15 368640]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2004-11-03 147456]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]
"SBRegRebootCleaner"="c:\program files\Avanquest\SystemSuite\Antivirus\SBRC.exe" [2012-11-06 201608]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2015-01-02 295512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Installer"="c:\program files\VCOMUpdate\SS_PRO_15.0.2.32_ENU.exe" [2014-01-21 76758480]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fliptoast.lnk]
backup=c:\windows\pss\Fliptoast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
backup=c:\windows\pss\RAMASST.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07   843712   -c--a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Fix-It Task Manager"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"Swupdtmr"=2 (0x2)
"AffinegyService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2/24/2014 10:27 PM 22064]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/12/2014 11:34 AM 39056]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2/24/2014 10:27 PM 66344]
R3 KFilter;KFilter;c:\progra~1\AVANQU~1\SYSTEM~1\KFilter.sys [2/24/2014 10:18 PM 63576]
R3 TFilter;TFilter;c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys [2/24/2014 10:18 PM 30096]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 .AVQWindowsMonitorService;SystemSuite Professional Process Monitor;c:\program files\Avanquest\SystemSuite\AVQWinMonEngine.exe [2/24/2014 10:19 PM 249176]
S2 AQFileRestoreSrv;AQFileRestoreSrv;c:\program files\Avanquest\SystemSuite\AQFileRestoreSrv.exe [2/24/2014 10:18 PM 82808]
S2 SBAMSvc;SystemSuite;c:\program files\Avanquest\SystemSuite\Antivirus\SBAMSvc.exe [11/6/2012 11:19 AM 3677000]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
S2 VCOMCloudAgent;VCOM Cloud Agent;c:\program files\Avanquest\SystemSuite\VcomCloudAgent.exe [2/24/2014 10:18 PM 133496]
S3 AQFileRestore;AQFileRestore;c:\windows\system32\drivers\AQFileRestore.sys [2/24/2014 10:20 PM 17856]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2/25/2014 12:25 AM 43368]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KFILTER
*NewlyCreated* - TFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 04:44]
.
2014-09-17 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2010-09-18 17:27]
.
2015-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-789336058-1957994488-1005Core.job
- c:\documents and settings\90.4 The Gutta!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-01-02 06:52]
.
2015-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-789336058-1957994488-1005UA.job
- c:\documents and settings\90.4 The Gutta!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-01-02 06:52]
.
2015-01-04 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-08-02 01:59]
.
2014-12-12 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-08-02 01:59]
.
2015-01-04 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-789336058-1957994488-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2014-08-30 00:12]
.
2015-01-04 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1482476501-789336058-1957994488-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2014-08-30 00:12]
.
2014-09-06 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-04 17:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2015-01-04  17:21:55
ComboFix-quarantined-files.txt  2015-01-04 22:21
ComboFix2.txt  2015-01-03 18:47
.
Pre-Run: 52,310,765,568 bytes free
Post-Run: 52,293,193,728 bytes free
.
- - End Of File - - 3CE76FB031C3CD29404A2A1256A6CD34
8F558EB6672622401DA993E1E865C861





ESET SCAN

C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeDVDVideoConverter.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeVideoToiPodConverter.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeVideoToMp3Converter.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeYouTubeDownload.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeYouTubeToiPodConverter(1).exe   Win32/Toolbar.Conduit potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeYouTubeToiPodConverter.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeYouTubeToMP3Converter(1).exe   Win32/Toolbar.Conduit potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeYouTubeToMp3Converter.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\Ask.com\GenericAskToolbar.dll.vir   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files\Ask.com\precache.exe.vir   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files\Ask.com\SaUpdate.exe.vir   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files\Ask.com\UpdateTask.exe.vir   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files\Ask.com\Updater\Updater.exe.vir   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP244\A0275794.exe   a variant of Win32/BrowserCompanion.A potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP246\A0278643.exe   a variant of Win32/BrowserCompanion.A potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP247\A0280013.dll   a variant of Win32/OpenCandy.A potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP247\A0280015.exe   a variant of Win32/OpenCandy.A potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP247\A0280020.dll   a variant of Win32/Toolbar.Babylon.F potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP247\A0280021.dll   a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP247\A0280022.exe   a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP247\A0280033.dll   a variant of Win32/PriceGong.A potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280682.dll   Win32/BrowserCompanion.B potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280683.dll   Win32/BrowserCompanion.C potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280684.exe   a variant of Win32/BrowserCompanion.A potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280687.dll   Win32/BrowserCompanion.D potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280690.exe   Win32/BrowserCompanion.F potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280694.dll   a variant of Win32/PriceGong.A potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280697.dll   a variant of Win32/PriceGong.A potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280699.exe   Win32/Toolbar.Conduit.Q potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP252\A0281024.dll   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP252\A0281025.exe   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP252\A0281026.exe   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP252\A0281027.exe   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP252\A0281028.exe   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
What is the current status of your system, any remaining issues or concerns?

Offline Coolyfett

  • Bronze Member
  • Posts: 10
SystemSuite my AV is still not updating definitions

The shift flicker seems to be repaired at the moment.

Kevin do you have any advice for updating my definitions?

 

Click Here