SpywareHammer.com

SpywareHammer Malware Removal Forums => Completed Malware and Rootkit Removal Topics => Inactive Logs => Topic started by: Coolyfett on January 01, 2015, 11:42:09 PM

Title: [Inactive - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: Coolyfett on January 01, 2015, 11:42:09 PM
Good day fellow techs, i recently allowed my AV Software to expire on an XP machine. I recently updated the license, but now I am not able to update the definitions. There is some Malware on the machine the generates a Shift Key error where all inputs on the keyboard go from capped to uncapped randomly flickering back and forth. Also not able to install any applications, mainly Chrome and iTunes updates. Ive ran a disk check, and registry repairs with the System Suite software, still not luck. I am able to type when the Cap Lock is on and I press the Shift key while typing, but if I just have the Cap Lock ON, the flickering between lowercase and cap letters continue.
Title: Re: Malware in registry, AV definitions not updating on SystemSuite 15
Post by: Coolyfett on January 01, 2015, 11:45:52 PM
Guys I think I have what this guy had
[Inactive] Virus that enables sticky keys all the time. (http://spywarehammer.com/simplemachinesforum/index.php?topic=5072.new#new)
Title: Re: Malware in registry, AV definitions not updating on SystemSuite 15
Post by: kevinf80 on January 02, 2015, 06:04:56 AM
Hello Coolyfett and welcome to SpywareHammer,

Follow the instructions here: [NEW Instructions!] What Do I Do First? (http://spywarehammer.com/simplemachinesforum/index.php/topic,12262.0.html) and post the requested logs...

Thank you,

Kevin.
Title: Re: Malware in registry, AV definitions not updating on SystemSuite 15
Post by: Coolyfett on January 02, 2015, 03:58:06 PM
Here you are KeviN.

Text file

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by JAY TECH at 16:50:20 on 2015-01-02
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2039.1394 [GMT -5:00]
.
AV: Avanquest SystemSuite *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\90.4 The Gutta!\Local Settings\Application Data\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: Browser Companion Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files\browsercompanion\jsloader.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {237205B6-89CB-46CD-ACCA-5EC4F1AF5E4B} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Browser Companion Helper Verifier: {963B125B-8B21-49A2-A3A8-E37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>
BHO: Search-Results Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>
TB: Search-Results Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\progra~1\micros~2\wcescomm.exe"
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [PINGER] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [SBRegRebootCleaner] "c:\program files\avanquest\systemsuite\antivirus\SBRC.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
dRunOnce: [Installer] "c:\program files\vcomupdate\SS_PRO_15.0.2.32_ENU.exe" --SerialNumber=C312-0271-00005-0BDR-E05U-4GVS-K2RY
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2014-2-24 22064]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2014-8-12 39056]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2014-2-24 66344]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2014-2-24 11496]
S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 .AVQWindowsMonitorService;SystemSuite Professional Process Monitor;c:\program files\avanquest\systemsuite\AVQWinMonEngine.exe [2014-2-24 249176]
S2 AQFileRestoreSrv;AQFileRestoreSrv;c:\program files\avanquest\systemsuite\AQFileRestoreSrv.exe [2014-2-24 82808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBAMSvc;SystemSuite;c:\program files\avanquest\systemsuite\antivirus\SBAMSvc.exe [2012-11-6 3677000]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]
S2 VCOMCloudAgent;VCOM Cloud Agent;c:\program files\avanquest\systemsuite\VcomCloudAgent.exe [2014-2-24 133496]
S3 AQFileRestore;AQFileRestore;c:\windows\system32\drivers\AQFileRestore.sys [2014-2-24 17856]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2014-2-25 43368]
S3 KFilter;KFilter;c:\progra~1\avanqu~1\system~1\KFilter.sys [2014-2-24 63576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: vlc.exe: Open="c:\program files\easy media player\emp.exe" --started-from-file "%1"
.
=============== Created Last 30 ================
.
2015-01-02 08:40:00   --------   d-----w-   c:\documents and settings\jay tech\application data\com.w3i.FlipToast
2015-01-02 08:35:41   --------   d-----w-   c:\documents and settings\jay tech\application data\RealNetworks
2015-01-02 08:29:45   --------   d-----w-   c:\program files\RealNetworks
2015-01-02 08:29:33   --------   d-----w-   c:\documents and settings\all users\application data\RealNetworks
2015-01-02 08:28:11   --------   d-----w-   c:\program files\common files\xing shared
2015-01-02 07:50:45   --------   d-----w-   c:\documents and settings\jay tech\local settings\application data\Google
2015-01-02 07:50:11   --------   d-----w-   c:\documents and settings\jay tech\local settings\application data\Mozilla
2015-01-02 07:48:18   --------   d-----w-   c:\documents and settings\jay tech\local settings\application data\Adobe
2015-01-02 07:45:38   --------   d-----w-   c:\documents and settings\jay tech\application data\Avanquest
2015-01-02 07:43:12   --------   d-sh--w-   c:\documents and settings\jay tech\IETldCache
2015-01-02 02:28:02   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2015-01-02 02:28:02   --------   d-----w-   c:\windows\system32\wbem\Repository
2015-01-01 04:39:11   6750   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
.
==================== Find3M  ====================
.
2015-01-02 08:27:01   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2015-01-02 08:27:01   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2015-01-01 04:44:21   701616   -c--a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-01-01 04:44:19   71344   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-18 19:56:48   1202848   ----a-w-   c:\windows\system32\FM20.DLL
.
============= FINISH: 16:50:29.33 ===============


AnD herE Is THE ATtAChment filE

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/14/2010 3:50:29 AM
System Uptime: 1/2/2015 4:31:14 PM (0 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor:         Intel(R) Pentium(R) M processor 1.60GHz | mFCPGA | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 44.804 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Toshiba USB 109 Japanese keyboard
Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_FF101179&REV_10\4&16F6A662&0&00E0
Manufacturer: Toshiba
Name: Toshiba USB 109 Japanese keyboard
PNP Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_FF101179&REV_10\4&16F6A662&0&00E0
Service: kbdhid
.
==== System Restore Points ===================
.
RP222: 6/25/2014 10:26:33 AM - System Checkpoint
RP223: 6/27/2014 4:41:14 PM - System Checkpoint
RP224: 7/2/2014 3:16:35 PM - System Checkpoint
RP225: 7/13/2014 7:28:50 PM - Removed Apple Software Update
RP226: 7/20/2014 7:07:09 PM - System Checkpoint
RP227: 8/2/2014 4:54:22 PM - Installed Windows Media Player 11 KB939683.
RP228: 8/2/2014 4:57:21 PM - Installed Windows Media Player 11 KB939683.
RP229: 8/2/2014 5:00:10 PM - Installed Windows Media Player 11 KB939683.
RP230: 8/2/2014 8:59:32 PM - Installed Windows Media Player 11
RP231: 8/2/2014 9:16:51 PM - Installed Windows XP MSCompPackV1.
RP232: 8/3/2014 2:22:44 AM - Software Distribution Service 3.0
RP233: 8/18/2014 7:45:12 PM - System Checkpoint
RP234: 9/12/2014 7:56:48 PM - System Checkpoint
RP235: 9/20/2014 1:06:02 PM - System Checkpoint
RP236: 10/4/2014 1:56:17 PM - Removed Microsoft ActiveSync
RP237: 10/4/2014 2:05:33 PM - Removed QuickTime
RP238: 12/31/2014 11:30:08 PM - Restore Operation
RP239: 1/1/2015 1:02:26 AM - Removed PlayStation(R)Network Downloader.
RP240: 1/1/2015 1:03:31 AM - Removed PlayStation(R)Store.
RP241: 1/1/2015 1:29:20 AM - Removed QuickTime
RP242: 1/1/2015 2:03:00 AM - Software Distribution Service 3.0
RP243: 1/1/2015 8:37:03 AM - Software Distribution Service 3.0
RP244: 1/1/2015 9:21:55 AM - Software Distribution Service 3.0
RP245: 1/1/2015 8:10:22 PM - Restore Operation
RP246: 1/1/2015 9:16:28 PM - Restore Operation
RP247: 1/2/2015 3:00:27 AM - Software Distribution Service 3.0
RP248: 1/2/2015 7:49:09 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader 9.5.0
Apple Application Support
Atheros Wireless LAN MiniPCI card Driver
BrowserCompanion
DriverNavigator 1.3.2
DVD-RAM Driver
Easy Media Player 1.1.12
Free YouTube to iPhone Converter version 2.12.2.430
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HTC Shift Control Center Version 1.2.6.122
Intel(R) Graphics Media Accelerator Driver for Mobile
InterActual Player
Media Go
Media Go Video Playback Engine 1.84.107.07010
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 32.0.2 (x86 en-US)
Mozilla Maintenance Service
MSI to redistribute MS VS2005 CRT libraries
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MyVideoConverter 1.34
Nero 6 Ultra Edition
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
SAM Broadcaster v4
SD Secure Module
Search-Results Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920790) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920792) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2984942) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2920793) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SoundMAX
SystemSuite
TOSHIBA Power Saver
TOSHIBA Software Modem
TOSHIBA Software Upgrades
Toshiba Tbiosdrv Driver
TOSHIBA Virtual Sound
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2920789) 32-Bit Edition
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual CertExam Suite 1.9
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
12/31/2014 8:04:02 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.7 for the Network Card with network address 000E35452329 has been denied by the DHCP server 192.168.169.1 (The DHCP Server sent a DHCPNACK message).
12/31/2014 11:41:45 PM, error: Service Control Manager [7034]  - The SystemSuite Professional Process Monitor service terminated unexpectedly.  It has done this 1 time(s).
12/31/2014 11:37:30 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SBRE
12/31/2014 11:37:20 PM, error: Service Control Manager [7000]  - The SXUPTP Driver service failed to start due to the following error:  The system cannot find the file specified.
12/31/2014 11:23:07 PM, error: Service Control Manager [7034]  - The VCOM Cloud Agent service terminated unexpectedly.  It has done this 1 time(s).
12/31/2014 10:26:45 PM, error: Cdrom [11]  - The driver detected a controller error on \Device\CdRom0.
1/1/2015 8:38:11 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2977218).
1/1/2015 8:11:10 PM, error: Service Control Manager [7034]  - The SystemSuite Professional Task Manager service terminated unexpectedly.  It has done this 1 time(s).
1/1/2015 1:04:08 AM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
.
==== End Of File ===========================

Title: Re: Malware in registry, AV definitions not updating on SystemSuite 15
Post by: kevinf80 on January 02, 2015, 04:06:44 PM
Thanks for the logs, continue as follows:

Download Malwarebytes Anti-Malware (http://downloads.malwarebytes.org/file/mbam) to your desktop.
When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

Next,

Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here (http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/)

Next,

Download Combofix from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

http://www.infospyware.net/antimalware/combofix/ (http://www.infospyware.net/antimalware/combofix/)


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 (http://thespykiller.co.uk/index.php?page=20) why  disabling autoruns is recommended.

*EXTRA NOTES*

Post the log in next reply please...

Kevin
Title: Re: [In Progress - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: Coolyfett on January 03, 2015, 11:13:32 AM
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 1/3/2015 10:33:41 AM, SYSTEM, DACOOLGUYSBOX, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 1/3/2015 10:33:42 AM, SYSTEM, DACOOLGUYSBOX, Manual, Rootkit Database, 2014.11.18.1, 2014.12.30.1,
Update, 1/3/2015 10:33:54 AM, SYSTEM, DACOOLGUYSBOX, Manual, Malware Database, 2014.11.20.6, 2015.1.3.5,
Scan, 1/3/2015 11:43:21 AM, SYSTEM, DACOOLGUYSBOX, Manual, Start:1/3/2015 10:36:44 AM, Duration:49 min 41 sec, Threat Scan, Completed, 0 Malware Detections, 609 Non-Malware Detections,

(end)
Title: Re: [In Progress - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: Coolyfett on January 03, 2015, 11:37:10 AM
disregard above post
Title: Re: [In Progress - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: Coolyfett on January 03, 2015, 12:11:33 PM
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/3/2015
Scan Time: 12:40:45 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.03.07
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: JAY TECH

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 429779
Time Elapsed: 28 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Title: Re: [In Progress - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: Coolyfett on January 03, 2015, 12:53:29 PM
ComboFix 15-01-02.01 - JAY TECH 01/03/2015  13:31:42.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2039.1650 [GMT -5:00]
Running from: c:\documents and settings\JAY TECH\Desktop\ComboFix.exe
AV: Avanquest SystemSuite *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Search Toolbar
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\SETE3.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mv2
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-03 to 2015-01-03  )))))))))))))))))))))))))))))))
.
.
2015-01-03 15:33 . 2015-01-03 17:40   114904   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-03 15:33 . 2015-01-03 15:33   --------   d-----w-   c:\program files\Malwarebytes Anti-Malware
2015-01-03 15:33 . 2015-01-03 15:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2015-01-03 15:33 . 2014-11-21 11:14   54360   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2015-01-03 15:33 . 2014-11-21 11:14   23256   ----a-w-   c:\windows\system32\drivers\mbam.sys
2015-01-02 08:28 . 2015-01-02 08:28   --------   d-----w-   c:\program files\Common Files\xing shared
2015-01-02 08:26 . 2015-01-02 08:28   --------   d-----w-   c:\program files\Real
2015-01-02 07:42 . 2015-01-03 02:29   --------   d-----w-   c:\documents and settings\JAY TECH
2015-01-02 02:28 . 2015-01-02 02:28   --------   d-----w-   c:\windows\system32\wbem\Repository
2015-01-02 02:23 . 2015-01-02 02:23   --------   d-----w-   c:\program files\QuickTime
2015-01-01 05:18 . 2015-01-01 05:18   --------   d-sh--w-   c:\documents and settings\LocalService\PrivacIE
2015-01-01 05:18 . 2015-01-01 05:26   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
2015-01-01 04:39 . 2015-01-02 01:49   6750   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-12-20 21:45 . 2015-01-02 01:32   --------   d-----w-   c:\program files\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-02 08:27 . 2009-12-22 20:56   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2015-01-02 08:27 . 2009-12-22 20:56   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2015-01-01 04:44 . 2012-04-15 23:25   701616   -c--a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-01-01 04:44 . 2012-02-23 04:30   71344   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-18 19:56 . 2014-11-18 19:56   1202848   ----a-w-   c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\progra~1\MICROS~2\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 73728]
"TPSMain"="TPSMain.exe" [2004-12-28 270336]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-10-08 126976]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-06 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 88363]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-15 368640]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2004-11-03 147456]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395240]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]
"SBRegRebootCleaner"="c:\program files\Avanquest\SystemSuite\Antivirus\SBRC.exe" [2012-11-06 201608]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2015-01-02 295512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Installer"="c:\program files\VCOMUpdate\SS_PRO_15.0.2.32_ENU.exe" [2014-01-21 76758480]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fliptoast.lnk]
backup=c:\windows\pss\Fliptoast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
backup=c:\windows\pss\RAMASST.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07   843712   -c--a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Fix-It Task Manager"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"Swupdtmr"=2 (0x2)
"AffinegyService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2/24/2014 10:27 PM 22064]
R2 .AVQWindowsMonitorService;SystemSuite Professional Process Monitor;c:\program files\Avanquest\SystemSuite\AVQWinMonEngine.exe [2/24/2014 10:19 PM 249176]
R2 AQFileRestoreSrv;AQFileRestoreSrv;c:\program files\Avanquest\SystemSuite\AQFileRestoreSrv.exe [2/24/2014 10:18 PM 82808]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/12/2014 11:34 AM 39056]
R2 SBAMSvc;SystemSuite;c:\program files\Avanquest\SystemSuite\Antivirus\SBAMSvc.exe [11/6/2012 11:19 AM 3677000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2/24/2014 10:27 PM 66344]
R2 VCOMCloudAgent;VCOM Cloud Agent;c:\program files\Avanquest\SystemSuite\VcomCloudAgent.exe [2/24/2014 10:18 PM 133496]
R3 AQFileRestore;AQFileRestore;c:\windows\system32\drivers\AQFileRestore.sys [2/24/2014 10:20 PM 17856]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2/25/2014 12:25 AM 43368]
S3 KFilter;KFilter;c:\progra~1\AVANQU~1\SYSTEM~1\KFilter.sys [2/24/2014 10:18 PM 63576]
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 04:44]
.
2014-09-17 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2010-09-18 17:27]
.
2015-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-789336058-1957994488-1005Core.job
- c:\documents and settings\90.4 The Gutta!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-01-02 06:52]
.
2015-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-789336058-1957994488-1005UA.job
- c:\documents and settings\90.4 The Gutta!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-01-02 06:52]
.
2015-01-03 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-08-02 01:59]
.
2014-12-12 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-08-02 01:59]
.
2015-01-03 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-789336058-1957994488-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2014-08-30 00:12]
.
2015-01-03 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1482476501-789336058-1957994488-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2014-08-30 00:12]
.
2014-09-06 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]
.
2015-01-01 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2015-01-01 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{237205B6-89CB-46CD-ACCA-5EC4F1AF5E4B} - (no file)
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-03 13:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3744)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\dlcfcoms.exe
c:\windows\System32\DVDRAMSV.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\progra~1\AVANQU~1\SYSTEM~1\MxTask.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\progra~1\AVANQU~1\SYSTEM~1\mxtask2.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TPSMain.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2015-01-03  13:47:46 - machine was rebooted
ComboFix-quarantined-files.txt  2015-01-03 18:47
.
Pre-Run: 52,500,631,552 bytes free
Post-Run: 52,418,269,184 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 814874A23DA8E4C5240C36728E34B586
8F558EB6672622401DA993E1E865C861
Title: Re: [In Progress - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: kevinf80 on January 03, 2015, 03:49:21 PM
Continue as follows please:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code: [Select]
File::
c:\windows\Tasks\SpeedyPC Registration3.job
Folder::
c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
c:\program files\Ask.com
c:\program files\Common Files\SpeedyPC Software
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
ClearJavaCache::

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

(http://i121.photobucket.com/albums/o239/kevinf80/CF3.jpg)

(http://i121.photobucket.com/albums/o239/kevinf80/CFScriptB-4.gif)

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

Go to Eset web page http://www.eset.com/us/online-scanner/ (http://www.eset.com/us/online-scanner/) to run an online scan from ESET.

Click Start
Click Start
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Scan

When the scan is complete


If threats were found


close program

Copy and paste the report in next reply.

Let me see those logs in your next reply, also give an update on any remaining issues or concerns...

Thanks,

Kevin.


Title: Re: [In Progress - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: Coolyfett on January 04, 2015, 03:38:06 PM
Hey Kevin in step 3 you mention the text, should I be running Combofix for a 2nd time?
Title: Re: [In Progress - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: kevinf80 on January 04, 2015, 03:49:20 PM
Yes Combofix will run again, copy the script to notepad as instructed, name and save as instructed. Drag the file and drop onto Combofix. It will run and produce another log..
Title: Re: [In Progress - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: Coolyfett on January 04, 2015, 05:46:39 PM
CFScript Log

ComboFix 15-01-04.01 - JAY TECH 01/04/2015  17:12:03.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2039.1609 [GMT -5:00]
Running from: c:\documents and settings\JAY TECH\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\JAY TECH\Desktop\CFScript.txt
AV: Avanquest SystemSuite *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
FILE ::
"c:\windows\Tasks\SpeedyPC Registration3.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar\cache.dat
c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar\config.xml
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_26b.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Common Files\SpeedyPC Software
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\Logo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\topbar_gradient.png
c:\program files\Common Files\SpeedyPC Software\UUS3\LiteUnzip.dll
c:\program files\Common Files\SpeedyPC Software\UUS3\settings.xml
c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-04 to 2015-01-04  )))))))))))))))))))))))))))))))
.
.
2015-01-03 15:33 . 2015-01-03 17:40   114904   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-03 15:33 . 2015-01-03 15:33   --------   d-----w-   c:\program files\Malwarebytes Anti-Malware
2015-01-03 15:33 . 2015-01-03 15:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2015-01-03 15:33 . 2014-11-21 11:14   54360   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2015-01-03 15:33 . 2014-11-21 11:14   23256   ----a-w-   c:\windows\system32\drivers\mbam.sys
2015-01-02 08:28 . 2015-01-02 08:28   --------   d-----w-   c:\program files\Common Files\xing shared
2015-01-02 08:26 . 2015-01-02 08:28   --------   d-----w-   c:\program files\Real
2015-01-02 07:42 . 2015-01-04 00:44   --------   d-----w-   c:\documents and settings\JAY TECH
2015-01-02 02:28 . 2015-01-02 02:28   --------   d-----w-   c:\windows\system32\wbem\Repository
2015-01-02 02:23 . 2015-01-02 02:23   --------   d-----w-   c:\program files\QuickTime
2015-01-01 05:18 . 2015-01-01 05:18   --------   d-sh--w-   c:\documents and settings\LocalService\PrivacIE
2015-01-01 04:39 . 2015-01-02 01:49   6750   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-12-20 21:45 . 2015-01-02 01:32   --------   d-----w-   c:\program files\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-02 08:27 . 2009-12-22 20:56   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2015-01-02 08:27 . 2009-12-22 20:56   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2015-01-01 04:44 . 2012-04-15 23:25   701616   -c--a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-01-01 04:44 . 2012-02-23 04:30   71344   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-18 19:56 . 2014-11-18 19:56   1202848   ----a-w-   c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\progra~1\MICROS~2\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 73728]
"TPSMain"="TPSMain.exe" [2004-12-28 270336]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-10-08 126976]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-06 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 88363]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-15 368640]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2004-11-03 147456]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]
"SBRegRebootCleaner"="c:\program files\Avanquest\SystemSuite\Antivirus\SBRC.exe" [2012-11-06 201608]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2015-01-02 295512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Installer"="c:\program files\VCOMUpdate\SS_PRO_15.0.2.32_ENU.exe" [2014-01-21 76758480]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fliptoast.lnk]
backup=c:\windows\pss\Fliptoast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
backup=c:\windows\pss\RAMASST.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07   843712   -c--a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Fix-It Task Manager"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"Swupdtmr"=2 (0x2)
"AffinegyService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2/24/2014 10:27 PM 22064]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/12/2014 11:34 AM 39056]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2/24/2014 10:27 PM 66344]
R3 KFilter;KFilter;c:\progra~1\AVANQU~1\SYSTEM~1\KFilter.sys [2/24/2014 10:18 PM 63576]
R3 TFilter;TFilter;c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys [2/24/2014 10:18 PM 30096]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 .AVQWindowsMonitorService;SystemSuite Professional Process Monitor;c:\program files\Avanquest\SystemSuite\AVQWinMonEngine.exe [2/24/2014 10:19 PM 249176]
S2 AQFileRestoreSrv;AQFileRestoreSrv;c:\program files\Avanquest\SystemSuite\AQFileRestoreSrv.exe [2/24/2014 10:18 PM 82808]
S2 SBAMSvc;SystemSuite;c:\program files\Avanquest\SystemSuite\Antivirus\SBAMSvc.exe [11/6/2012 11:19 AM 3677000]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
S2 VCOMCloudAgent;VCOM Cloud Agent;c:\program files\Avanquest\SystemSuite\VcomCloudAgent.exe [2/24/2014 10:18 PM 133496]
S3 AQFileRestore;AQFileRestore;c:\windows\system32\drivers\AQFileRestore.sys [2/24/2014 10:20 PM 17856]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2/25/2014 12:25 AM 43368]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KFILTER
*NewlyCreated* - TFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 04:44]
.
2014-09-17 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2010-09-18 17:27]
.
2015-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-789336058-1957994488-1005Core.job
- c:\documents and settings\90.4 The Gutta!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-01-02 06:52]
.
2015-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-789336058-1957994488-1005UA.job
- c:\documents and settings\90.4 The Gutta!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-01-02 06:52]
.
2015-01-04 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-08-02 01:59]
.
2014-12-12 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-08-02 01:59]
.
2015-01-04 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-789336058-1957994488-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2014-08-30 00:12]
.
2015-01-04 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1482476501-789336058-1957994488-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2014-08-30 00:12]
.
2014-09-06 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-04 17:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2015-01-04  17:21:55
ComboFix-quarantined-files.txt  2015-01-04 22:21
ComboFix2.txt  2015-01-03 18:47
.
Pre-Run: 52,310,765,568 bytes free
Post-Run: 52,293,193,728 bytes free
.
- - End Of File - - 3CE76FB031C3CD29404A2A1256A6CD34
8F558EB6672622401DA993E1E865C861





ESET SCAN

C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeDVDVideoConverter.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeVideoToiPodConverter.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeVideoToMp3Converter.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeYouTubeDownload.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeYouTubeToiPodConverter(1).exe   Win32/Toolbar.Conduit potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeYouTubeToiPodConverter.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeYouTubeToMP3Converter(1).exe   Win32/Toolbar.Conduit potentially unwanted application
C:\Documents and Settings\JAY TECH\My Documents\Downloads\FreeYouTubeToMp3Converter.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\Ask.com\GenericAskToolbar.dll.vir   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files\Ask.com\precache.exe.vir   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files\Ask.com\SaUpdate.exe.vir   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files\Ask.com\UpdateTask.exe.vir   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files\Ask.com\Updater\Updater.exe.vir   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP244\A0275794.exe   a variant of Win32/BrowserCompanion.A potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP246\A0278643.exe   a variant of Win32/BrowserCompanion.A potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP247\A0280013.dll   a variant of Win32/OpenCandy.A potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP247\A0280015.exe   a variant of Win32/OpenCandy.A potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP247\A0280020.dll   a variant of Win32/Toolbar.Babylon.F potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP247\A0280021.dll   a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP247\A0280022.exe   a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP247\A0280033.dll   a variant of Win32/PriceGong.A potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280682.dll   Win32/BrowserCompanion.B potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280683.dll   Win32/BrowserCompanion.C potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280684.exe   a variant of Win32/BrowserCompanion.A potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280687.dll   Win32/BrowserCompanion.D potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280690.exe   Win32/BrowserCompanion.F potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280694.dll   a variant of Win32/PriceGong.A potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280697.dll   a variant of Win32/PriceGong.A potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP250\A0280699.exe   Win32/Toolbar.Conduit.Q potentially unwanted application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP252\A0281024.dll   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP252\A0281025.exe   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP252\A0281026.exe   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP252\A0281027.exe   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
C:\System Volume Information\_restore{2384D48D-0E31-4391-A1DD-688B0EB0614C}\RP252\A0281028.exe   a variant of Win32/Bundled.Toolbar.Ask.K potentially unsafe application
Title: Re: [In Progress - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: kevinf80 on January 04, 2015, 06:50:32 PM
What is the current status of your system, any remaining issues or concerns?
Title: Re: [In Progress - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: Coolyfett on January 04, 2015, 08:07:54 PM
SystemSuite my AV is still not updating definitions

The shift flicker seems to be repaired at the moment.

Kevin do you have any advice for updating my definitions?
Title: Re: [In Progress - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: kevinf80 on January 05, 2015, 05:25:45 AM
Run the following to clean up:

Remove Combofix now that we're done with it

The above procedure will delete the following:


Next,

Download "Delfix by Xplode" (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror" (http://en.kioskea.net/download/download-24087-delfix)

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

C:\Windows\ERUNT

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

Any remnant files/logs from tools we have used can be deleted…

Next,

Regarding your Security, try UNinstalling and re-installing, see if that makes any difference. Download the new installer first.....

Let me know if any remaining issues or concerns..

Thanks,

Kevin...
Title: Re: [In Progress - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: kevinf80 on January 09, 2015, 05:54:58 PM
Did the clean up complete, do you have any remaining issues or concerns...

Thank you,

Kevin...
Title: Re: [In Progress - K]Malware in registry, AV definitions not updating on SystemSuite
Post by: kevinf80 on January 12, 2015, 05:04:53 AM
Due to the lack of feedback this topic is closed. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!