Author Topic: Multiple problems with virus and avast program (Read 21599 times)

pallison · « **Reply #15 on:** January 01, 2008, 04:58:43 AM »

The Virus Chest in Avast is once again working....do I just leave all those files in there forever?

oldman · « **Reply #16 on:** January 01, 2008, 05:02:37 AM »

Quote from: pallison on January 01, 2008, 04:31:11 AM

My control panel is back and I can click on the items.....my desktop is full of folders and shortcut icons....I also save alot of my word documents straight to desktop.....I don't have any images though....why? (I'm almost afraid to ask!!!)

Just look at the 024 lines in the HJT log. We can fix 'em if you don't want them.

pallison · « **Reply #17 on:** January 01, 2008, 05:11:28 AM »

Quote from: oldman on January 01, 2008, 05:02:37 AM

Quote from: pallison on January 01, 2008, 04:31:11 AM
My control panel is back and I can click on the items.....my desktop is full of folders and shortcut icons....I also save alot of my word documents straight to desktop.....I don't have any images though....why? (I'm almost afraid to ask!!!)

Just look at the 024 lines in the HJT log. We can fix 'em if you don't want them.

Yes, I would like to fix them....what do I need to do? And that pesky box still has not popped up....I'm starting to believe there is hope.....

oldman · « **Reply #18 on:** January 01, 2008, 05:31:46 AM »

Open hijackthis, run a system scan only and place a checkmark next to these lines

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)

checkmark all the 018 lines

O24 - Desktop Component 0: (no name) - http://www.seawindsna.com/seawind/seawind23.gif
O24 - Desktop Component 1: (no name) - http://www.uscg.mil/History/webcutters/Cutter_5HECs_Color.jpg

Close all browsers/windows, click fix. close hjt

Upload these files to www.virustotal.com and please post the results. Just copy and paste them one at a time and wait for the results.

C:\WINDOWS\system32\susp32.exe
C:\FXTS2Install.EXE
C:\WINDOWS\system32\users32.dat

Post back the virus total results for each file and a new HJT log in your next reply and let me know how things are.

As for the files in the chest, you can leave them for now, they are safe there and can't be run or accessed from out side.

Happy NewYear, I must sign off for a bit now.

pallison · « **Reply #19 on:** January 01, 2008, 11:45:11 PM »

I followed your directions with the following problems....

The C:\WINDOWS\system32\susp32.exe is in the Virus Chest....I could not locate it...I located some files with numbered names in the folder named chest and when I ran the one I deduced would be the susp32.exe file (I tried several) it came up clean....so I restored it. Then I loaded it up in virustotal and it told me it was an empty file....I went back and right clicked on it to look at properties and the Avast virus alert came up (by the way, the properties did show it was not empty)...I put it back in the chest.....according to Avast it has the Win32:Wixud-B [trj] Trojan Horse.
Here are the logs for the other 2 files I ran through virustotal and HJT log from a new scan.....I only cut and pasted the lines that showed a virus on the virustotal......

File FXTS2Install.EXE received on 01.01.2008 22:44:41 (CET)
Result: 1/32 (3.13%)

Prevx1   V2   2008.01.01   Heuristic: Suspicious Hijacker

Additional information
File size: 7417077 bytes
MD5: ae98a84356c9a7446337db060462b036
SHA1: 216aade16ba25161269335185656c1c0976bc49c
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3F725D7FF50B04F42C67716C838523003DC418FE

File users32.dat received on 01.01.2008 23:06:57 (CET)
Result: 6/32 (18.75%)

Avast     4.7.1098.0   2008.01.01   Win32:Agent-PDP
AVG     7.5.0.516   2008.01.01   Adware Generic2.ZKV
BitDefender   7.2   2008.01.01   Trojan.Agent.AGHH
CAT-QuickHeal   9.00   2007.12.31   AdWare.Agent.zb (Not a Virus)
Ikarus   T3.1.1.15   2008.01.01   not-a-virus:AdWare.Win32.Agent.zb
Kaspersky   7.0.0.125   2008.01.01   not-a-virus:AdWare.Win32.Agent.zb
Additional information
File size: 16384 bytes
MD5: 17db211a5b00c19c5c85b4ac7c3af8d2
SHA1: 254cdf4e8579407f98a4e1f271e0ef8421944e5e
PEiD: -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:55 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe

pallison · « **Reply #20 on:** January 01, 2008, 11:47:02 PM »

2nd part of HJT log:

C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Documents and Settings\Jon Faulkner\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

pallison · « **Reply #21 on:** January 01, 2008, 11:47:40 PM »

3rd part of HJT log:

O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.sonypictures.com/games/zuma/popcaploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 10562 bytes

oldman · « **Reply #22 on:** January 02, 2008, 12:03:29 AM »

Okay, it's back in the chest, but I will include it in the fix, just in case there is another instance.

Do you know anything about this program?

C:\Program Files\vmntoolbar

did you download and install it?

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled.

Copy and paste all the text in the quote box below into Notepad.

Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post.

Quote

File::
C:\WINDOWS\system32\susp32.exe
C:\FXTS2Install.EXE
C:\WINDOWS\system32\users32.dat

This will start ComboFix again.Close all browser/windows first. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply .

pallison · « **Reply #23 on:** January 02, 2008, 05:59:05 AM »

ComboFix 07-12-31.4 - Jon Faulkner 2008-01-01 21:59:19.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.121 [GMT -6:00]
Running from: C:\Documents and Settings\Jon Faulkner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jon Faulkner\Desktop\CFscript.txt
* Created a new restore point

FILE
C:\FXTS2Install.EXE
C:\WINDOWS\system32\susp32.exe
C:\WINDOWS\system32\users32.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FXTS2Install.EXE
C:\WINDOWS\system32\users32.dat

.
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.

2008-01-01 16:18 . 2008-01-01 16:18   <DIR>   d--h-----   C:\WINDOWS\PIF
2007-12-31 20:23 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-12-31 14:34 . 2007-12-31 14:34   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 14:33 . 2007-12-31 17:47   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2007-12-31 14:33 . 2007-12-31 14:33   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 14:33 . 2007-12-31 14:33   <DIR>   d--------   C:\Documents and Settings\Jon Faulkner\Application Data\SUPERAntiSpyware.com
2007-12-30 22:26 . 2007-12-30 22:26   <DIR>   d--------   C:\Program Files\Alwil Software
2007-12-30 22:26 . 2007-12-04 07:04   837,496   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-12-30 22:26 . 2004-01-09 03:13   380,928   --a------   C:\WINDOWS\system32\actskin4.ocx
2007-12-30 22:26 . 2007-12-04 06:54   95,608   --a------   C:\WINDOWS\system32\AvastSS.scr
2007-12-30 22:26 . 2007-12-04 08:55   94,544   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-30 22:26 . 2007-12-04 08:56   93,264   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-30 22:26 . 2007-12-04 08:51   42,912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-30 22:26 . 2007-12-04 08:49   26,624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-30 22:26 . 2007-12-04 08:53   23,152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-30 22:02 . 2007-12-30 22:02   <DIR>   d--------   C:\Program Files\Windows Defender
2007-12-30 21:06 . 2007-12-30 21:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-25 12:39 . 2007-12-30 21:28   <DIR>   d--------   C:\Program Files\Photo Viewer
2007-12-20 21:06 . 2007-12-20 21:08   <DIR>   d--------   C:\Program Files\Motorola Phone Tools
2007-12-13 15:03 . 2007-12-13 15:03   98   --a------   C:\WINDOWS\WirelessFTP.INI
2007-12-06 21:21 . 2007-12-06 21:21   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-12-06 21:20 . 2007-10-31 14:09   30,464   --a------   C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-06 20:56 . 2004-08-04 00:56   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll
2007-12-06 20:56 . 2001-08-17 22:36   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 03:52   42,040   ----a-w   C:\Documents and Settings\Jon Faulkner\Application Data\wklnhst.dat
2008-01-02 02:21   ---------   d-----w   C:\Program Files\TrueAssistant
2007-12-31 19:19   1,443,343   ----a-w   C:\WINDOWS\system32\ksvcl.dll
2007-12-31 19:17   26,290   ----a-w   C:\WINDOWS\system32\kcopt.dll
2007-12-31 19:11   12,288   ----a-w   C:\WINDOWS\system32\Dll.dll
2007-12-31 05:08   ---------   d-----w   C:\Program Files\vmntoolbar
2007-12-31 03:06   ---------   d-----w   C:\Program Files\Lavasoft
2007-12-28 21:07   ---------   d-----w   C:\Program Files\ltmoh
2007-12-28 21:05   94,208   ----a-w   C:\WINDOWS\system32\igfxtray.exe
2007-12-28 21:05   77,824   ----a-w   C:\WINDOWS\system32\hkcmd.exe
2007-12-28 21:05   114,688   ----a-w   C:\WINDOWS\system32\igfxpers.exe
2007-12-28 03:24   ---------   d-----w   C:\Documents and Settings\Jon Faulkner\Application Data\Image Zone Express
2007-12-26 18:25   ---------   d-----w   C:\Documents and Settings\Jon Faulkner\Application Data\Vso
2007-12-21 03:12   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-12-21 03:06   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-12-21 03:05   24,192   -c--a-w   C:\Documents and Settings\Jon Faulkner\usbsermptxp.sys
2007-12-21 03:05   22,768   -c--a-w   C:\Documents and Settings\Jon Faulkner\usbsermpt.sys
2007-12-21 03:05   22,768   ----a-w   C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-12-20 03:13   ---------   d-----w   C:\Program Files\DVDFab Platinum 3
2007-12-08 07:01   ---------   d-----w   C:\Program Files\iTunes
2007-12-07 03:30   ---------   d-----w   C:\Documents and Settings\Jon Faulkner\Application Data\Apple Computer
2007-12-07 03:24   ---------   d-----w   C:\Program Files\iPod
2007-12-07 03:23   ---------   d-----w   C:\Program Files\QuickTime
2007-11-28 04:22   ---------   d-----w   C:\Program Files\STOPzilla!
2007-11-28 04:22   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-28 03:30   1,024   ----a-w   C:\WINDOWS\system32\drivers\AF4DDDA4-BF0D-479B-A00D-F62E37030F0A.cxv
2007-11-28 03:27   2,048   ----a-w   C:\WINDOWS\system32\drivers\1E648BC4-712E-4D9C-ABBE-BA2DE1381703.cxv
2007-11-28 02:38   ---------   d-----w   C:\Documents and Settings\Jon Faulkner\Application Data\Lavasoft
2007-11-28 02:23   75,800   ----a-w   C:\WINDOWS\system32\kdhpm.exe
2007-11-26 11:12   ---------   d-----w   C:\Program Files\Logitech
2007-11-20 16:41   ---------   d-----w   C:\Program Files\CandleWorks
2007-11-13 10:25   20,480   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43   1,287,680   ----a-w   C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40   227,328   ----a-w   C:\WINDOWS\system32\wmasf.dll
2007-10-03 23:48   47,360   ----a-w   C:\Documents and Settings\Jon Faulkner\Application Data\pcouffin.sys
2006-08-14 21:48   19   -c--a-w   C:\Program Files\Answer.txt
2006-08-14 21:29   2,609   -c--a-w   C:\Program Files\index.htm
2006-07-03 13:22   26,624   -c--a-w   C:\Program Files\New President ask Resignations Supreme Justices..wps
.

((((((((((((((((((((((((((((( snapshot@2007-12-31_20.35.35.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 02:20:48   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2007-12-28 15:05 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-28 15:05 36864]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-28 15:05 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

pallison · « **Reply #24 on:** January 02, 2008, 05:59:43 AM »

2nd part ComboFix log:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2007-12-28 15:05 73728]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-08-10 12:23 356352]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-28 15:05 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-28 15:05 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-28 15:05 114688]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-12-28 15:05 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 17:17 88358 C:\WINDOWS\agrsmmsg.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-28 15:05 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-28 15:05 688218]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [2005-05-31 22:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2007-12-28 15:05 1077301]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-12-28 15:05 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-12-28 15:05 151552]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2007-12-28 15:05 122941]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-12-28 15:05 385024]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 03:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-12-28 15:05 49152]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 15:35 28672]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-11-07 15:41 8192]
"CFSServ.exe"="CFSServ.exe" []
"ReminderApp"="C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2007-12-28 15:05 156160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]

C:\Documents and Settings\Jon Faulkner\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2006-11-17 03:45:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-08-08 01:38:41]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-07-28 14:56:17]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2007-07-24 15:58:00]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 13:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-11 11:05]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-01-03 01:32]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-01-03 01:32]
S3 STVqx3;Intel Play QX3 Microscope;C:\WINDOWS\system32\drivers\STVqx3.sys [2001-04-12 13:04]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-05-30 19:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 02:23:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 22:03:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 22:05:13
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 04:05:04
C:\qoobox\ComboFix2.txt 2008-01-01 02:35:52
.
2007-12-23 07:06:39   --- E O F ---

pallison · « **Reply #25 on:** January 02, 2008, 06:01:37 AM »

vmntoolbar showed up one day....I don't know how it got on my system....I thought I had removed it but it seems to never go away.....I don't want it, never did......

oldman · « **Reply #26 on:** January 02, 2008, 06:31:14 AM »

Go to add/ remove programs and see if vmntoolbar is there, if it is please uninstall it. Afterward run the following fix.

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled.

Copy and paste all the text in the quote box below into Notepad.

Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post.

Quote

File::
C:\WINDOWS\system32\ksvcl.dll
C:\WINDOWS\system32\kcopt.dll
C:\WINDOWS\system32\Dll.dll

Folder::
C:\Program Files\vmntoolbar

This will start ComboFix again.Close all browser/windows first. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a newHJT log.

pallison · « **Reply #27 on:** January 02, 2008, 07:20:32 AM »

After running ComboFix, upon rebooting this message came up before the desktop loaded up:
"Windows cannot find 'C:\Document~1\LOCALS~1\Temp\uninstall.exe' Make sure you typed the name correctly, and then try again. To search for a file, click the Start Button, and then click Search"
I clicked OK and it continued to the desktop normally.

ComboFix Log:

ComboFix 07-12-31.4 - Jon Faulkner 2008-01-02 0:01:55.3 - NTFSx86
Running from: C:\Documents and Settings\Jon Faulkner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jon Faulkner\Desktop\CFscript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\Dll.dll
C:\WINDOWS\system32\kcopt.dll
C:\WINDOWS\system32\ksvcl.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\vmntoolbar
C:\Program Files\vmntoolbar\Cache\a.bmp
C:\Program Files\vmntoolbar\Cache\an.bmp
C:\Program Files\vmntoolbar\Cache\autofill.bmp
C:\Program Files\vmntoolbar\Cache\b.bmp
C:\Program Files\vmntoolbar\Cache\background.bmp
C:\Program Files\vmntoolbar\Cache\blank.bmp
C:\Program Files\vmntoolbar\Cache\bn.bmp
C:\Program Files\vmntoolbar\Cache\c.bmp
C:\Program Files\vmntoolbar\Cache\chat003.bmp
C:\Program Files\vmntoolbar\Cache\cn.bmp
C:\Program Files\vmntoolbar\Cache\COMBOSEARCH.acs
C:\Program Files\vmntoolbar\Cache\d.bmp
C:\Program Files\vmntoolbar\Cache\dictionary.bmp
C:\Program Files\vmntoolbar\Cache\dn.bmp
C:\Program Files\vmntoolbar\Cache\ency_search.bmp
C:\Program Files\vmntoolbar\Cache\f.bmp
C:\Program Files\vmntoolbar\Cache\finance.bmp
C:\Program Files\vmntoolbar\Cache\flag_argentine.bmp
C:\Program Files\vmntoolbar\Cache\flag_australia.bmp
C:\Program Files\vmntoolbar\Cache\flag_brazil.bmp
C:\Program Files\vmntoolbar\Cache\flag_canada.bmp
C:\Program Files\vmntoolbar\Cache\flag_china.bmp
C:\Program Files\vmntoolbar\Cache\flag_france.bmp
C:\Program Files\vmntoolbar\Cache\flag_germany.bmp
C:\Program Files\vmntoolbar\Cache\flag_greece.bmp
C:\Program Files\vmntoolbar\Cache\flag_hongkong.bmp
C:\Program Files\vmntoolbar\Cache\flag_india.bmp
C:\Program Files\vmntoolbar\Cache\flag_indonesia.bmp
C:\Program Files\vmntoolbar\Cache\flag_italy.bmp
C:\Program Files\vmntoolbar\Cache\flag_japan.bmp
C:\Program Files\vmntoolbar\Cache\flag_korea.bmp
C:\Program Files\vmntoolbar\Cache\flag_mexico.bmp
C:\Program Files\vmntoolbar\Cache\flag_netherlands.bmp
C:\Program Files\vmntoolbar\Cache\flag_spain.bmp
C:\Program Files\vmntoolbar\Cache\flag_sweeden.bmp
C:\Program Files\vmntoolbar\Cache\flag_taiwan.bmp
C:\Program Files\vmntoolbar\Cache\flag_uk.bmp
C:\Program Files\vmntoolbar\Cache\flag_usa.bmp
C:\Program Files\vmntoolbar\Cache\fn.bmp
C:\Program Files\vmntoolbar\Cache\g.bmp
C:\Program Files\vmntoolbar\Cache\gaming.bmp
C:\Program Files\vmntoolbar\Cache\gn.bmp
C:\Program Files\vmntoolbar\Cache\gograph.bmp
C:\Program Files\vmntoolbar\Cache\graphred0.bmp
C:\Program Files\vmntoolbar\Cache\graphred0_5.bmp
C:\Program Files\vmntoolbar\Cache\graphred1.bmp
C:\Program Files\vmntoolbar\Cache\graphred1_5.bmp
C:\Program Files\vmntoolbar\Cache\graphred2.bmp
C:\Program Files\vmntoolbar\Cache\graphred2_5.bmp
C:\Program Files\vmntoolbar\Cache\graphred3.bmp
C:\Program Files\vmntoolbar\Cache\graphred3_5.bmp
C:\Program Files\vmntoolbar\Cache\graphred4.bmp
C:\Program Files\vmntoolbar\Cache\graphred4_5.bmp
C:\Program Files\vmntoolbar\Cache\graphred5.bmp
C:\Program Files\vmntoolbar\Cache\h.bmp
C:\Program Files\vmntoolbar\Cache\h_aquarius.bmp
C:\Program Files\vmntoolbar\Cache\h_aries.bmp
C:\Program Files\vmntoolbar\Cache\h_cancer.bmp
C:\Program Files\vmntoolbar\Cache\h_capricorn.bmp
C:\Program Files\vmntoolbar\Cache\h_gemini.bmp
C:\Program Files\vmntoolbar\Cache\h_leo.bmp
C:\Program Files\vmntoolbar\Cache\h_libra.bmp
C:\Program Files\vmntoolbar\Cache\h_pisces.bmp
C:\Program Files\vmntoolbar\Cache\h_sagittarius.bmp
C:\Program Files\vmntoolbar\Cache\h_scorpio.bmp
C:\Program Files\vmntoolbar\Cache\h_taurus.bmp
C:\Program Files\vmntoolbar\Cache\h_virgo.bmp
C:\Program Files\vmntoolbar\Cache\hideremove.bmp
C:\Program Files\vmntoolbar\Cache\highlight.bmp
C:\Program Files\vmntoolbar\Cache\hn.bmp
C:\Program Files\vmntoolbar\Cache\hororank.xml
C:\Program Files\vmntoolbar\Cache\i.bmp
C:\Program Files\vmntoolbar\Cache\image.bmp
C:\Program Files\vmntoolbar\Cache\img_games0.cfg
C:\Program Files\vmntoolbar\Cache\in.bmp
C:\Program Files\vmntoolbar\Cache\ipsearch.bmp
C:\Program Files\vmntoolbar\Cache\j.bmp
C:\Program Files\vmntoolbar\Cache\jn.bmp
C:\Program Files\vmntoolbar\Cache\k.bmp
C:\Program Files\vmntoolbar\Cache\kn.bmp
C:\Program Files\vmntoolbar\Cache\l.bmp
C:\Program Files\vmntoolbar\Cache\lastalert.txt
C:\Program Files\vmntoolbar\Cache\ln.bmp
C:\Program Files\vmntoolbar\Cache\login.bmp
C:\Program Files\vmntoolbar\Cache\logo.bmp
C:\Program Files\vmntoolbar\Cache\music.bmp
C:\Program Files\vmntoolbar\Cache\n.bmp
C:\Program Files\vmntoolbar\Cache\New Yorkweather.txt
C:\Program Files\vmntoolbar\Cache\new02.bmp
C:\Program Files\vmntoolbar\Cache\new02b.bmp
C:\Program Files\vmntoolbar\Cache\newalert.txt
C:\Program Files\vmntoolbar\Cache\news.bmp
C:\Program Files\vmntoolbar\Cache\news.gif
C:\Program Files\vmntoolbar\Cache\newsitem.gif
C:\Program Files\vmntoolbar\Cache\newspaper.gif
C:\Program Files\vmntoolbar\Cache\nn.bmp
C:\Program Files\vmntoolbar\Cache\o.bmp
C:\Program Files\vmntoolbar\Cache\on.bmp
C:\Program Files\vmntoolbar\Cache\p.bmp
C:\Program Files\vmntoolbar\Cache\people.bmp
C:\Program Files\vmntoolbar\Cache\pestscanimg.bmp
C:\Program Files\vmntoolbar\Cache\pn.bmp
C:\Program Files\vmntoolbar\Cache\popup_off.bmp
C:\Program Files\vmntoolbar\Cache\popup_on.bmp
C:\Program Files\vmntoolbar\Cache\product.bmp
C:\Program Files\vmntoolbar\Cache\q.bmp
C:\Program Files\vmntoolbar\Cache\qn.bmp
C:\Program Files\vmntoolbar\Cache\r.bmp
C:\Program Files\vmntoolbar\Cache\relatedlinks.bmp
C:\Program Files\vmntoolbar\Cache\report.bmp
C:\Program Files\vmntoolbar\Cache\rn.bmp
C:\Program Files\vmntoolbar\Cache\rss.bmp
C:\Program Files\vmntoolbar\Cache\rss1.bmp
C:\Program Files\vmntoolbar\Cache\rssnewsmenu.html
C:\Program Files\vmntoolbar\Cache\rssnewsmenu.zip
C:\Program Files\vmntoolbar\Cache\s.bmp
C:\Program Files\vmntoolbar\Cache\scrolldown.gif
C:\Program Files\vmntoolbar\Cache\scrolldownstep.gif
C:\Program Files\vmntoolbar\Cache\scrollup.gif
C:\Program Files\vmntoolbar\Cache\scrollupstep.gif
C:\Program Files\vmntoolbar\Cache\search_dictionnary.bmp
C:\Program Files\vmntoolbar\Cache\search_domain.bmp
C:\Program Files\vmntoolbar\Cache\search_ency.bmp
C:\Program Files\vmntoolbar\Cache\search_graphic.bmp
C:\Program Files\vmntoolbar\Cache\search_images.bmp
C:\Program Files\vmntoolbar\Cache\search_music.bmp
C:\Program Files\vmntoolbar\Cache\search_news.bmp
C:\Program Files\vmntoolbar\Cache\search_people.bmp
C:\Program Files\vmntoolbar\Cache\search_products.bmp
C:\Program Files\vmntoolbar\Cache\search_software.bmp
C:\Program Files\vmntoolbar\Cache\search_stocks.bmp
C:\Program Files\vmntoolbar\Cache\search_video.bmp
C:\Program Files\vmntoolbar\Cache\Sinfo.txt
C:\Program Files\vmntoolbar\Cache\Sinfo1.txt
C:\Program Files\vmntoolbar\Cache\Sinfo10.txt
C:\Program Files\vmntoolbar\Cache\Sinfo11.txt
C:\Program Files\vmntoolbar\Cache\Sinfo12.txt
C:\Program Files\vmntoolbar\Cache\Sinfo13.txt
C:\Program Files\vmntoolbar\Cache\Sinfo14.txt
C:\Program Files\vmntoolbar\Cache\Sinfo15.txt
C:\Program Files\vmntoolbar\Cache\Sinfo16.txt
C:\Program Files\vmntoolbar\Cache\Sinfo17.txt
C:\Program Files\vmntoolbar\Cache\Sinfo18.txt
C:\Program Files\vmntoolbar\Cache\Sinfo19.txt
C:\Program Files\vmntoolbar\Cache\Sinfo2.txt
C:\Program Files\vmntoolbar\Cache\Sinfo20.txt
C:\Program Files\vmntoolbar\Cache\Sinfo3.txt
C:\Program Files\vmntoolbar\Cache\Sinfo4.txt

pallison · « **Reply #28 on:** January 02, 2008, 07:21:46 AM »

ComboFix post part 2:

C:\Program Files\vmntoolbar\Cache\Sinfo5.txt
C:\Program Files\vmntoolbar\Cache\Sinfo6.txt
C:\Program Files\vmntoolbar\Cache\Sinfo7.txt
C:\Program Files\vmntoolbar\Cache\Sinfo8.txt
C:\Program Files\vmntoolbar\Cache\Sinfo9.txt
C:\Program Files\vmntoolbar\Cache\siteinfo.bmp
C:\Program Files\vmntoolbar\Cache\skin.bmp
C:\Program Files\vmntoolbar\Cache\slider.bmp
C:\Program Files\vmntoolbar\Cache\sn.bmp
C:\Program Files\vmntoolbar\Cache\sof_search.bmp
C:\Program Files\vmntoolbar\Cache\stars-red1.bmp
C:\Program Files\vmntoolbar\Cache\stars-red2.bmp
C:\Program Files\vmntoolbar\Cache\stars-red3.bmp
C:\Program Files\vmntoolbar\Cache\stars-red4.bmp
C:\Program Files\vmntoolbar\Cache\stars-red5.bmp
C:\Program Files\vmntoolbar\Cache\storage.bmp
C:\Program Files\vmntoolbar\Cache\t.bmp
C:\Program Files\vmntoolbar\Cache\thes_search.bmp
C:\Program Files\vmntoolbar\Cache\tn.bmp
C:\Program Files\vmntoolbar\Cache\tools.bmp
C:\Program Files\vmntoolbar\Cache\translate.bmp
C:\Program Files\vmntoolbar\Cache\u.bmp
C:\Program Files\vmntoolbar\Cache\un.bmp
C:\Program Files\vmntoolbar\Cache\upgrade.bmp
C:\Program Files\vmntoolbar\Cache\userbadsites.txt
C:\Program Files\vmntoolbar\Cache\v.bmp
C:\Program Files\vmntoolbar\Cache\vmntoolbartb0403.cfg
C:\Program Files\vmntoolbar\Cache\vn.bmp
C:\Program Files\vmntoolbar\Cache\w.bmp
C:\Program Files\vmntoolbar\Cache\weather.txt
C:\Program Files\vmntoolbar\Cache\web.bmp
C:\Program Files\vmntoolbar\Cache\whois.bmp
C:\Program Files\vmntoolbar\Cache\wn.bmp
C:\Program Files\vmntoolbar\Cache\x.bmp
C:\Program Files\vmntoolbar\Cache\xp_close_small.gif
C:\Program Files\vmntoolbar\Cache\yahoo.bmp
C:\Program Files\vmntoolbar\Cache\z.bmp
C:\Program Files\vmntoolbar\Cache\zn.bmp
C:\Program Files\vmntoolbar\Cache\zoom.bmp
C:\Program Files\vmntoolbar\install.ico
C:\Program Files\vmntoolbar\toolbar.ini
C:\Program Files\vmntoolbar\uninstall.exe
C:\WINDOWS\system32\Dll.dll
C:\WINDOWS\system32\kcopt.dll
C:\WINDOWS\system32\ksvcl.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.

2008-01-01 16:18 . 2008-01-01 16:18   <DIR>   d--h-----   C:\WINDOWS\PIF
2007-12-31 20:23 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-12-31 14:34 . 2007-12-31 14:34   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 14:33 . 2007-12-31 17:47   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2007-12-31 14:33 . 2007-12-31 14:33   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 14:33 . 2007-12-31 14:33   <DIR>   d--------   C:\Documents and Settings\Jon Faulkner\Application Data\SUPERAntiSpyware.com
2007-12-30 22:26 . 2007-12-30 22:26   <DIR>   d--------   C:\Program Files\Alwil Software
2007-12-30 22:26 . 2007-12-04 07:04   837,496   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-12-30 22:26 . 2004-01-09 03:13   380,928   --a------   C:\WINDOWS\system32\actskin4.ocx
2007-12-30 22:26 . 2007-12-04 06:54   95,608   --a------   C:\WINDOWS\system32\AvastSS.scr
2007-12-30 22:26 . 2007-12-04 08:55   94,544   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-30 22:26 . 2007-12-04 08:56   93,264   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-30 22:26 . 2007-12-04 08:51   42,912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-30 22:26 . 2007-12-04 08:49   26,624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-30 22:26 . 2007-12-04 08:53   23,152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-30 22:02 . 2007-12-30 22:02   <DIR>   d--------   C:\Program Files\Windows Defender
2007-12-30 21:06 . 2007-12-30 21:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-25 12:39 . 2007-12-30 21:28   <DIR>   d--------   C:\Program Files\Photo Viewer
2007-12-20 21:06 . 2007-12-20 21:08   <DIR>   d--------   C:\Program Files\Motorola Phone Tools
2007-12-13 15:03 . 2007-12-13 15:03   98   --a------   C:\WINDOWS\WirelessFTP.INI
2007-12-06 21:21 . 2007-12-06 21:21   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-12-06 21:20 . 2007-10-31 14:09   30,464   --a------   C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-06 20:56 . 2004-08-04 00:56   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll
2007-12-06 20:56 . 2001-08-17 22:36   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 04:56   ---------   d-----w   C:\Program Files\TrueAssistant
2008-01-02 03:52   42,040   ----a-w   C:\Documents and Settings\Jon Faulkner\Application Data\wklnhst.dat
2007-12-31 03:06   ---------   d-----w   C:\Program Files\Lavasoft
2007-12-28 21:07   ---------   d-----w   C:\Program Files\ltmoh
2007-12-28 21:05   94,208   ----a-w   C:\WINDOWS\system32\igfxtray.exe
2007-12-28 21:05   77,824   ----a-w   C:\WINDOWS\system32\hkcmd.exe
2007-12-28 21:05   114,688   ----a-w   C:\WINDOWS\system32\igfxpers.exe
2007-12-28 03:24   ---------   d-----w   C:\Documents and Settings\Jon Faulkner\Application Data\Image Zone Express
2007-12-26 18:25   ---------   d-----w   C:\Documents and Settings\Jon Faulkner\Application Data\Vso
2007-12-21 03:12   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-12-21 03:06   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-12-21 03:05   24,192   -c--a-w   C:\Documents and Settings\Jon Faulkner\usbsermptxp.sys
2007-12-21 03:05   22,768   -c--a-w   C:\Documents and Settings\Jon Faulkner\usbsermpt.sys
2007-12-21 03:05   22,768   ----a-w   C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-12-20 03:13   ---------   d-----w   C:\Program Files\DVDFab Platinum 3
2007-12-08 07:01   ---------   d-----w   C:\Program Files\iTunes
2007-12-07 03:30   ---------   d-----w   C:\Documents and Settings\Jon Faulkner\Application Data\Apple Computer
2007-12-07 03:24   ---------   d-----w   C:\Program Files\iPod
2007-12-07 03:23   ---------   d-----w   C:\Program Files\QuickTime
2007-11-28 04:22   ---------   d-----w   C:\Program Files\STOPzilla!
2007-11-28 04:22   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-28 03:30   1,024   ----a-w   C:\WINDOWS\system32\drivers\AF4DDDA4-BF0D-479B-A00D-F62E37030F0A.cxv
2007-11-28 03:27   2,048   ----a-w   C:\WINDOWS\system32\drivers\1E648BC4-712E-4D9C-ABBE-BA2DE1381703.cxv
2007-11-28 02:38   ---------   d-----w   C:\Documents and Settings\Jon Faulkner\Application Data\Lavasoft
2007-11-28 02:23   75,800   ----a-w   C:\WINDOWS\system32\kdhpm.exe
2007-11-26 11:12   ---------   d-----w   C:\Program Files\Logitech
2007-11-20 16:41   ---------   d-----w   C:\Program Files\CandleWorks
2007-11-13 10:25   20,480   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43   1,287,680   ----a-w   C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40   227,328   ----a-w   C:\WINDOWS\system32\wmasf.dll
2007-10-03 23:48   47,360   ----a-w   C:\Documents and Settings\Jon Faulkner\Application Data\pcouffin.sys
2006-08-14 21:48   19   -c--a-w   C:\Program Files\Answer.txt
2006-08-14 21:29   2,609   -c--a-w   C:\Program Files\index.htm
2006-07-03 13:22   26,624   -c--a-w   C:\Program Files\New President ask Resignations Supreme Justices..wps
.

pallison · « **Reply #29 on:** January 02, 2008, 07:22:21 AM »

ComboFix log part 3:

((((((((((((((((((((((((((((( snapshot@2007-12-31_20.35.35.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 04:55:23   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_2d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2007-12-28 15:05 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-28 15:05 36864]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-28 15:05 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2007-12-28 15:05 73728]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-08-10 12:23 356352]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-28 15:05 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-28 15:05 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-28 15:05 114688]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-12-28 15:05 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 17:17 88358 C:\WINDOWS\agrsmmsg.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-28 15:05 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-28 15:05 688218]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [2005-05-31 22:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2007-12-28 15:05 1077301]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-12-28 15:05 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-12-28 15:05 151552]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2007-12-28 15:05 122941]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-12-28 15:05 385024]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 03:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-12-28 15:05 49152]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 15:35 28672]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-11-07 15:41 8192]
"CFSServ.exe"="CFSServ.exe" []
"ReminderApp"="C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2007-12-28 15:05 156160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"vmntoolbar"="C:\DOCUME~1\JONFAU~1\LOCALS~1\Temp\uninstall.exe" [2006-04-26 07:12 70936]

C:\Documents and Settings\Jon Faulkner\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2006-11-17 03:45:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-08-08 01:38:41]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-07-28 14:56:17]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2007-07-24 15:58:00]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 13:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-11 11:05]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-01-03 01:32]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-01-03 01:32]
S3 STVqx3;Intel Play QX3 Microscope;C:\WINDOWS\system32\drivers\STVqx3.sys [2001-04-12 13:04]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-05-30 19:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 04:58:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 00:06:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-02 0:07:52
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 06:07:37
C:\qoobox\ComboFix2.txt 2008-01-02 04:05:13
C:\qoobox\ComboFix3.txt 2008-01-01 02:35:52
.
2007-12-23 07:06:39   --- E O F ---

Author Topic: Multiple problems with virus and avast program (Read 21599 times)

pallison

Re: Multiple problems with virus and avast program

oldman

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

oldman

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

oldman

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

oldman

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program