View Full Version : ULTIMATE DEFENDER, just can't get rid of it
Logfile of HijackThis v1.99.1
Scan saved at 20:10:49, on 07/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
D:\3dsmax5\AfterFLICS.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AntiVirus\ewido\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\FTRTSVC.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
D:\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
d:\VideoToaster2\drivers\winrtme.exe
C:\WINNT\soundman.exe
C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINNT\system32\RUNDLL32.EXE
D:\iTunesHelper.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\AntiVirus\ewido\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SiteAdvisor\4144\SiteAdv.exe
C:\Program Files\AntiVirus\Hijack\logbooch.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {74C50BFD-D4C0-F0E6-798C-022575722D85} - C:\WINNT\system32\qmhswfd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] tzzvhma.exe
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [yilskmf.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\yilskmf.dll,fdgcshf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AntiVirus\ewido\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Update Machine] tzzvhma.exe
O4 - HKCU\..\Run: [RealPlayer] "D:\Program Files\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0128d30675f9af5aac06/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4886/mcfscan.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O23 - Service: AfterFLICS - Unknown owner - D:\3dsmax5\AfterFLICS.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AntiVirus\ewido\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Naming Service (BackupExecNamingService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benser.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DefWatch - Unknown owner - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe (file missing)
O23 - Service: Digimation Protection Server (DigiPSrv) - Digimation, Inc. - D:\3dsmax5\Digipsrv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ExecView Communication Module (ECM) (ECM Service) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\ECM\ECM.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINNT\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Hi I'v been through the before you post, and swept for viruses.
Tryed spybot and it found a few (mainly old ones that I'd been into in safe mode and mangeled, thats my normal responce :) so no unwanted popups or any problems.
+ Ultimate Defender. pressed the remove button done.
reboot and it pops up again.
so I'v tryed AVG it found some cookies it diden't like.
reboot its there again.
SAFE MODE AVG nothing
SAFE MODE Spybot nothing
reboot and its sitting here blinking do you want to install.......
IT's winding me up as I firstly as I have 800 gigs of storage and it takes 3/4 hours to do a compleat scan...
I just want this dam thing gone...
I know your bussy and up untill now I managed all of them on my own, but this one has realy got me stumped.
I look forward to your responce.
LonnyRJones
2006-11-14, 00:57
Start Hijackthis and place a check next to these items If there.
O4 - HKLM\..\Run: [yilskmf.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\yilskmf.dll,fdgcshf
O2 - BHO: (no name) - {74C50BFD-D4C0-F0E6-798C-022575722D85} - C:\WINNT\system32\qmhswfd.dll
O4 - HKLM\..\RunServices: [Microsoft Update Machine] tzzvhma.exe
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It appears you have both Symantec/Norton and mcafee antivirus ?More than one antivirus can couse both to be inefective, uninstall all but one antivirus program !!
Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
Administrator - Tue 2006-11-14 23:35:24.23 Service Pack 4
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Administrator\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINNT\system32\components
((((((((((((((((((((((((((((((( Files Created from 2006-10-14 to 2006-11-14 ))))))))))))))))))))))))))))))))))
2006-11-08 23:56 58,000 --a------ C:\WINNT\system32\drivers\cdr4_2K.sys
2006-11-08 23:56 49,152 --a------ C:\WINNT\system32\cdrtc.dll
2006-11-08 23:56 45,056 --a------ C:\WINNT\system32\cdral.dll
2006-11-08 23:56 23,420 --a------ C:\WINNT\system32\drivers\cdralw2k.sys
2006-11-08 23:55 98,304 --a------ C:\WINNT\system32\wmpshell.dll
2006-11-08 23:55 225,280 --a------ C:\WINNT\system32\wmpdxm.dll
2006-11-08 23:55 20,480 --a------ C:\WINNT\system32\wmpui.dll
2006-11-08 23:55 20,480 --a------ C:\WINNT\system32\wmpcore.dll
2006-11-08 23:55 20,480 --a------ C:\WINNT\system32\wmpcd.dll
2006-11-08 23:55 2,940,928 --a------ C:\WINNT\system32\wmploc.dll
2006-11-08 23:39 368,710 --a------ C:\WINNT\system32\msisam11.dll
2006-11-08 23:39 241,725 --a------ C:\WINNT\system32\msuni11.dll
2006-11-08 23:39 163,840 --a------ C:\WINNT\system32\mindex.dll
2006-11-08 12:41 53,248 --a------ C:\WINNT\system32\Process.exe
2006-11-08 12:41 40,960 --a------ C:\WINNT\system32\swsc.exe
2006-11-08 12:41 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2006-11-08 12:41 135,168 --a------ C:\WINNT\system32\swreg.exe
2006-11-07 21:15 3,302 --a------ C:\WINNT\system32\tmp.reg
2006-11-07 13:21 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2006-11-03 12:44 <DIR> d-------- C:\WINNT\McAfee.com
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-14 23:15 -------- d-a------ C:\Program Files\Wanadoo
2006-11-14 20:49 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2006-11-10 20:19 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-10 19:42 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-08 23:56 -------- d-a------ C:\Program Files\Windows Media Player
2006-11-08 23:56 -------- d-a------ C:\Program Files\Common Files
2006-11-08 23:56 -------- d-------- C:\Program Files\Common Files\Adaptec Shared
2006-11-08 23:43 -------- d-------- C:\Program Files\Adaptec
2006-11-07 15:55 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2006-11-07 15:25 -------- d-------- C:\Program Files\AntiVirus
2006-11-05 13:56 -------- d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2006-11-04 10:31 -------- d-------- C:\Program Files\McAfee
2006-11-03 13:19 -------- d-------- C:\Program Files\SiteAdvisor
2006-11-03 13:19 -------- d-------- C:\Program Files\McAfee.com
2006-11-03 13:19 -------- d-------- C:\Program Files\Common Files\McAfee
2006-11-02 21:29 48824 --a------ C:\WINNT\system32\S32EVNT1.DLL
2006-11-02 21:29 109744 --a------ C:\WINNT\system32\drivers\SYMEVENT.SYS
2006-11-02 21:29 -------- d-------- C:\Program Files\Symantec
2006-11-02 20:19 131072 --a------ C:\WINNT\system32\datestamp.dll
2006-10-09 19:24 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-09 19:22 93696 --a------ C:\WINNT\system32\yilskmf.dll
2006-10-03 00:58 -------- d-------- C:\Program Files\FBM Software
2006-10-02 16:58 28672 --a------ C:\WINNT\system32\drivers\CO_Mon.sys
2006-10-01 16:34 43520 --a------ C:\WINNT\system32\CmdLineExt03.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"=""
"RealPlayer"="\"D:\\Program Files\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"SoundMan"="soundman.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"Microsoft Update Machine"="tzzvhma.exe"
"VxTaskbarMgr"="C:\\Program Files\\VERITAS\\VxUpdate\\VxTaskbarMgr.exe"
"wlancfg"="C:\\Program Files\\Inventel\\Gateway\\wlancfg.exe"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SSC_UserPrompt"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINNT\\system32\\NvMcTray.dll,NvTaskbarInit"
"iTunesHelper"="\"D:\\iTunesHelper.exe\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\AntiVirus\\ewido\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Update Machine"="tzzvhma.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\McQcTask.job
C:\WINNT\tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
C:\WINNT\tasks\Spybot - Search & Destroy - Scheduled Task.job
Completion time: Tue 2006-11-14 23:36:38.95
C:\ComboFix.txt ... 06-11-14 23:36
:bigthumb: Big thanks Lonny...
Its gone... as for having two Anti virus software... I was going to get Spybot.
But it dosen't come with a firewall?
Whats your choice of firewalls.. mainly because I do want spybot and get rid of norton... anyway
Thanks again you have a nice day :D:
LonnyRJones
2006-11-15, 02:17
SpyBot is an antispyware program, It is ok to have serveral. such as
Ad-aware, Ewido, BUT do not have more than one antivirus or firewall program's installed.
Submit this file here please
C:\WINNT\system32\yilskmf.dll
http://www.virustotal.com/flash/index_en.html
What was found ?
Do a file search for this file tzzvhma.exe
Is it present if so where ?
Thats the report from Virustotal
AntiVir 7.2.0.39 11.15.2006 TR/Vundo.Gen
Authentium 4.93.8 11.14.2006 Possibly a new variant of W32/Bongler-based
Avast 4.7.892.0 11.14.2006 no virus found
AVG 386 11.14.2006 no virus found
BitDefender 7.2 11.15.2006 no virus found
CAT-QuickHeal 8.00 11.14.2006 no virus found
ClamAV devel-20060426 11.14.2006 no virus found
DrWeb 4.33 11.15.2006 no virus found
eTrust-InoculateIT 23.73.56 11.15.2006 no virus found
eTrust-Vet 30.3.3194 11.15.2006 no virus found
Ewido 4.0 11.14.2006 no virus found
Fortinet 2.82.0.0 11.15.2006 suspicious
F-Prot 3.16f 11.14.2006 Possibly a new variant of W32/Bongler-based
F-Prot4 4.2.1.29 11.14.2006 W32/Bongler-based
Ikarus 0.2.65.0 11.14.2006 no virus found
Kaspersky 4.0.2.24 11.15.2006 no virus found
McAfee 4895 11.14.2006 no virus found
Microsoft 1.1609 11.15.2006 no virus found
NOD32v2 1866 11.14.2006 a variant of Win32/TrojanDownloader.Busky.AZ
Norman 5.80.02 11.15.2006 no virus found
Panda 9.0.0.4 11.14.2006 no virus found
Prevx1 V2 11.15.2006 no virus found
Sophos 4.11.0 11.13.2006 Troj/Busky-Gen
TheHacker 6.0.1.119 11.15.2006 no virus found
UNA 1.83 11.14.2006 no virus found
VBA32 3.11.1 11.14.2006 no virus found
VirusBuster 4.3.15:9 11.14.2006 no virus found
Aditional Information
File size: 93696 bytes
MD5: fe3306c5f42effe7593be9dd14d536f6
SHA1: b60d2a7e1b9d4e0bbf4ccebe40dd87afc3bfeef7
packers: embedded
:eek:
And I did look for that tzzvhma.exe and found nothing.
(I do rember seeing it! and deleting it? about 2 weeks ago when I first found this problem, but Im sorry I can't rember where)
er what now (I realy don't like having to bother you). :red:
Thanks again Ben
LonnyRJones
2006-11-15, 18:29
Ok delete that file
C:\WINNT\system32\yilskmf.dll <
Hows that PC running ?
Did you uninstall all but one of your antivirus program's ?
Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
Ok delete that file
C:\WINNT\system32\yilskmf.dll <
Done (soon as I clicked on it norton woke up and deleted it)
I'v uninstalled all other virus programs..
changed the hosts file.. scary moment on reboot 2/3 times as the CPU usage would rocket to 100% and say there... but its calmed down now..
Hows? the PC runnning Like a dream :)
takes a little while to boot up but it always did (haven't reinstalled windows since 1999) so there is lots of junk on it..
apart from that one of the fans makes a little rattling noize now and again ;)
Thanks again Mr Lonny :crowned:
LonnyRJones
2006-11-25, 23:47
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).