Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Control Panel And My Computer Open Tooslow - Winuc386.exe Sacc.exe


  • This topic is locked This topic is locked
6 replies to this topic

#1 shark35

shark35

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 18 November 2005 - 06:27 PM

Hi , My pc opens too slow control panel and My Computer,
i hope you can help me analizing my HJT
Thanks



Logfile of HijackThis v1.99.1
Scan saved at 04:56:33 p.m., on 18/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\ccmsetup\ccmsetup.exe
C:\ptc\flexlm\i486_nt\obj\lmgrd.exe
c:\ptc\flexlm\i486_nt\obj\ptc_d.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\DSentry.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe
C:\ARCHIV~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe
C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Archivos de programa\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\WEBSHOTS.SCR
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Archivos de programa\RealVNC\WinVNC\WinVNC.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\EAEFCA.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.9.19.49:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: GlobalSpec Engineering Toolbar - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\WINDOWS\DOWNLO~1\gspec.dll
O2 - BHO: sxpdr32.MyBHO - {5D0F16E6-47DF-11DA-8802-00024493948B} - C:\WINDOWS\System32\sxpdr32.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Archivos de programa\HbTools\Bin\4.7.1.0\HbtHostIE.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.4000.1001\es-mx\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: T1msn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.4000.1001\es-mx\msntb.dll
O3 - Toolbar: GlobalSpec Engineering Toolbar - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\WINDOWS\DOWNLO~1\gspec.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Archivos de programa\HbTools\Bin\4.7.1.0\HbtHostIE.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Archivos de programa\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [EM_EXEC] C:\ARCHIV~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Archivos de programa\Archivos comunes\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [MimBoot] C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Archivos de programa\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [-2147483646] C:\WINDOWS\System32\winuc386.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Archivos de programa\SurfAccuracy\SAcc.exe
O4 - HKLM\..\RunOnce: [VcCleanUp.exe] C:\DOCUME~1\xxxxx\CONFIG~1\Temp\VcCleanUp.exe /F C:\ARCHIV~1\ARCHIV~1\SYMANT~1\LiveReg\ /RemoveAll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Webshots.lnk = C:\Archivos de programa\Webshots\Launcher.exe
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Archivos de programa\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {05D1C9BD-4DF1-11D6-9479-00E029751AB9} (cmbForanea.UserControl1) - http://intraofi/comun/cabs/cmbforanea.CAB
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} (ProductView Express) - file://C:\Archivos de programa\proeWildfire_1\\i486_nt\obj\pvx_install.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} (GlobalSpec Engineering Toolbar) - http://www.globalspec.com/engineering-toolbar/gspec.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtool...ams/hbtools.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EB52CF7B-3917-11CE-80FB-0000C0C14E92} (SSDateCombo Control) - http://intraofi/comun/cabs/sscala32.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: ccmsetup - Unknown owner - C:\WINDOWS\system32\ccmsetup\ccmsetup.exe" /runservice /config:MobileClient.tcf (file missing)
O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\ptc\flexlm\i486_nt\obj\lmgrd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Archivos de programa\Groove Networks\Groove\Bin\GrooveInstallerService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Archivos de programa\RealVNC\WinVNC\WinVNC.exe" -service (file missing)

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:00 PM

Posted 22 November 2005 - 07:00 PM

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 shark35

shark35
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 23 November 2005 - 05:12 PM

Thanks for your time.
In fact, my HJT is the same, because i'm using another computer. I will not use the computer until it be free of problems.
Sorry for my English (It is not me official language)

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:00 PM

Posted 23 November 2005 - 05:53 PM

Hello,

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Please set your system to show all files; please see here if you're unsure how to do this.

* Download and install CCleaner
Do not use it yet.

Please download ewido security suite; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: sxpdr32.MyBHO - {5D0F16E6-47DF-11DA-8802-00024493948B} - C:\WINDOWS\System32\sxpdr32.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Archivos de programa\HbTools\Bin\4.7.1.0\HbtHostIE.dll (file missing)
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Archivos de programa\HbTools\Bin\4.7.1.0\HbtHostIE.dll (file missing)
O4 - HKLM\..\Run: [-2147483646] C:\WINDOWS\System32\winuc386.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Archivos de programa\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} (ProductView Express) - file://C:\Archivos de programa\proeWildfire_1\\i486_nt\obj\pvx_install.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} (GlobalSpec Engineering Toolbar) - http://www.globalspec.com/engineering-toolbar/gspec.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtool...ams/hbtools.cab


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\System32\winuc386.exe
C:\Archivos de programa\SurfAccuracy <= folder

* Still in safe mode Start Ccleaner
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)

* Open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

Post back a fresh HijackThis log and the log from ewido so I can take another look.

Can you also tell me what next is?

C:\Archivos de programa\Groove Networks\Groove\Bin\GrooveInstallerService.exe
C:\WINDOWS\system32\ccmsetup\ccmsetup.exe ( http://www.dx21.com/BACKOFFICE/DEPLOYMENT/SMS/CMDLINE.asp )
Are you aware this is installed?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 shark35

shark35
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 25 November 2005 - 08:44 PM

Sorry by the delay.
I did what yoy said me. The ewido find about 70 spywares.
i send HJT log and EWido report.

I feel control panel and MY pc opens faster .

I wait for your comments and really apreciate your help.



------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 07:24:47 p.m., on 25/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\ccmsetup\ccmsetup.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\ptc\flexlm\i486_nt\obj\lmgrd.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
c:\ptc\flexlm\i486_nt\obj\ptc_d.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\ARCHIV~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Archivos de programa\RealVNC\WinVNC\WinVNC.exe
C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Archivos de programa\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\WEBSHOTS.SCR
C:\WINDOWS\TEMP\TCA5E5.EXE
C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.14.43:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.4000.1001\es-mx\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: T1msn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.4000.1001\es-mx\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Archivos de programa\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [EM_EXEC] C:\ARCHIV~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Archivos de programa\Archivos comunes\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [MimBoot] C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Archivos de programa\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Webshots.lnk = C:\Archivos de programa\Webshots\Launcher.exe
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Archivos de programa\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {05D1C9BD-4DF1-11D6-9479-00E029751AB9} (cmbForanea.UserControl1) - http://intraofi/comun/cabs/cmbforanea.CAB
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} (ProductView Express) - file://C:\Archivos de programa\proeWildfire_1\\i486_nt\obj\pvx_install.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EB52CF7B-3917-11CE-80FB-0000C0C14E92} (SSDateCombo Control) - http://intraofi/comun/cabs/sscala32.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: ccmsetup - Unknown owner - C:\WINDOWS\system32\ccmsetup\ccmsetup.exe" /runservice /config:MobileClient.tcf (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\ptc\flexlm\i486_nt\obj\lmgrd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Archivos de programa\Groove Networks\Groove\Bin\GrooveInstallerService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Archivos de programa\RealVNC\WinVNC\WinVNC.exe" -service (file missing)



-----------------------------------------------------------------------------------------------------------------

---------------------------------------------------------
ewido security suite - Report de exploración
---------------------------------------------------------

+ Creado en: 07:19:46 p.m., 25/11/2005
+ Report-Checksum: AEC98CC8

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94} -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices\CLSID -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices\CurVer -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices.1 -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx\CLSID -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx\CurVer -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx.1 -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtHostIE.Bho -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtHostIE.Bho\CLSID -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtHostIE.Bho\CLSID\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtHostIE.Bho\CurVer -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1 -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1\CLSID\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbTools.HbtCommBand -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbTools.HbtCommBand\CLSID -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbTools.HbtCommBand\CLSID\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbTools.HbtCommBand\CurVer -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbTools.HbtCommBand.1 -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbTools.HbtCommBand.1\CLSID\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar\CLSID -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar\CurVer -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1 -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtTools.HbMain -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtTools.HbMain\CLSID -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtTools.HbMain\CurVer -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\HbtTools.HbMain.1 -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8} -> Spyware.YourSiteBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}\TypeLib\\ -> Spyware.YourSiteBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{421745E9-16DF-4EE4-A758-D51F939C49CB}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{5F2B9DE7-F878-4762-8CFE-E9C58F082F0E}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{8654592E-952A-4E7C-A960-304763B35FA6}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{D24F9D3C-5D4C-47F8-9AB7-632B44AD6A0D}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542} -> Spyware.YourSiteBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}\TypeLib\\ -> Spyware.YourSiteBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{F43EC88B-B6C8-4969-A763-E2BF55602CCE}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib\\ -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\TypeLib\{45397063-D7D0-47C2-9508-26487608A298} -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Classes\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} -> Spyware.YourSiteBar : Limpio con backup
HKLM\SOFTWARE\Classes\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36} -> Spyware.HotBar : Limpio con backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Limpio con backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Limpio con backup
HKU\S-1-5-21-3231662999-3331515579-4115071406-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Limpio con backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Error durante limpieza
C:\Archivos de programa\ISTsvc -> Spyware.ISTBar : Limpio con backup
C:\Archivos de programa\Power Scan -> Spyware.PowerScan : Limpio con backup
C:\Documents and Settings\JCARRILLO\Cookies\jcarrillo@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Limpio con backup
C:\Documents and Settings\JCARRILLO\Cookies\jcarrillo@atdmt[2].txt -> Spyware.Cookie.Atdmt : Limpio con backup
C:\Documents and Settings\JCARRILLO\Cookies\jcarrillo@com[2].txt -> Spyware.Cookie.Com : Limpio con backup
C:\Documents and Settings\SYANEZ\Cookies\syanez@atdmt[1].txt -> Spyware.Cookie.Atdmt : Limpio con backup
C:\WINDOWS\Downloaded Program Files\loader.exe -> TrojanDownloader.Agent.yc : Limpio con backup
C:\WINDOWS\SYSTEM32\intxt.exe -> Adware.CashDeluxe : Limpio con backup
C:\WINDOWS\SYSTEM32\temploader.exe -> TrojanDownloader.Agent.yc : Limpio con backup
C:\WINDOWS\SYSTEM32\um.tmp -> TrojanDownloader.CashDeluxe.a : Limpio con backup


::Fin Report

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:00 PM

Posted 26 November 2005 - 01:27 AM

Hello,

Your forgot to answer my questions:

Can you also tell me what next is?

C:\Archivos de programa\Groove Networks\Groove\Bin\GrooveInstallerService.exe
C:\WINDOWS\system32\ccmsetup\ccmsetup.exe ( http://www.dx21.com/BACKOFFICE/DEPLOYMENT/SMS/CMDLINE.asp )
Are you aware this is installed?


Also, I want to know what it is, so can you go to next site:
http://virusscan.jotti.org/

On top you'll find: File to upload and scan.
Now browse to the next file:

C:\WINDOWS\TEMP\TCA5E5.EXE

Click submit and let it scan.
Post the results in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:00 PM

Posted 05 December 2005 - 06:40 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users