Tech Support Forum - View Single Post

lathspell · 04-18-2006, 05:49 PM

Fixwareout ver 1.003
Last edited 2/15/2006
Post this report in the forums please

Reg Entries that were deleted
...

Random Runs removed from HKLM
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool
-------------------------------------------
Incident Status Location

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@as-eu.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@ehg-ati.hitbox[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@google.com[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@hitbox[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@hotlog[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@mediaplex[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@rn11[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@sel.as-eu.falkag[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@tribalfusion[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.ciudad.com.ar/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.sextracker.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[counter8.sextracker.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.google.com.ar/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Com.com Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{68D7530F-833A-4A41-9B3F-43598FC73E4F}\{1BD5EBF2-B5C7-4941-9B7D-7C188486DFB5}.txt[{1BD5EBF2-B5C7-4941-9B7D-7C188486DFB5}.txt]
Spyware:Cookie/Belnk Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{68D7530F-833A-4A41-9B3F-43598FC73E4F}\{3CE5C3C5-8F4C-4786-AFFC-A94D4735B543}.txt[{3CE5C3C5-8F4C-4786-AFFC-A94D4735B543}.txt]
Spyware:Cookie/Belnk Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{68D7530F-833A-4A41-9B3F-43598FC73E4F}\{5E8732A2-F8A5-48B9-9FB4-82ABA3C2C1D2}.txt[{5E8732A2-F8A5-48B9-9FB4-82ABA3C2C1D2}.txt]
Spyware:Cookie/Casalemedia Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{68D7530F-833A-4A41-9B3F-43598FC73E4F}\{BDE681FB-10EC-4B7F-BBCF-C5C853F765A9}.txt[{BDE681FB-10EC-4B7F-BBCF-C5C853F765A9}.txt]
Spyware:Cookie/Atlas DMT Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{00AA3CF5-D63E-4CC8-963E-744D35B0ADFB}.txt[{00AA3CF5-D63E-4CC8-963E-744D35B0ADFB}.txt]
Spyware:Cookie/Com.com Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{3C7A7928-FC56-4171-B62D-33E2D3759C3F}.txt[{3C7A7928-FC56-4171-B62D-33E2D3759C3F}.txt]
Spyware:Cookie/Tribalfusion Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{973376AC-C31A-4E10-B921-0ADB4D0F3B2C}.txt[{973376AC-C31A-4E10-B921-0ADB4D0F3B2C}.txt]
Spyware:Cookie/2o7 Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{9F469026-2897-40FA-8286-4128B2A04D9D}.txt[{9F469026-2897-40FA-8286-4128B2A04D9D}.txt]
Spyware:Cookie/YieldManager Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{C87EA694-81D6-4ADB-9FC9-8AA08376D04D}.txt[{C87EA694-81D6-4ADB-9FC9-8AA08376D04D}.txt]
Spyware:Cookie/Doubleclick Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{E56CA38E-820C-4D32-A26A-6556BDAB564B}.txt[{E56CA38E-820C-4D32-A26A-6556BDAB564B}.txt]
Adware:Adware/Block-checker Not disinfected C:\Archivos de programa\Microsoft AntiSpyware\Quarantine\416FF1C7-1DC5-46C3-ABF2-5713F8\3575535A-69C6-48C8-AF75-F26DF8
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@as-eu.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@ehg-ati.hitbox[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@google.com[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@hitbox[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@hotlog[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@mediaplex[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@rn11[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@sel.as-eu.falkag[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@tribalfusion[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[] ---------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 08:46:02 p.m., on 18/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Juan Cruz\Escritorio\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ioloDelayModule] C:\Archivos de programa\iolo\System Mechanic Professional 6\delay.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Archivos de programa\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1138768097896
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DE833CC3-52E7-4C9A-BDC4-8EC24B422A2B} (Superscape VisLite) - http://www.arsvirtual.com/visitas/vi...te/vislite.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Administración de IIS (IISADMIN) - Macrovision Corporation - (no file)
O23 - Service: kavsvc - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MorningSound VirtualCamera Play Service (VirtualCameraService) - MorningSound Co., Ltd. - (no file)

04-18-2006, 05:49 PM	#5 (permalink)
lathspell Registered User Join Date: Apr 2006 Posts: 5 OS: Xp	Here it is what you asked. Thanks Fixwareout ver 1.003 Last edited 2/15/2006 Post this report in the forums please Reg Entries that were deleted ... Random Runs removed from HKLM REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ... PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Search by size and names... »»»»» Misc files »»»»» Checking for older varients covered by the Rem3 tool ------------------------------------------- Incident Status Location Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@as-eu.falkag[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@atdmt[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@doubleclick[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@ehg-ati.hitbox[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@google.com[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@hitbox[1].txt Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@hotlog[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@mediaplex[1].txt Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@rn11[2].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@sel.as-eu.falkag[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@tribalfusion[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.ciudad.com.ar/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[counter8.sextracker.com/] Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[landing.domainsponsor.com/] Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.sexlist.com/] Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.paycounter.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.google.com.ar/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.toplist.cz/] Spyware:Cookie/Com.com Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{68D7530F-833A-4A41-9B3F-43598FC73E4F}\{1BD5EBF2-B5C7-4941-9B7D-7C188486DFB5}.txt[{1BD5EBF2-B5C7-4941-9B7D-7C188486DFB5}.txt] Spyware:Cookie/Belnk Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{68D7530F-833A-4A41-9B3F-43598FC73E4F}\{3CE5C3C5-8F4C-4786-AFFC-A94D4735B543}.txt[{3CE5C3C5-8F4C-4786-AFFC-A94D4735B543}.txt] Spyware:Cookie/Belnk Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{68D7530F-833A-4A41-9B3F-43598FC73E4F}\{5E8732A2-F8A5-48B9-9FB4-82ABA3C2C1D2}.txt[{5E8732A2-F8A5-48B9-9FB4-82ABA3C2C1D2}.txt] Spyware:Cookie/Casalemedia Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{68D7530F-833A-4A41-9B3F-43598FC73E4F}\{BDE681FB-10EC-4B7F-BBCF-C5C853F765A9}.txt[{BDE681FB-10EC-4B7F-BBCF-C5C853F765A9}.txt] Spyware:Cookie/Atlas DMT Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{00AA3CF5-D63E-4CC8-963E-744D35B0ADFB}.txt[{00AA3CF5-D63E-4CC8-963E-744D35B0ADFB}.txt] Spyware:Cookie/Com.com Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{3C7A7928-FC56-4171-B62D-33E2D3759C3F}.txt[{3C7A7928-FC56-4171-B62D-33E2D3759C3F}.txt] Spyware:Cookie/Tribalfusion Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{973376AC-C31A-4E10-B921-0ADB4D0F3B2C}.txt[{973376AC-C31A-4E10-B921-0ADB4D0F3B2C}.txt] Spyware:Cookie/2o7 Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{9F469026-2897-40FA-8286-4128B2A04D9D}.txt[{9F469026-2897-40FA-8286-4128B2A04D9D}.txt] Spyware:Cookie/YieldManager Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{C87EA694-81D6-4ADB-9FC9-8AA08376D04D}.txt[{C87EA694-81D6-4ADB-9FC9-8AA08376D04D}.txt] Spyware:Cookie/Doubleclick Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{E56CA38E-820C-4D32-A26A-6556BDAB564B}.txt[{E56CA38E-820C-4D32-A26A-6556BDAB564B}.txt] Adware:Adware/Block-checker Not disinfected C:\Archivos de programa\Microsoft AntiSpyware\Quarantine\416FF1C7-1DC5-46C3-ABF2-5713F8\3575535A-69C6-48C8-AF75-F26DF8 Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@as-eu.falkag[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@atdmt[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@doubleclick[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@ehg-ati.hitbox[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@google.com[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@hitbox[1].txt Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@hotlog[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@mediaplex[1].txt Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@rn11[2].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@sel.as-eu.falkag[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@tribalfusion[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[] --------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 08:46:02 p.m., on 18/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\SM1BG.EXE C:\WINDOWS\system32\RunDll32.exe C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe C:\Archivos de programa\DAEMON Tools\daemon.exe C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Messenger\msmsgs.exe C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe C:\Archivos de programa\Internet Explorer\iexplore.exe C:\Documents and Settings\Juan Cruz\Escritorio\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KAVPersonal50] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [ATICCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ioloDelayModule] C:\Archivos de programa\iolo\System Mechanic Professional 6\delay.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Archivos de programa\Citrus Alarm Clock\citrusac.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1138768097896 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {DE833CC3-52E7-4C9A-BDC4-8EC24B422A2B} (Superscape VisLite) - http://www.arsvirtual.com/visitas/vi...te/vislite.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Administración de IIS (IISADMIN) - Macrovision Corporation - (no file) O23 - Service: kavsvc - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: MorningSound VirtualCamera Play Service (VirtualCameraService) - MorningSound Co., Ltd. - (no file)