Problem with websites

[lathspell]

I have problems viewing some sites like yahoo, ebay, ATI homepage. I tried everything to solve this problem, I have followed a similar problem in a solved thread but is seems i cant solve mine. I hope yo can find a solution. Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 01:52:54 p.m., on 17/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Juan Cruz\Escritorio\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ioloDelayModule] C:\Archivos de programa\iolo\System Mechanic Professional 6\delay.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Archivos de programa\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1138768097896
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DE833CC3-52E7-4C9A-BDC4-8EC24B422A2B} (Superscape VisLite) - http://www.arsvirtual.com/visitas/vi...te/vislite.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E1B1DFE-B663-4198-9D99-45ACC1855F12}: NameServer = 85.255.116.164,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA75BC33-2B04-4529-A48C-FA909A1B9673}: NameServer = 85.255.116.164,85.255.112.226
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E1B1DFE-B663-4198-9D99-45ACC1855F12}: NameServer = 85.255.116.164,85.255.112.226
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Administración de IIS (IISADMIN) - Macrovision Corporation - (no file)
O23 - Service: kavsvc - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MorningSound VirtualCamera Play Service (VirtualCameraService) - MorningSound Co., Ltd. - (no file)

[Ried]

Hello lathspell and welcome,

You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please make sure you have an ACTIVE internet connection as the tool will need to download additional files and a program.

Please download FixWareout from one of these sites:
http://forums.subratam.org/index.php...=post&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is NORMAL. [/i]FixWareOut will produce a logfile, report.txt located within the C:\fixwareout folder

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E1B1DFE-B663-4198-9D99-45ACC1855F12}: NameServer = 85.255.116.164,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA75BC33-2B04-4529-A48C-FA909A1B9673}: NameServer = 85.255.116.164,85.255.112.226
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E1B1DFE-B663-4198-9D99-45ACC1855F12}: NameServer = 85.255.116.164,85.255.112.226

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

-----------------------------------------

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

**A box may appear asking you for a Password, click 'Cancel'
Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
• Click on see report. Then click Save report

In your next reply, I will need the following:

fixwareout report.txt
Panda results
New HijackThis log

[lathspell]

Thanks a lot. The problem was solved. You are a genius.

[Ried]

Hi,

I'm glad you're excited, but that may not be the end of the infection. It would be well worth your time to run that online scan and post the results here along with a new HijackThis log for my review.

[lathspell]

Fixwareout ver 1.003
Last edited 2/15/2006
Post this report in the forums please

Reg Entries that were deleted
...

Random Runs removed from HKLM
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool
-------------------------------------------
Incident Status Location

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@as-eu.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@ehg-ati.hitbox[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@google.com[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@hitbox[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@hotlog[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@mediaplex[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@rn11[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@sel.as-eu.falkag[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@tribalfusion[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.ciudad.com.ar/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.sextracker.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[counter8.sextracker.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.google.com.ar/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Com.com Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{68D7530F-833A-4A41-9B3F-43598FC73E4F}\{1BD5EBF2-B5C7-4941-9B7D-7C188486DFB5}.txt[{1BD5EBF2-B5C7-4941-9B7D-7C188486DFB5}.txt]
Spyware:Cookie/Belnk Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{68D7530F-833A-4A41-9B3F-43598FC73E4F}\{3CE5C3C5-8F4C-4786-AFFC-A94D4735B543}.txt[{3CE5C3C5-8F4C-4786-AFFC-A94D4735B543}.txt]
Spyware:Cookie/Belnk Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{68D7530F-833A-4A41-9B3F-43598FC73E4F}\{5E8732A2-F8A5-48B9-9FB4-82ABA3C2C1D2}.txt[{5E8732A2-F8A5-48B9-9FB4-82ABA3C2C1D2}.txt]
Spyware:Cookie/Casalemedia Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{68D7530F-833A-4A41-9B3F-43598FC73E4F}\{BDE681FB-10EC-4B7F-BBCF-C5C853F765A9}.txt[{BDE681FB-10EC-4B7F-BBCF-C5C853F765A9}.txt]
Spyware:Cookie/Atlas DMT Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{00AA3CF5-D63E-4CC8-963E-744D35B0ADFB}.txt[{00AA3CF5-D63E-4CC8-963E-744D35B0ADFB}.txt]
Spyware:Cookie/Com.com Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{3C7A7928-FC56-4171-B62D-33E2D3759C3F}.txt[{3C7A7928-FC56-4171-B62D-33E2D3759C3F}.txt]
Spyware:Cookie/Tribalfusion Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{973376AC-C31A-4E10-B921-0ADB4D0F3B2C}.txt[{973376AC-C31A-4E10-B921-0ADB4D0F3B2C}.txt]
Spyware:Cookie/2o7 Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{9F469026-2897-40FA-8286-4128B2A04D9D}.txt[{9F469026-2897-40FA-8286-4128B2A04D9D}.txt]
Spyware:Cookie/YieldManager Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{C87EA694-81D6-4ADB-9FC9-8AA08376D04D}.txt[{C87EA694-81D6-4ADB-9FC9-8AA08376D04D}.txt]
Spyware:Cookie/Doubleclick Not disinfected C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\{7AB483BA-56C5-4431-8723-FDC7754F3403}\{E56CA38E-820C-4D32-A26A-6556BDAB564B}.txt[{E56CA38E-820C-4D32-A26A-6556BDAB564B}.txt]
Adware:Adware/Block-checker Not disinfected C:\Archivos de programa\Microsoft AntiSpyware\Quarantine\416FF1C7-1DC5-46C3-ABF2-5713F8\3575535A-69C6-48C8-AF75-F26DF8
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@as-eu.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@ehg-ati.hitbox[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@google.com[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@hitbox[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@hotlog[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@mediaplex[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@rn11[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@sel.as-eu.falkag[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Juan Cruz\Cookies\juan cruz@tribalfusion[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Juan Cruz\Datos de programa\Mozilla\Firefox\Profiles\p0u2rhz7.default\cookies.txt[] ---------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 08:46:02 p.m., on 18/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Juan Cruz\Escritorio\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ioloDelayModule] C:\Archivos de programa\iolo\System Mechanic Professional 6\delay.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Archivos de programa\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1138768097896
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DE833CC3-52E7-4C9A-BDC4-8EC24B422A2B} (Superscape VisLite) - http://www.arsvirtual.com/visitas/vi...te/vislite.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Administración de IIS (IISADMIN) - Macrovision Corporation - (no file)
O23 - Service: kavsvc - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MorningSound VirtualCamera Play Service (VirtualCameraService) - MorningSound Co., Ltd. - (no file)

[Ried]

Hi lathspell,

From Normal Mode:

Run a scan in HijackThis. 'Check' each of the following if they still exist

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Click 'Fix Checked' and close HijackThis.

---------------------------

Clear Mozilla Firefox cookies:
Open the Mozilla Browser, (you do not need to be online to do this) Click Tools>Options>Privacy>Cookies>Clear

Clear Internet Explorer Cookies:
Launch Internet Explorer>Tools>Internet Options>Delete Cookies

---------------------------

You can clear your backups in System Mechanic Professional. Navigate to the following folder and empty the contents.

C:\Archivos de programa\iolo\System Mechanic Professional 6\Undo\Manual\

*******************************************

That should do it for you. If there aren't any more problems, please continue with these final instructions and helpful links.

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Keep my computer up to date"
*Under Settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".


In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

More information and free downloads are available at the following links:

Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items .

Download Spyware Guard to catch and block spyware before it can execute.

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. This is a self-extracting .ZIP file, and save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list, by typing 2
Then return to the main menu.
Select option #4 - Add the old porn sites domain, by typing 4


Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

[lathspell]

I really apreciate your help. Thanks Again