0

Hi!

After installing a program that gave me some troubles, I have some problems with my system:

1)when I go to some sites appears a "syntax Error" on my IE 6.While other websites works as usual..but with Firefox No problem at all...all website works ok funny thing
1.1) When going to a website that ask for log and pass, appears a security window warning that that info could be viewed by other people..and asking to not show that windows again. that before never appear.

2)When i select a link in IE and choose open link in a new window...the window appears but a blank one.. no traces of the address site on the new windows..I mean address blank, so don´t open the link.

3)If I choose Start-->Find the search window appears and I see the dog walking.. but no box to input data,to seach by title, date,name..etc.. only the blue left margin and the dog at the bottom..

4) When using help lot of script errors and does not work properly.Bad links.. and so on..

I made a Norton Scan and nothing found, but then made a Web Scan and Found Java Byteverify Esploit and Java Shinwow.AB. Both Removed, but everything it´s as before.

Here are my logs:

1)HJT


Logfile of HijackThis v1.99.1
Scan saved at 2:20:35, on 22/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Archivos de programa\Softick\PPP\PPPGate.exe
C:\Archivos de programa\Softick\CardExport\CardGate.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\TVTool 6.5\TVTool.exe
C:\Archivos de programa\ScanSoft\OmniPagePro11.0\opware32.exe
C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\Archivos de programa\Conceptronic\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\ARCHIV~1\YAHOO!\MESSEN~1\ypager.exe
C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE
C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
C:\Archivos de programa\Wanadoo\USB ADSL Modem\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\InterVideo\MSIPVS\WinScheduler.exe
C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Archivos de programa\Conceptronic\Software Bluetooth\BTTray.exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\TechniSat DVB\bin\Server4PC.exe
C:\Archivos de programa\Project1\Soltek_HM.exe
C:\Archivos de programa\Palm\HOTSYNC.EXE
C:\Archivos de programa\Palm\HandStory.exe
C:\WINDOWS\webshots.scr
C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe
C:\ARCHIV~1\CONCEP~1\SOFTWA~1\BTSTAC~1.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Documents and Settings\Andres\Escritorio\clean\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System Configurator] 2\RUNDLL.EXE
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [amouse] C:\Archivos de programa\Auto Mouse\automouse.exe
O4 - HKLM\..\Run: [SoftickPPP] "C:\Archivos de programa\Softick\PPP\PPPGate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CardGate] "C:\Archivos de programa\Softick\CardExport\CardGate.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TVTool] "C:\Archivos de programa\TVTool 6.5\TVTool.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Archivos de programa\ScanSoft\OmniPagePro11.0\opware32.exe
O4 - HKLM\..\Run: [WinDriv32] C:\WINDOWS\System32\WinDriv32.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Archivos de programa\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\ARCHIV~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [FreeMem Pro] "C:\ARCHIV~1\FREEME~1\Fmempro.exe" autostart
O4 - HKCU\..\Run: [WinDriv32] C:\WINDOWS\System32\WinDriv32.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Soltek HM.LNK = C:\Archivos de programa\Project1\Soltek_HM.exe
O4 - Startup: HotSync Manager.lnk = C:\Archivos de programa\Palm\HOTSYNC.EXE
O4 - Startup: HandStory.lnk = C:\Archivos de programa\Palm\HandStory.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Archivos de programa\InstantCD+DVD\SharedFiles\Pixie\RegTool.exe
O4 - Startup: Webshots.lnk = C:\Archivos de programa\Webshots\Launcher.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Archivos de programa\InterVideo\MSIPVS\WinScheduler.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Server4PC.lnk = C:\Archivos de programa\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Save To Palm - C:\Archivos de programa\Palm\HandStoryME.htm
O8 - Extra context menu item: Backward Links - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: C&lip To Palm - C:\Archivos de programa\Palm\HandStoryMEC.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\Conceptronic\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate into English - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Crear un favorito móvil - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Archivos de programa\Palm\HandStoryTE.htm
O9 - Extra 'Tools' menuitem: &Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Archivos de programa\Palm\HandStoryTE.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Conceptronic\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Conceptronic\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\flashget.exe
O9 - Extra button: SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Archivos de programa\Conceptronic\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
O23 - Service: LogoMedia TranslateDotNet Server - LogoMedia Corporation - C:\Archivos de programa\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe" -service (file missing)


2) Find It


Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.


Find.bat is running from: C:\Documents and Settings\Andres\Escritorio\clean\Find It NT-2K-XP\Find It NT-2K-XP


------- System Files in System32 Directory -------


El volumen de la unidad C es SISTEMA
El n£mero de serie del volumen es: 0E2E-16F8


Directorio de C:\WINDOWS\System32


29/07/2003  16:06    <DIR>          Microsoft
29/07/2003  15:40    <DIR>          dllcache
0 archivos              0 bytes
2 dirs   3.859.742.720 bytes libres


------- Hidden Files in System32 Directory -------


El volumen de la unidad C es SISTEMA
El n£mero de serie del volumen es: 0E2E-16F8


Directorio de C:\WINDOWS\System32


22/07/2005  02:11               526 vsconfig.xml
29/07/2003  15:51               488 logonui.exe.manifest
29/07/2003  15:51               488 WindowsLogon.manifest
29/07/2003  15:51               749 ncpa.cpl.manifest
29/07/2003  15:51               749 nwc.cpl.manifest
29/07/2003  15:51               749 sapi.cpl.manifest
29/07/2003  15:51               749 wuaucpl.cpl.manifest
29/07/2003  15:51               749 cdplayer.exe.manifest
29/07/2003  15:40    <DIR>          dllcache
05/03/2003  23:01             4.212 zllictbl.dat
9 archivos          9.459 bytes
1 dirs   3.859.709.952 bytes libres


------------ Files Named "Guard" ---------------


El volumen de la unidad C es SISTEMA
El n£mero de serie del volumen es: 0E2E-16F8


Directorio de C:\WINDOWS\System32



------ Temp Files in System32 Directory ------


El volumen de la unidad C es SISTEMA
El n£mero de serie del volumen es: 0E2E-16F8


Directorio de C:\WINDOWS\System32


10/09/2002  13:00             2.909 CONFIG.TMP
1 archivos          2.909 bytes
0 dirs   3.859.644.416 bytes libres


------------------ User Agent ----------------


REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""



------------- Keys Under Notify -------------


REGEDIT4


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001



------------- Locate.com Results -------------


C:\WINDOWS\SYSTEM32\
vsconfig.xml   Fri 22 Jul 2005   2:11:42   A..H.            526     0,51 K


1 item found:  1 file, 0 directories.
Total of file sizes:  526 bytes      0,51 K


-------- Strings.exe Qoologic Results --------



--------- Strings.exe Aspack Results ---------


C:\WINDOWS\system32\pav.sig: .aspack
C:\WINDOWS\system32\pav.sig: :.aspackze
C:\WINDOWS\system32\pav.sig: .aspack.text
C:\WINDOWS\system32\pav.sig: H.aspack.text
C:\WINDOWS\system32\pav.sig: .aspack.text
C:\WINDOWS\system32\pav.sig: 4.aspack
C:\WINDOWS\system32\pav.sig: F<SW.aspack
C:\WINDOWS\system32\pav.sig: [.aspack
C:\WINDOWS\system32\pav.sig: .aspack0
C:\WINDOWS\system32\pav.sig: .aspack
C:\WINDOWS\system32\pav.sig: .aspack
C:\WINDOWS\system32\pav.sig: [email]H@.aspack.text[/email]
C:\WINDOWS\system32\pav.sig: AsPack
C:\WINDOWS\system32\ntdll.dll: .aspack
C:\WINDOWS\system32\MRT.exe: (ASPack)
C:\WINDOWS\system32\MRT.exe: ASPack 1.61
C:\WINDOWS\system32\MRT.exe: ASPack 1.084
C:\WINDOWS\system32\MRT.exe: ASPack 1.083
C:\WINDOWS\system32\MRT.exe: ASPack 1.08.02b
C:\WINDOWS\system32\MRT.exe: ASPack 1.07b
C:\WINDOWS\system32\MRT.exe: ASPack 1.05b
C:\WINDOWS\system32\MRT.exe: ASPack 1.02
C:\WINDOWS\system32\MRT.exe: ASPACK
C:\WINDOWS\system32\pav.sig: .aspack
C:\WINDOWS\system32\pav.sig: :.aspackze
C:\WINDOWS\system32\pav.sig: .aspack.text
C:\WINDOWS\system32\pav.sig: H.aspack.text
C:\WINDOWS\system32\pav.sig: .aspack.text
C:\WINDOWS\system32\pav.sig: 4.aspack
C:\WINDOWS\system32\pav.sig: F<SW.aspack
C:\WINDOWS\system32\pav.sig: [.aspack
C:\WINDOWS\system32\pav.sig: .aspack0
C:\WINDOWS\system32\pav.sig: .aspack
C:\WINDOWS\system32\pav.sig: .aspack
C:\WINDOWS\system32\pav.sig: [email]H@.aspack.text[/email]
C:\WINDOWS\system32\pav.sig: AsPack
C:\WINDOWS\system32\ntdll.dll: .aspack
C:\WINDOWS\system32\MRT.exe: (ASPack)
C:\WINDOWS\system32\MRT.exe: ASPack 1.61
C:\WINDOWS\system32\MRT.exe: ASPack 1.084
C:\WINDOWS\system32\MRT.exe: ASPack 1.083
C:\WINDOWS\system32\MRT.exe: ASPack 1.08.02b
C:\WINDOWS\system32\MRT.exe: ASPack 1.07b
C:\WINDOWS\system32\MRT.exe: ASPack 1.05b
C:\WINDOWS\system32\MRT.exe: ASPack 1.02
C:\WINDOWS\system32\MRT.exe: ASPACK


-------------- HKLM Run Key ----------------


REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"TkBellExe"="\"C:\\Archivos de programa\\Archivos comunes\\Real\\Update_OB\\realsched.exe\" -osboot"
"System Configurator"="2\\RUNDLL.EXE"
"atwtusb"="atwtusb.exe beta"
"VOBRegCheck"="C:\\WINDOWS\\System32\\VOBREGCheck.exe -CheckReg"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"amouse"="C:\\Archivos de programa\\Auto Mouse\\automouse.exe"
"SoftickPPP"="\"C:\\Archivos de programa\\Softick\\PPP\\PPPGate.exe\""
"QuickTime Task"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime"
"CardGate"="\"C:\\Archivos de programa\\Softick\\CardExport\\CardGate.exe\""
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"TVTool"="\"C:\\Archivos de programa\\TVTool 6.5\\TVTool.exe\""
"Omnipage"="C:\\Archivos de programa\\ScanSoft\\OmniPagePro11.0\\opware32.exe"
"WinDriv32"="C:\\WINDOWS\\System32\\WinDriv32.exe"
"Zone Labs Client"="C:\\ARCHIV~1\\ZONELA~1\\ZONEAL~1\\zlclient.exe"
"ccApp"="\"C:\\Archivos de programa\\Archivos comunes\\Symantec Shared\\ccApp.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"SunJavaUpdateSched"="C:\\Archivos de programa\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"FineReader7NewsReaderPro"="C:\\Archivos de programa\\ABBYY FineReader 7.0 Professional Edition\\AbbyyNewsReader.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Symantec NetDriver Monitor"="C:\\ARCHIV~1\\SYMNET~1\\SNDMon.exe /Consumer"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


3)findqoologic


3.1-LOG
C:\Documents and Settings\Andres\Escritorio\clean\findqoologic


PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\pav.sig: .aspack
C:\WINDOWS\system32\pav.sig: :.aspackze
C:\WINDOWS\system32\pav.sig: .aspack.text
C:\WINDOWS\system32\pav.sig: H.aspack.text
C:\WINDOWS\system32\pav.sig: .aspack.text
C:\WINDOWS\system32\pav.sig: 4.aspack
C:\WINDOWS\system32\pav.sig: F<SW.aspack
C:\WINDOWS\system32\pav.sig: [.aspack
C:\WINDOWS\system32\pav.sig: .aspack0
C:\WINDOWS\system32\pav.sig: .aspack
C:\WINDOWS\system32\pav.sig: .aspack
C:\WINDOWS\system32\pav.sig: [email]H@.aspack.text[/email]
C:\WINDOWS\system32\pav.sig: AsPack
C:\WINDOWS\system32\ntdll.dll: .aspack
C:\WINDOWS\system32\MRT.exe: (ASPack)
C:\WINDOWS\system32\MRT.exe: ASPack 1.61
C:\WINDOWS\system32\MRT.exe: ASPack 1.084
C:\WINDOWS\system32\MRT.exe: ASPack 1.083
C:\WINDOWS\system32\MRT.exe: ASPack 1.08.02b
C:\WINDOWS\system32\MRT.exe: ASPack 1.07b
C:\WINDOWS\system32\MRT.exe: ASPack 1.05b
C:\WINDOWS\system32\MRT.exe: ASPack 1.02
C:\WINDOWS\system32\MRT.exe: ASPACK


Files Found in all users startup Folder............
------------------------
C:\WINDOWS\system32\pav.sig: .aspack
C:\WINDOWS\system32\pav.sig: :.aspackze
C:\WINDOWS\system32\pav.sig: .aspack.text
C:\WINDOWS\system32\pav.sig: H.aspack.text
C:\WINDOWS\system32\pav.sig: .aspack.text
C:\WINDOWS\system32\pav.sig: 4.aspack
C:\WINDOWS\system32\pav.sig: F<SW.aspack
C:\WINDOWS\system32\pav.sig: [.aspack
C:\WINDOWS\system32\pav.sig: .aspack0
C:\WINDOWS\system32\pav.sig: .aspack
C:\WINDOWS\system32\pav.sig: .aspack
C:\WINDOWS\system32\pav.sig: [email]H@.aspack.text[/email]
C:\WINDOWS\system32\pav.sig: AsPack
C:\WINDOWS\system32\ntdll.dll: .aspack
C:\WINDOWS\system32\MRT.exe: (ASPack)
C:\WINDOWS\system32\MRT.exe: ASPack 1.61
C:\WINDOWS\system32\MRT.exe: ASPack 1.084
C:\WINDOWS\system32\MRT.exe: ASPack 1.083
C:\WINDOWS\system32\MRT.exe: ASPack 1.08.02b
C:\WINDOWS\system32\MRT.exe: ASPack 1.07b
C:\WINDOWS\system32\MRT.exe: ASPack 1.05b
C:\WINDOWS\system32\MRT.exe: ASPack 1.02
C:\WINDOWS\system32\MRT.exe: ASPACK



3.2-START


C:\WINDOWS\system32\pqdvdf.exe: UPX!
C:\WINDOWS\system32\nlame.dll: UPX!
C:\WINDOWS\system32\cygz.dll: UPX!
C:\WINDOWS\system32\pav.sig: UPX!
C:\WINDOWS\system32\avisynth.dll: UPX!
C:\WINDOWS\system32\devil.dll: UPX!
C:\WINDOWS\system32\TFTP3904: UPX!
C:\WINDOWS\system32\patlib.dll: UPX!
C:\WINDOWS\system32\dlportio.dll: UPX!



3.3-WIN


C:\WINDOWS\system32\pqdvdf.exe: UPX!
C:\WINDOWS\system32\nlame.dll: UPX!
C:\WINDOWS\system32\cygz.dll: UPX!
C:\WINDOWS\system32\pav.sig: UPX!
C:\WINDOWS\system32\avisynth.dll: UPX!
C:\WINDOWS\system32\devil.dll: UPX!
C:\WINDOWS\system32\TFTP3904: UPX!
C:\WINDOWS\system32\patlib.dll: UPX!
C:\WINDOWS\system32\dlportio.dll: UPX!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213


4) RKFILES


C:\Documents and Settings\Andres\Escritorio\clean\rkfiles


PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\pqdvdf.exe: UPX!
C:\WINDOWS\system32\nlame.dll: UPX!
C:\WINDOWS\system32\cygz.dll: UPX!
C:\WINDOWS\system32\pav.sig: UPX!
C:\WINDOWS\system32\avisynth.dll: UPX!
C:\WINDOWS\system32\devil.dll: UPX!
C:\WINDOWS\system32\TFTP3904: UPX!
C:\WINDOWS\system32\patlib.dll: UPX!
C:\WINDOWS\system32\dlportio.dll: UPX!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213


Files Found in all users startup Folder............
------------------------
C:\WINDOWS\system32\pqdvdf.exe: UPX!
C:\WINDOWS\system32\nlame.dll: UPX!
C:\WINDOWS\system32\cygz.dll: UPX!
C:\WINDOWS\system32\pav.sig: UPX!
C:\WINDOWS\system32\avisynth.dll: UPX!
C:\WINDOWS\system32\devil.dll: UPX!
C:\WINDOWS\system32\TFTP3904: UPX!
C:\WINDOWS\system32\patlib.dll: UPX!
C:\WINDOWS\system32\dlportio.dll: UPX!
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\avisynth.dll: UPX!
C:\WINDOWS\devil.dll: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
C:\WINDOWS\cygz.dll: UPX!
C:\WINDOWS\epsuninst.exe: UPX!
C:\WINDOWS\outlook.pst: UPX!
Finished
bye



5)L2MFIX


L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""


**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Hoja de propiedades de archivos multimedia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Administraci¢n de esc ner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P gina de seguridad NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P gina de propiedades del archivo de documentos OLE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del adaptador de pantalla"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del monitor de pantalla"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n de paneo de pantalla del Panel de control"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P gina de seguridad DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P gina de compatibilidad"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extensi¢n de copia de discos"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensiones del shell para objetos de la red de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Administraci¢n de monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Administraci¢n de impresora ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensiones del shell para compresi¢n de archivos"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extensi¢n del shell de impresora en Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Men£ de contexto de cifrado"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Malet¡n"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extensi¢n de icono de HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fuentes"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil de ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P gina de seguridad de impresoras"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n PKO cifrada"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n de firma cifrada"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Conexiones de red"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Conexiones de red"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&C maras y esc neres"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&C maras y esc neres"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&C maras y esc neres"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&C maras y esc neres"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&C maras y esc neres"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensiones del shell para Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="V¡nculos a datos de Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tareas programadas"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tareas y men£ Inicio"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Buscar"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ejecutar..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Correo electr¢nico"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fuentes"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Herramientas administrativas"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de herramientas de Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Estado de la descarga"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Carpeta Shell aumentada"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Carpeta 2 Shell aumentada"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Banda del explorador de Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Banda de b£squeda"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Banda multimedia"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="B£squeda en panel"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="B£squeda Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilidad de opciones del  rbol de Registro"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Direcci¢n"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Cuadro de la direcci¢n"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autocompletar de Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autocompleta MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Lista autocompleta MRU personalizada"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra de progreso emergente"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizador de Barra de direcciones"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autocompleta de la historia de Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autocompleta de la carpeta Shell de Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contenedor de la Lista m£ltiple de Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Men£ de sitio de bandas Shell"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barra de escritorio Shell"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Asistencia al usuario"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Configuraci¢n de carpeta global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servicio de Historial de las direcciones URL de Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historial"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Hook de b£squeda de direcciones URL de Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Pantalla de bienvenida de IE4 Suite"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Banda de Explorador"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Carpeta del cach‚ de ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Carpeta de suscripciones"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Administrador de aplicaciones de Shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicaciones instaladas"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extractor de vistas en miniatura de archivos GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Controlador de la informaci¢n de resumen para vistas en miniatura (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extractor de vistas en miniatura HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Asistente para la publicaci¢n en Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Pedido de impresiones v¡a web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objeto de Asistente de publicaci¢n de shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Asistente para obtener pasaporte"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Cuentas de usuario"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Archivo de canal"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Acceso directo al canal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objeto de control de canal"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Carpeta de archivos sin conexi¢n"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personas..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{F5D92341-0A64-11D0-9956-0000E8096023}"="CD Copy Shell Extension"
"{F5D92342-0A64-11D0-9956-0000E8096023}"="CD Wizard Shell Extension"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}"="Mobile"
"{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}"="Mobile ContextMenuHandler"
"{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}"="Mobile PropertySheetHandler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{765489FF-C32C-211A-DFEE-00FD217F8C87}"="ABView"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
@=""
"{6af09ec9-b429-11d4-a1fb-0090960218cb}"="My Bluetooth Places"
"{EAE3D640-0259-11d1-9AE0-FB63935FB67D}"="ZX Spectrum Emulator Shell Extension"


**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:


C:\WINDOWS\SYSTEM32\
cygwin1.dll    Fri 15 Jul 2005  18:12:14   A....      1.126.281     1,07 M
cygz.dll       Fri 15 Jul 2005  18:12:14   A....         35.328    34,50 K
wininet.dll    Mon  2 May 2005  22:56:48   A....        660.480   645,00 K
msrating.dll   Mon  2 May 2005  22:56:46   A....        146.432   143,00 K
xpsp3res.dll   Tue 17 May 2005   2:42:14   .....         16.896    16,50 K
cdfview.dll    Mon  2 May 2005  22:56:44   A....        151.552   148,00 K
browseui.dll   Mon  2 May 2005  22:56:44   A....      1.020.416   996,50 K
mscms.dll      Wed 29 Jun 2005   3:49:44   A....         74.240    72,50 K
mshtmled.dll   Mon  2 May 2005  22:56:46   A....        448.512   438,00 K
cdm.dll        Thu 26 May 2005   4:16:24   A....         75.544    73,77 K
iepeers.dll    Mon  2 May 2005  22:56:44   A....        250.880   245,00 K
msi.dll        Wed  4 May 2005  14:45:32   A....      2.890.240     2,75 M
iuengine.dll   Thu 26 May 2005   4:16:24   A....        198.424   193,77 K
itircl.dll     Fri 27 May 2005   4:08:06   A....        155.136   151,50 K
wuapi.dll      Thu 26 May 2005   4:16:30   A....        466.200   455,27 K
itss.dll       Fri 27 May 2005   4:08:06   A....        137.216   134,00 K
hhsetup.dll    Fri 27 May 2005   4:08:06   A....         41.472    40,50 K
urlmon.dll     Mon  2 May 2005  22:56:46   A....        604.672   590,50 K
shlwapi.dll    Mon  2 May 2005  22:56:46   A....        474.112   463,00 K
shdocvw.dll    Mon  2 May 2005  22:56:46   A....      1.484.288     1,41 M
pngfilt.dll    Mon  2 May 2005  22:56:46   A....         39.424    38,50 K
mshtml.dll     Mon  2 May 2005  22:56:46   A....      3.011.072     2,87 M
inseng.dll     Mon  2 May 2005  22:56:44   A....         96.768    94,50 K
wuaueng.dll    Thu 26 May 2005   4:16:30   A....      1.343.768     1,28 M
wuaueng1.dll   Thu 26 May 2005   4:16:30   A....        195.352   190,77 K
wucltui.dll    Thu 26 May 2005   4:16:30   A....        128.280   125,27 K
wups2.dll      Thu 26 May 2005   4:16:30   A....         18.200    17,77 K
wuweb.dll      Thu 26 May 2005   4:16:30   A....        173.536   169,47 K
icm32.dll      Wed 29 Jun 2005   3:49:44   A....        254.976   249,00 K
bwmedia.dll    Thu 21 Jul 2005  21:11:00   A....        150.016   146,50 K
bwmedia1.dll   Thu 21 Jul 2005  21:11:00   A....        295.424   288,50 K
wups.dll       Thu 26 May 2005   4:16:30   A....         41.240    40,27 K


32 items found:  32 files, 0 directories.
Total of file sizes:  16.206.377 bytes     15,45 M
Locate .tmp files:


No matches found.
**********************************************************************************
Directory Listing of system files:
El volumen de la unidad C es SISTEMA
El n£mero de serie del volumen es: 0E2E-16F8


Directorio de C:\WINDOWS\System32


29/07/2003  16:06    <DIR>          Microsoft
29/07/2003  15:40    <DIR>          dllcache
0 archivos              0 bytes
2 dirs   3.861.053.440 bytes libres


------------

Please any help really appreciate.

Thanks in advance and sorry for my bad english...

Edited by happygeek: fixed formatting

2
Contributors
20
Replies
21
Views
12 Years
Discussion Span
Last Post by Andy25
0

Hi,
Download Ewido and install it. Then run, you will receive a warning message saying "Database not found", click "OK" for this. Next in the main screen, click "Update" and click "Start Update". After the update process, exit from Ewido.

Download CleanUp! and install it. Do not run it now.


Make Windows to show all files:-
Go to Start > My Computer.
Go to Tools menu, click Folder Options (Folder Option will be in View Menu in Win98).
Uncheck Hide protected operating system files.
Then, click to select the option Show hidden files and folders.
Click Apply and then click OK to exit.


Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.


Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [System Configurator] 2\RUNDLL.EXE
O4 - HKLM\..\Run: [WinDriv32] C:\WINDOWS\System32\WinDriv32.exe
O4 - HKCU\..\Run: [WinDriv32] C:\WINDOWS\System32\WinDriv32.exe

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.


Exit from HijackThis. Delete this file:-
C:\WINDOWS\System32\WinDriv32.exe


Run CleanUp!, click "Options" button, move the "Quick Setup" slider to "Thorough CleanUp!" and click "Yes" for the warning message and exit from Options. Click "CleanUp!" to start cleaning. After cleaning, click "Close", and choose "No" to avoid the restart.

Run Ewido, click on the "Scanner" button in the left menu, then click on the "Start" button.
If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file.

Reboot to Normal Mode. Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Ewido log.

0

Hi swatkat!

Thanks for your help!!

Well...let´s start..

Some funny things.In safe mode, the System Scan of HJT does not report the lines:

1)R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
2)O4 - HKCU\..\Run: [WinDriv32] C:\WINDOWS\System32\WinDriv32.exe (only appears ONE line and no two lines)

I fix all the other lines in safe mode

When i go to Windows/system32 after fix the lines with HJT, i can´t find the file windriv32.exe....

I installed Clenup but the screen was diferrent (i can´t find any slider) but anyway I made a cleaning..

I had run Ewido. first i have an error on a file (it was a zip) and after descompress no problem at all...

But STILL have SYNTAX ERROR (right now i can´t go to this page throught IE 6, i´m using firefox) and worst... it´s like the windows must be affected as i CAN´T search in star-->Find.A blank, white and a blue left margin window...

LOGS:


1) HJT
Logfile of HijackThis v1.99.1
Scan saved at 12:47:43, on 22/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Archivos de programa\Softick\PPP\PPPGate.exe
C:\Archivos de programa\Softick\CardExport\CardGate.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\TVTool 6.5\TVTool.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\ScanSoft\OmniPagePro11.0\opware32.exe
C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\Conceptronic\Software Bluetooth\bin\btwdins.exe
C:\Archivos de programa\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE
C:\Archivos de programa\Wanadoo\USB ADSL Modem\dslmon.exe
C:\Archivos de programa\InterVideo\MSIPVS\WinScheduler.exe
C:\Archivos de programa\ewido\security suite\ewidoguard.exe
C:\Archivos de programa\Conceptronic\Software Bluetooth\BTTray.exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\TechniSat DVB\bin\Server4PC.exe
C:\Archivos de programa\Project1\Soltek_HM.exe
C:\Archivos de programa\Palm\HOTSYNC.EXE
C:\Archivos de programa\Palm\HandStory.exe
C:\WINDOWS\webshots.scr
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\ARCHIV~1\CONCEP~1\SOFTWA~1\BTSTAC~1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\clean\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [amouse] C:\Archivos de programa\Auto Mouse\automouse.exe
O4 - HKLM\..\Run: [SoftickPPP] "C:\Archivos de programa\Softick\PPP\PPPGate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CardGate] "C:\Archivos de programa\Softick\CardExport\CardGate.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TVTool] "C:\Archivos de programa\TVTool 6.5\TVTool.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Archivos de programa\ScanSoft\OmniPagePro11.0\opware32.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Archivos de programa\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [THGuard] "C:\Archivos de programa\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\ARCHIV~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [FreeMem Pro] "C:\ARCHIV~1\FREEME~1\Fmempro.exe" autostart
O4 - HKCU\..\Run: [WinDriv32] C:\WINDOWS\System32\WinDriv32.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Soltek HM.LNK = C:\Archivos de programa\Project1\Soltek_HM.exe
O4 - Startup: HotSync Manager.lnk = C:\Archivos de programa\Palm\HOTSYNC.EXE
O4 - Startup: HandStory.lnk = C:\Archivos de programa\Palm\HandStory.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Archivos de programa\InstantCD+DVD\SharedFiles\Pixie\RegTool.exe
O4 - Startup: Webshots.lnk = C:\Archivos de programa\Webshots\Launcher.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Archivos de programa\InterVideo\MSIPVS\WinScheduler.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Server4PC.lnk = C:\Archivos de programa\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Save To Palm - C:\Archivos de programa\Palm\HandStoryME.htm
O8 - Extra context menu item: Backward Links - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: C&lip To Palm - C:\Archivos de programa\Palm\HandStoryMEC.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\Conceptronic\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate into English - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Crear un favorito móvil - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Archivos de programa\Palm\HandStoryTE.htm
O9 - Extra 'Tools' menuitem: &Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Archivos de programa\Palm\HandStoryTE.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Conceptronic\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Conceptronic\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\flashget.exe
O9 - Extra button: SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Archivos de programa\Conceptronic\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoguard.exe
O23 - Service: LogoMedia TranslateDotNet Server - LogoMedia Corporation - C:\Archivos de programa\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe" -service (file missing)


2) Ewido


2.1-Frist log
---------------------------------------------------------
ewido security suite - Report de exploración
---------------------------------------------------------


+ Creado en:        12:36:54, 22/07/2005
+ Report-Checksum:  47A619CE


+ Scan result:


HKLM\SOFTWARE\Classes\iefeatsl.ViewSource -> Spyware.CoolWebSearch : Limpio con backup
HKLM\SOFTWARE\Classes\iefeatsl.ViewSource\CLSID -> Spyware.CoolWebSearch : Limpio con backup
HKLM\SOFTWARE\Classes\iefeatsl.ViewSource\CurVer -> Spyware.CoolWebSearch : Limpio con backup
HKLM\SOFTWARE\Classes\SearchHook.SearchHookObject -> Spyware.CoolWebSearch : Limpio con backup
HKLM\SOFTWARE\Classes\SearchHook.SearchHookObject\CLSID -> Spyware.CoolWebSearch : Limpio con backup
HKLM\SOFTWARE\Classes\SearchHook.SearchHookObject\CurVer -> Spyware.CoolWebSearch : Limpio con backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{FD9BC004-8331-4457-B830-4759FF704C22} -> Spyware.CoolWebSearch : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@gator[1].txt -> Spyware.Cookie.Gator : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@fastclick[1].txt -> Spyware.Cookie.Fastclick : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@advertising[1].txt -> Spyware.Cookie.Advertising : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@targetnet[2].txt -> Spyware.Cookie.Targetnet : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@qksrv[2].txt -> Spyware.Cookie.Qksrv : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@hitbox[2].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@overture[2].txt -> Spyware.Cookie.Overture : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@counter2.hitslink[2].txt -> Spyware.Cookie.Hitslink : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@z1.adserver[3].txt -> Spyware.Cookie.Adserver : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@2o7[1].txt -> Spyware.Cookie.2o7 : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@fastclick[2].txt -> Spyware.Cookie.Fastclick : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@centrport[1].txt -> Spyware.Cookie.Centrport : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ehg-wizardsofthecoast.hitbox[2].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@advertising[2].txt -> Spyware.Cookie.Advertising : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@112.2o7[2].txt -> Spyware.Cookie.2o7 : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@adtech[2].txt -> Spyware.Cookie.Adtech : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@tribalfusion[3].txt -> Spyware.Cookie.Tribalfusion : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ehg-idg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@bilbo.counted[2].txt -> Spyware.Cookie.Counted : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@bfast[1].txt -> Spyware.Cookie.Bfast : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@atdmt[2].txt -> Spyware.Cookie.Atdmt : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@phg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@targetnet[1].txt -> Spyware.Cookie.Targetnet : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ehg-newegg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@www.goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@z1.adserver[4].txt -> Spyware.Cookie.Adserver : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ehg-sonycomputer.hitbox[2].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@bfast[2].txt -> Spyware.Cookie.Bfast : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@phg.hitbox[3].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@overture[1].txt -> Spyware.Cookie.Overture : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@tradedoubler[3].txt -> Spyware.Cookie.Tradedoubler : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@counter.hitslink[2].txt -> Spyware.Cookie.Hitslink : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ehg-zoomerang.hitbox[1].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@spylog[2].txt -> Spyware.Cookie.Spylog : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@bluestreak[3].txt -> Spyware.Cookie.Bluestreak : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@bilbo.counted[3].txt -> Spyware.Cookie.Counted : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ad.adition[3].txt -> Spyware.Cookie.Adition : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@as1.falkag[4].txt -> Spyware.Cookie.Falkag : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ehg-randomhouse.hitbox[1].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@hitbox[3].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@weborama[2].txt -> Spyware.Cookie.Weborama : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@counter4.sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ehg-darksideprod.hitbox[2].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@fastclick[4].txt -> Spyware.Cookie.Fastclick : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@goldenpalace[2].txt -> Spyware.Cookie.Goldenpalace : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@2o7[3].txt -> Spyware.Cookie.2o7 : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@counter3.sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ehg-uniontrib.hitbox[2].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@adviva[2].txt -> Spyware.Cookie.Adviva : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@advertising[4].txt -> Spyware.Cookie.Advertising : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@paypopup[1].txt -> Spyware.Cookie.Paypopup : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@counter12.sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ehg-hsm.hitbox[2].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@counter15.sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@paycounter[2].txt -> Spyware.Cookie.Paycounter : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@valueclick[1].txt -> Spyware.Cookie.Valueclick : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@ehg-cafepress.hitbox[1].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@servedby.advertising[3].txt -> Spyware.Cookie.Advertising : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@counter16.sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@sexlist[2].txt -> Spyware.Cookie.Sexlist : Limpio con backup
C:\Documents and Settings\Andres\Configuración local\Temp\Cookies\andres@counter13.sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Mis documentos\HDD_Regenerator_v1[1].41.zip/bkg.exe -> TrojanDownloader.INService : Error durante limpieza
C:\Documents and Settings\Andres\Cookies\andres@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@adtech[3].txt -> Spyware.Cookie.Adtech : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@findwhat[1].txt -> Spyware.Cookie.Findwhat : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@hotlog[2].txt -> Spyware.Cookie.Hotlog : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@web4.realtracker[1].txt -> Spyware.Cookie.Realtracker : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ads.x10[2].txt -> Spyware.Cookie.X10 : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@z1.adserver[3].txt -> Spyware.Cookie.Adserver : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@2o7[1].txt -> Spyware.Cookie.2o7 : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@perf.overture[1].txt -> Spyware.Cookie.Overture : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@tradedoubler[3].txt -> Spyware.Cookie.Tradedoubler : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ads.specificpop[2].txt -> Spyware.Cookie.Specificpop : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ads47.bpath[2].txt -> Spyware.Cookie.Bpath : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@serving-sys[3].txt -> Spyware.Cookie.Serving-sys : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@xxxtoolbar[2].txt -> Spyware.Cookie.Xxxtoolbar : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@www.smartadserver[2].txt -> Spyware.Cookie.Smartadserver : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@hotlog[3].txt -> Spyware.Cookie.Hotlog : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@paycounter[1].txt -> Spyware.Cookie.Paycounter : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ads47.bpath[3].txt -> Spyware.Cookie.Bpath : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@fastclick[1].txt -> Spyware.Cookie.Fastclick : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@centrport[1].txt -> Spyware.Cookie.Centrport : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@www.res99[1].txt -> Spyware.Cookie.Res99 : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@atdmt[2].txt -> Spyware.Cookie.Atdmt : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@spylog[2].txt -> Spyware.Cookie.Spylog : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@adtech[2].txt -> Spyware.Cookie.Adtech : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ads.x10[3].txt -> Spyware.Cookie.X10 : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@weborama[2].txt -> Spyware.Cookie.Weborama : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ads.specificpop[1].txt -> Spyware.Cookie.Specificpop : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bilbo.counted[2].txt -> Spyware.Cookie.Counted : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ad.adition[2].txt -> Spyware.Cookie.Adition : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@fl01.ct2.comclick[2].txt -> Spyware.Cookie.Comclick : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@realmedia[2].txt -> Spyware.Cookie.Realmedia : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@overture[1].txt -> Spyware.Cookie.Overture : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@internetfuel[2].txt -> Spyware.Cookie.Internetfuel : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@hestia.sextrail.trakkerd[2].txt -> Spyware.Cookie.Trakkerd : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@xxxcounter[2].txt -> Spyware.Cookie.Xxxcounter : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bilbo.counted[4].txt -> Spyware.Cookie.Counted : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@vad.mainentrypoint[1].txt -> Spyware.Cookie.Mainentrypoint : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@valueclick[1].txt -> Spyware.Cookie.Valueclick : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@valueclick[3].txt -> Spyware.Cookie.Valueclick : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@tribalfusion[3].txt -> Spyware.Cookie.Tribalfusion : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@questionmarket[3].txt -> Spyware.Cookie.Questionmarket : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ds.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@weborama[3].txt -> Spyware.Cookie.Weborama : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@advertising[1].txt -> Spyware.Cookie.Advertising : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@overture[2].txt -> Spyware.Cookie.Overture : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@centrport[3].txt -> Spyware.Cookie.Centrport : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bilbo.counted[3].txt -> Spyware.Cookie.Counted : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@tribalfusion[4].txt -> Spyware.Cookie.Tribalfusion : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ads.pointroll[3].txt -> Spyware.Cookie.Pointroll : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bluestreak[3].txt -> Spyware.Cookie.Bluestreak : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@112.2o7[2].txt -> Spyware.Cookie.2o7 : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@spylog[3].txt -> Spyware.Cookie.Spylog : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@questionmarket[4].txt -> Spyware.Cookie.Questionmarket : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bs.serving-sys[3].txt -> Spyware.Cookie.Serving-sys : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@2o7[2].txt -> Spyware.Cookie.2o7 : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@2o7[4].txt -> Spyware.Cookie.2o7 : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bs.serving-sys[4].txt -> Spyware.Cookie.Serving-sys : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@tradedoubler[4].txt -> Spyware.Cookie.Tradedoubler : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@counter2.hitslink[1].txt -> Spyware.Cookie.Hitslink : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@weborama[4].txt -> Spyware.Cookie.Weborama : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@counter2.sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@as1.falkag[3].txt -> Spyware.Cookie.Falkag : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@counter7.sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@counter4.sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@paycounter[3].txt -> Spyware.Cookie.Paycounter : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@hitbox[2].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@247realmedia[2].txt -> Spyware.Cookie.247realmedia : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ehg-cafepress.hitbox[1].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ehg-sonycomputer.hitbox[2].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@trafficmp[4].txt -> Spyware.Cookie.Trafficmp : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@112.2o7[1].txt -> Spyware.Cookie.2o7 : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@valueclick[2].txt -> Spyware.Cookie.Valueclick : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@counter4.sextracker[2].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@centrport[2].txt -> Spyware.Cookie.Centrport : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@serving-sys[4].txt -> Spyware.Cookie.Serving-sys : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@adtech[4].txt -> Spyware.Cookie.Adtech : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bilbo.counted[5].txt -> Spyware.Cookie.Counted : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ad.adition[4].txt -> Spyware.Cookie.Adition : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@adviva[2].txt -> Spyware.Cookie.Adviva : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bfast[2].txt -> Spyware.Cookie.Bfast : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ehg-samsungusa.hitbox[1].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@weborama[1].txt -> Spyware.Cookie.Weborama : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@perf.overture[2].txt -> Spyware.Cookie.Overture : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ehg-hasbro.hitbox[2].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@fl01.ct2.comclick[3].txt -> Spyware.Cookie.Comclick : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@edge.ru4[4].txt -> Spyware.Cookie.Ru4 : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@www.goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@affiliates.x10[2].txt -> Spyware.Cookie.X10 : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ehg-idg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ehg-atariinc.hitbox[1].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@qksrv[1].txt -> Spyware.Cookie.Qksrv : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@counter.hitslink[2].txt -> Spyware.Cookie.Hitslink : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@counter2.hitslink[2].txt -> Spyware.Cookie.Hitslink : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@targetnet[2].txt -> Spyware.Cookie.Targetnet : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@paypopup[1].txt -> Spyware.Cookie.Paypopup : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@advertising[2].txt -> Spyware.Cookie.Advertising : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ehg-newarkinone.hitbox[2].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@xxxtoolbar[3].txt -> Spyware.Cookie.Xxxtoolbar : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ehg-playboy.hitbox[1].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@sexlist[2].txt -> Spyware.Cookie.Sexlist : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@as1.falkag[4].txt -> Spyware.Cookie.Falkag : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@doubleclick[3].txt -> Spyware.Cookie.Doubleclick : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@goldenpalace[2].txt -> Spyware.Cookie.Goldenpalace : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@sextracker[2].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ysbweb[2].txt -> Spyware.Cookie.Ysbweb : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@counter9.sextracker[1].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@programs.wegcash[1].txt -> Spyware.Cookie.Wegcash : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@counter2.sextracker[2].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@spylog[1].txt -> Spyware.Cookie.Spylog : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@hotlog[4].txt -> Spyware.Cookie.Hotlog : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@counter13.sextracker[2].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bluestreak[5].txt -> Spyware.Cookie.Bluestreak : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@paycounter[2].txt -> Spyware.Cookie.Paycounter : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@fastclick[2].txt -> Spyware.Cookie.Fastclick : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@overture[4].txt -> Spyware.Cookie.Overture : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@counter12.sextracker[2].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@bs.serving-sys[6].txt -> Spyware.Cookie.Serving-sys : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@hitbox[1].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ehg-interlifeform.hitbox[2].txt -> Spyware.Cookie.Hitbox : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@ads.pointroll[4].txt -> Spyware.Cookie.Pointroll : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@2o7[3].txt -> Spyware.Cookie.2o7 : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@popunder.paypopup[2].txt -> Spyware.Cookie.Paypopup : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@servedby.advertising[3].txt -> Spyware.Cookie.Advertising : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@tribalfusion[5].txt -> Spyware.Cookie.Tribalfusion : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@counter3.sextracker[2].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Documents and Settings\Andres\Cookies\andres@counter7.sextracker[3].txt -> Spyware.Cookie.Sextracker : Limpio con backup
C:\Archivos de programa\Siemens\GPRS\Siemens GPRS.exe -> Heuristic.Win32.Dialer : Limpio con backup



::Fin Report


2.2-After decompress the zip file


---------------------------------------------------------
ewido security suite - Report de exploración
---------------------------------------------------------


+ Creado en:        12:52:22, 22/07/2005
+ Report-Checksum:  174080E5


+ Scan result:


C:\Documents and Settings\Andres\Mis documentos\HDD_Regenerator_v1[1].41\bkg.exe -> TrojanDownloader.INService : Limpio con backup



::Fin Report

thanks in advance

Edited by happygeek: fixed formatting

0

Hi,
Open NotePad, and copy the contents of the below "Code" box:-

cd %windir%
cd System32
attrib -s -r -h WinDriv32.exe
del WinDriv32.exe

Go to File Menu > Save As, and save the file with the name Test.bat and exit from NotePad.

Download CWShredder and AboutBuster. Extract the AboutBuster ZIP file to a folder.

Now, close the Real Time scanner of Ewido and Trojan Hunter, and then run HijackThis.
Select these items in HijackThis:-

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKCU\..\Run: [WinDriv32] C:\WINDOWS\System32\WinDriv32.exe

Click "Fix Checked".

Next, reboot to safe mode. Run CWShredder and click "Fix". Next run AboutBuster and click "Begin Removal".

Double-Click on the file Test.bat, a small DOS type window should open and close immediately.

Reboot back to normal mode, and run HijackThis and post a fresh log. Also post whether CWShredder and AboutBuster found anything or not.

For the error in the Search feature, please download Windows Script and install it. Then check with the Search, and post back whether it's back to normal or not.

0

Hi!

Thanks again for your help.

The HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 14:35:24, on 22/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Archivos de programa\Softick\PPP\PPPGate.exe
C:\Archivos de programa\Softick\CardExport\CardGate.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\TVTool 6.5\TVTool.exe
C:\Archivos de programa\ScanSoft\OmniPagePro11.0\opware32.exe
C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\Archivos de programa\Conceptronic\Software Bluetooth\bin\btwdins.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\Wanadoo\USB ADSL Modem\dslmon.exe
C:\Archivos de programa\InterVideo\MSIPVS\WinScheduler.exe
C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Archivos de programa\Conceptronic\Software Bluetooth\BTTray.exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\TechniSat DVB\bin\Server4PC.exe
C:\Archivos de programa\Project1\Soltek_HM.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Palm\HOTSYNC.EXE
C:\Archivos de programa\Palm\HandStory.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\webshots.scr
C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\ARCHIV~1\CONCEP~1\SOFTWA~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\clean\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [amouse] C:\Archivos de programa\Auto Mouse\automouse.exe
O4 - HKLM\..\Run: [SoftickPPP] "C:\Archivos de programa\Softick\PPP\PPPGate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CardGate] "C:\Archivos de programa\Softick\CardExport\CardGate.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TVTool] "C:\Archivos de programa\TVTool 6.5\TVTool.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Archivos de programa\ScanSoft\OmniPagePro11.0\opware32.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Archivos de programa\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [THGuard] "C:\Archivos de programa\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\ARCHIV~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [FreeMem Pro] "C:\ARCHIV~1\FREEME~1\Fmempro.exe" autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Soltek HM.LNK = C:\Archivos de programa\Project1\Soltek_HM.exe
O4 - Startup: HotSync Manager.lnk = C:\Archivos de programa\Palm\HOTSYNC.EXE
O4 - Startup: HandStory.lnk = C:\Archivos de programa\Palm\HandStory.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Archivos de programa\InstantCD+DVD\SharedFiles\Pixie\RegTool.exe
O4 - Startup: Webshots.lnk = C:\Archivos de programa\Webshots\Launcher.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Archivos de programa\InterVideo\MSIPVS\WinScheduler.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Server4PC.lnk = C:\Archivos de programa\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Save To Palm - C:\Archivos de programa\Palm\HandStoryME.htm
O8 - Extra context menu item: Backward Links - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: C&lip To Palm - C:\Archivos de programa\Palm\HandStoryMEC.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\Conceptronic\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate into English - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Crear un favorito móvil - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Archivos de programa\Palm\HandStoryTE.htm
O9 - Extra 'Tools' menuitem: &Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Archivos de programa\Palm\HandStoryTE.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Conceptronic\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\Conceptronic\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\flashget.exe
O9 - Extra button: SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Archivos de programa\Conceptronic\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoguard.exe
O23 - Service: LogoMedia TranslateDotNet Server - LogoMedia Corporation - C:\Archivos de programa\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
------------
In safe mode i ran the test.bat witout prblems,cwshredder and AboutBuster gave no action.The las one gave me a log, but CwShredder didn´t

AboutBuster log:
AboutBuster 5.0 reference file 28
Scan started on [22/07/2005] at [14:15:19]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 14:15:59


----------

After installing Windows Script, still same problem.No find box as you can see in this image:

Attachments search.jpg 10.11 KB
0

Ah!! and Still no internet connection on some websites (Syntax not Valid).But all other programs seems to work ok:Firefox, Emule,Free Agent,etc

Attachments Error-Syntax.jpg 21.61 KB
0

Hi,
Please follow the stpes provided here. After this, check with the Search box.

Open NotePad, and copy the contents of the below "Quote" box:-

regedit /e test1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main"
regedit /e test2.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main"
copy test1.txt + test2.txt = info.txt
del test1.txt
del test2.txt

Go to File Menu > Save As, and save the file with the name Test.bat and exit from NotePad.

Double-Click on the file Test.bat, a small DOS type window should open and close immediately.
After this, there would be a file called Info.txt in the same location where Test.bat was present. Open the Info.txt and post it's contents here.

0

Hi again!

I have realized that every time i write an URl that give me a "Syntax not Valid"... If i left the cursor over the URL BOX i can see how the cursor changes from a sanddclock...to something with three little dots in a semicircle.Form a small one, the a medium one and finaly a great one.In thios colors.blue,yelow and red.this item dissappears as soon as the syntax error appears.I mean you can see it only when the system it´s "thinking" the url

It´s a pitty but I don´t know how to catch this, as Print Screen does not cath the cursor.

Hope this helps.

0

Hi again!

This is the info file

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Enable_Disk_Cache"="yes"
"Cache_Percent_of_Disk"=hex:0a,00,00,00
"Delete_Temp_Files_On_Exit"="yes"
"Local Page"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
62,00,6c,00,61,00,6e,00,6b,00,2e,00,68,00,74,00,6d,00,00,00
"Anchor_Visitation_Horizon"=hex:01,00,00,00
"Use_Async_DNS"="yes"
"Placeholder_Width"=hex:1a,00,00,00
"Placeholder_Height"=hex:1a,00,00,00
"Start Page"="http://www.msn.com/"
"CompanyName"="Microsoft Corporation"
"Custom_Key"="MICROSO"
"Wizard_Version"="6.0.2600.0000"
"FullScreen"="no"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\ErrorThresholds]
"400"=dword:00000200
"403"=dword:00000100
"404"=dword:00000200
"405"=dword:00000100
"406"=dword:00000200
"408"=dword:00000200
"409"=dword:00000200
"410"=dword:00000100
"500"=dword:00000200
"501"=dword:00000200
"505"=dword:00000200

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"*"=dword:00000001
"infopath.exe"=dword:00000000
"msn6.exe"=dword:00000000
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
@=""
"SAPLOGON.exe"=dword:00000000
"SAPfewgsrv.exe"=dword:00000000
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"*"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
@=""
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\UrlTemplate]
"1"="www.%s.com"
"2"="www.%s.org"
"3"="www.%s.net"
"4"="www.%s.edu"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000001
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Use_DlgBox_Colors"="yes"
"FullScreen"="no"
"Window_Placement"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,cb,00,00,00,1d,00,00,00,eb,03,00,00,6b,02,00,\
00
"NotifyDownloadComplete"="no"
"Página de búsqueda"="http://www.msn.com/access/allinone.asp"
"Página de inicio"="http://www.microsoft.com/msoffice/"
"Use FormSuggest"="no"
"Error Dlg Displayed On Every Error"="no"
"Error Dlg Details Pane Open"="yes"
"AddToFavoritesExpanded"=dword:00000001
"Save Directory"="C:\\Documents and Settings\\Andres\\Mis documentos\\Libros\\"
"Use_DlgBox_Colors_Complete"="1"
"Use_DlgBox_Colors_Failed"="9"
"Use_DlgBox_Colors_Error"="2"
"HistoryViewType"=hex:00,00
"Use Search Asst"="no"
"Expand Alt Text"="no"
"Move System Caret"="no"
"NscSingleExpand"=dword:00000001
"Force Offscreen Composition"=dword:00000000
"FavIntelliMenus"="no"
"UseThemes"=dword:00000001
"Enable Browser Extensions"="yes"
"NoWebJITSetup"=dword:00000001
"Page_Transitions"=dword:00000001
"AllowWindowReuse"=dword:00000001
"ShowGoButton"="yes"
"Friendly http errors"="yes"
"SmoothScroll"=dword:00000001
"Print_Background"="no"
"Play_Animations"="yes"
"Enable_MyPics_Hoverbar"="yes"
"Enable AutoImageResize"="yes"
"Show image placeholders"=dword:00000000
"Display Inline Videos"="yes"
"Play_Background_Sounds"="yes"
"FormSuggest PW Ask"="no"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.google.com/ie"
"StatusBarOther"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings]
"LOCALMACHINE_CD_UNLOCK"=dword:00000000

I´m trying the search tips, but the method 1 it´s not working.now I´m going to test the second one.

thanks in advance.

0

Hi,
Open NotePad, and copy the contents of the below "Quote" box:-

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000

Go to File Menu > Save As, and save the file with the name Fix.reg and exit from NotePad.

Double-Click on the file Fix.reg and choose "Yes" to merge it with Registry.

Reboot your PC, and check for the "Invalid Syntax" error message in Internet Explorer, and post back the results.

0

Hi and thanks for your time!

I´m afraid i made a mistake.. a made a *.bat file... and open an eplorer window.I said this because after i realize that the file was a *.REG.. a change the extension. and was added to the registry, but the syntax error continues :-(

It´s really strange.I can sufr almost any direction in internet, but someones not!! .Really strange.I can´t go to www.yahoo.com, www.google.com,www.altavista.com,www.cnn.com....strange...and the most rare thing it´s the change in the icon.. .with this little 3 color dots..

Humm..ejem... perhaps i may abuse your kind..but i don´t know how to make the method number 2 of the search tip from microsoft.I mean i can reach the variable in the register, but i don´t know what to change...could you help me with this...

I also found this info about the "open in new window" problem i have.
http://support.microsoft.com/default.aspx?scid=kb;es;180176
Sorry..in spanish.. but doesn´t work. I get an error while register actxproxy.dll and pdm32.dll

i also found this link... this time in english, but doesn´t work...http://www.cybertechhelp.com/forums/showthread.php?t=46100

the guy have Xp and said to put this line..C:\WINNT\System32\WScript.exe "%1" %*

UFFF!!..almost imposible to restore my system...I thnik everything must be something about the java machine.I have a virus in one file.. and after desinfection.. all this happen.I have Sun java..

Help in advance

0

WOOOWWWW!!!

Finally i get resolved the Sytax error...

It´s really funny.. i was looking for a solution to "open in new window" problem...and found this link:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q281679

And VOILA!!! only this line "regsvr32 urlmon.dll" solves BOTH problems.

Now i can sufr WITHOUT problem in any site, and when open in new window.. the windowsa appears with content.

Really Wiondows it´s Amazing....

Bur Still present the problem with the find (search) window.

Thanks in advance.. and hope solve this last little problem...

0

Hi,
Copy the below contents to NotePad:-

regedit /e test1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\In procServer32"
regedit /e test2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb558}\In procServer32"
regedit /e test3.txt "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb558}\In procServer32"
copy test1.txt + test2.txt + test3.txt = info.txt
del test1.txt
del test2.txt
del test3.txt

Go to File > Save As and save it as IE.BAT and exit from NotePad. Double-click on this file and after few seconds it closes by itself. It gives a text file named Info.txt, please post it's contents here.

After this, open Internet Explorer, go to Tools Menu > Internet Options. Here click "Programs" tab, and click "Reset Web Settings". After this, close IE. Go to Control Panel, here double-click on Add/Remove Programs, and unisntall (remove) the Java Runtime Environment (JRE).

Download latest Java Runtime Environment and install it.

Restart your PC, check for Internet Explorer errors and also "Open in new window" problem, and please post back.

0

Hi swatkat!!

But i have solved... (i think) the problem of Syntax not valid and Open in new window.

Right now, i´m writing form IE 6

The only remain problem it´s the Search Window....

Hope to resolve this soon...with your help!

0

Hi,
Happy to hear that, some of the problems are gone! Please run the UE.BAT file. as said in my previous post, and post the contents of the Info.txt file.

0

YEAHHH!!!!!

FINALLY WE GOT!!! now i have Search Working again!!!

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Enable_Disk_Cache"="yes"
"Cache_Percent_of_Disk"=hex:0a,00,00,00
"Delete_Temp_Files_On_Exit"="yes"
"Local Page"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
62,00,6c,00,61,00,6e,00,6b,00,2e,00,68,00,74,00,6d,00,00,00
"Anchor_Visitation_Horizon"=hex:01,00,00,00
"Use_Async_DNS"="yes"
"Placeholder_Width"=hex:1a,00,00,00
"Placeholder_Height"=hex:1a,00,00,00
"Start Page"="http://www.msn.com/"
"CompanyName"="Microsoft Corporation"
"Custom_Key"="MICROSO"
"Wizard_Version"="6.0.2600.0000"
"FullScreen"="no"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\ErrorThresholds]
"400"=dword:00000200
"403"=dword:00000100
"404"=dword:00000200
"405"=dword:00000100
"406"=dword:00000200
"408"=dword:00000200
"409"=dword:00000200
"410"=dword:00000100
"500"=dword:00000200
"501"=dword:00000200
"505"=dword:00000200

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"*"=dword:00000001
"infopath.exe"=dword:00000000
"msn6.exe"=dword:00000000
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
@=""
"SAPLOGON.exe"=dword:00000000
"SAPfewgsrv.exe"=dword:00000000
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"*"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
@=""
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\UrlTemplate]
"1"="www.%s.com"
"2"="www.%s.org"
"3"="www.%s.net"
"4"="www.%s.edu"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000001
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Use_DlgBox_Colors"="yes"
"FullScreen"="no"
"Window_Placement"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,cb,00,00,00,1d,00,00,00,eb,03,00,00,6b,02,00,\
00
"NotifyDownloadComplete"="no"
"Página de búsqueda"="http://www.msn.com/access/allinone.asp"
"Página de inicio"="http://www.microsoft.com/msoffice/"
"Use FormSuggest"="no"
"Error Dlg Displayed On Every Error"="no"
"Error Dlg Details Pane Open"="yes"
"AddToFavoritesExpanded"=dword:00000001
"Save Directory"="C:\\Documents and Settings\\Andres\\Mis documentos\\Libros\\"
"Use_DlgBox_Colors_Complete"="1"
"Use_DlgBox_Colors_Failed"="9"
"Use_DlgBox_Colors_Error"="2"
"HistoryViewType"=hex:00,00
"Use Search Asst"="no"
"Expand Alt Text"="no"
"Move System Caret"="no"
"NscSingleExpand"=dword:00000001
"Force Offscreen Composition"=dword:00000000
"FavIntelliMenus"="no"
"UseThemes"=dword:00000001
"Enable Browser Extensions"="yes"
"NoWebJITSetup"=dword:00000001
"Page_Transitions"=dword:00000001
"AllowWindowReuse"=dword:00000001
"ShowGoButton"="yes"
"Friendly http errors"="yes"
"SmoothScroll"=dword:00000001
"Print_Background"="no"
"Play_Animations"="yes"
"Enable_MyPics_Hoverbar"="yes"
"Enable AutoImageResize"="yes"
"Show image placeholders"=dword:00000000
"Display Inline Videos"="yes"
"Play_Background_Sounds"="yes"
"FormSuggest PW Ask"="no"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.google.com/ie"
"StatusBarOther"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings]
"LOCALMACHINE_CD_UNLOCK"=dword:00000000

---------

Really thanks thanks a lot !!!

0

Hi :) ,
Is the Search box back again? Then we dont need any registry editing now.

Yeah!! :-)

After running the ie.bat the search works again!!!

Thanks a lot Swatkat!!! Really thanks a lot!

One question.Could you tell me some websites or books where i can learn about all this things....???

Bye and best wishes from Spain!!!

0

Hi SwatKat again..

I´m afraid the info.txt i had sent you it´s the same that after running "test.bat" file.

As I look at the time and the file is 22:57 and right now it´s 13:28

If you need thsi file i could run again the ie.bat file if you like.

Thanks in advance!

0

Hi Andy25,
I knew that you posted different file :D. But, since the Search box is back ( by the method of registering the files as given in that Microsoft article ), i thought that registry edit is not necessary.
Since you are not having any problems with Search window, that file is not necessary now :D

0

Hi again! :-)

Well.. after trying a lot of things in IE 6 i had found that the Java must we bad...

I mean, i can´t see SOME java webcams online.. like this site:

http://www.crtvg.es/camweb/priportadaeleccion.htm

and choose any webcam (a coruna is were i live) i only can see a window whith the icon of a broken link to an image...but in firefox works great.No problem in firefox...

But the strange thing is that this other webcam

http://www.earthcam.com/usa/california/venicebeach/

load perfect in IE 6!!!...really strange...

I must said that i have uninstalled JVE and reinstalled it again and reconstructed in the file asociation the item "open with the system symbol" in the Js and JSE file types...as i had erased both asociations...

any idea???

thanks in advance

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.