Hi, I have problems to go google and MSN, because those are replaced by FINDWHATEVERNOW. I tried with some software as spybot-S&D, Spyware-Doctor, Ad-Aware SE, CWShedder and didn't have good results, the problem still

This is my last HijackThis log:

Logfile of HijackThis v1.98.2
Scan saved at 11:07:23 a.m., on 25/11/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\NOVELL\CLIENT32\NWRECMSG.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INOTASK.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INORT9X.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INORPC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\REALMON.EXE
C:\+PRIETO\+DOWNLOADS\FREERAM\FREERAM XP PRO 1.40.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\TOTALCOMMANDER\TOTALCMD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\EXCEL.EXE
C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\SGMAIN.EXE
C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\SGBHP.EXE
C:\ARCHIVOS DE PROGRAMA\OPERA7\OPERA.EXE
C:\+PRIETO\+DOWNLOADS\_SPY\REMOVE FINDWHATEVERNOW\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.opera.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\ARCHIV~1\CA\ETRUST~1\REALMON.EXE -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [InoTask] C:\Archivos de programa\CA\eTrust Antivirus\InoTask.exe
O4 - HKLM\..\RunServices: [InoRT] C:\Archivos de programa\CA\eTrust Antivirus\InoRT9x.exe
O4 - HKLM\..\RunServices: [InoRPC] C:\Archivos de programa\CA\eTrust Antivirus\InoRpc.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\+PRIETO\+DOWNLOADS\FREERAM\FREERAM XP PRO 1.40.EXE" -win
O4 - Startup: SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {6986A6CF-9D58-11D6-91C2-00E02964E8E3} - http://www.descargatusmp3.com/pagomast.cab
O16 - DPF: {B397C5F7-629D-4BE7-855F-576C7929C151} (cont.ablb) - http://www.rentasgcba.gov.ar/abl_pat/distribuc/cont.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = lgcampana
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.47.15.118,64.157.143.38

Thank you very much at all

Sorry for my English

Hi kodiak,

You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.

Run HijackThis, click on "Scan" and check the boxes next to all these items.

R3 - Default URLSearchHook is missing

O16 - DPF: {6986A6CF-9D58-11D6-91C2-00E02964E8E3} - http://www.descargatusmp3.com/pagomast.cab

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer and post a new log in this thread.

I'm sending now the new log obtained:

-------------------
Logfile of HijackThis v1.98.2
Scan saved at 01:43:44 p.m., on 26/11/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\NOVELL\CLIENT32\NWRECMSG.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INOTASK.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INORT9X.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INORPC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\REALMON.EXE
C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\00\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.opera.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\ARCHIV~1\CA\ETRUST~1\REALMON.EXE -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [InoTask] C:\Archivos de programa\CA\eTrust Antivirus\InoTask.exe
O4 - HKLM\..\RunServices: [InoRT] C:\Archivos de programa\CA\eTrust Antivirus\InoRT9x.exe
O4 - HKLM\..\RunServices: [InoRPC] C:\Archivos de programa\CA\eTrust Antivirus\InoRpc.exe
O4 - Startup: Búsqueda rápida de Microsoft.lnk = C:\Archivos de programa\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {B397C5F7-629D-4BE7-855F-576C7929C151} (cont.ablb) - http://www.rentasgcba.gov.ar/abl_pat/distribuc/cont.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = lgcampana
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.47.15.118,64.157.143.38
--------------------

I sent you an e-mail with this text, I don't know if it's OK or no, sorry

Regards

Hi Bobbi


Sorry, I forget to send this file to help you, refer to previous topic

Thanks

Do not post by hitting the new topic button on the bottom right..hit the Add reply

Thank You Wave.gif

Hi kodiak,


You have Microsoft's Find Fast running on your program and while a legitimate program, it is a resource hog. It is usually the cause of your computer getting really slow or even freezing for several seconds while it is indexing. Find fast neither finds things any better or faster than other Windows searches. You will notice system improvement by disabling this one. After fixing with Hijackthis, go into the "FindFast"-icon in the Control Panel and choose the "Index \ Close and Stop" menu option.

O4 - Startup: Búsqueda rápida de Microsoft.lnk = C:\Archivos de programa\Microsoft Office\Office\FINDFAST.EXE

For the rest; this log is clean!

This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

This can be accessed by going to http://windowsupdate.microsoft.com/ and following the prompts. If you are running Windows XP get updated to SP-2

Please post back if you are still having any problems....

Hi Bobbi

I follow all steps that you indicated to me last post.

Then I tried to go google and hotmail pages, but I did'nt have good results.
Show up the same page that I sent the last post as attachment.
I mean that the probem is so hard, so I'm sending the last HijackThis.log:

Logfile of HijackThis v1.98.2
Scan saved at 01:42:36 p.m., on 29/11/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\NOVELL\CLIENT32\NWRECMSG.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INOTASK.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INORT9X.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INORPC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\REALMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\TOTALCOMMANDER\TOTALCMD.EXE
C:\00\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.opera.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\ARCHIV~1\CA\ETRUST~1\REALMON.EXE -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [InoTask] C:\Archivos de programa\CA\eTrust Antivirus\InoTask.exe
O4 - HKLM\..\RunServices: [InoRT] C:\Archivos de programa\CA\eTrust Antivirus\InoRT9x.exe
O4 - HKLM\..\RunServices: [InoRPC] C:\Archivos de programa\CA\eTrust Antivirus\InoRpc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {B397C5F7-629D-4BE7-855F-576C7929C151} (cont.ablb) - http://www.rentasgcba.gov.ar/abl_pat/distribuc/cont.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = lgcampana
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.47.15.118,64.157.143.38


Regards

Hi Bobbi

I follow all steps that you indicated to me last post.

Then I tried to go google and hotmail pages, but I did'nt have good results.
Show up the same page that I sent the last post as attachment.
I mean that the probem is so hard, so I'm sending the last HijackThis.log:

Logfile of HijackThis v1.98.2
Scan saved at 01:42:36 p.m., on 29/11/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\NOVELL\CLIENT32\NWRECMSG.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INOTASK.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INORT9X.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INORPC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\REALMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\TOTALCOMMANDER\TOTALCMD.EXE
C:\00\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.opera.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\ARCHIV~1\CA\ETRUST~1\REALMON.EXE -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [InoTask] C:\Archivos de programa\CA\eTrust Antivirus\InoTask.exe
O4 - HKLM\..\RunServices: [InoRT] C:\Archivos de programa\CA\eTrust Antivirus\InoRT9x.exe
O4 - HKLM\..\RunServices: [InoRPC] C:\Archivos de programa\CA\eTrust Antivirus\InoRpc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {B397C5F7-629D-4BE7-855F-576C7929C151} (cont.ablb) - http://www.rentasgcba.gov.ar/abl_pat/distribuc/cont.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = lgcampana
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.47.15.118,64.157.143.38


Regards

Hi kodiak,

Your log is clean. Have you changed your configuration? The Argentinian version of Google is online so that can't be a problem either.

Hi Bobbi

I can't go to the following webpages:

hotmail
yahoo
microsoft, microsoft updates, in all links to be possible
sumetimes to google, no at all

everytime appear the page I had attached, that lock the way to arrive them

I mean it's generated by www_findwhatevernow_com :angry:

Regards

Run HijackThis. Click on "Config...", "Misc Tools". Check "List also minor sections (full)" and "List empty sections (complete)". Click on "Generate StartupList log". Answer "Yes" to the question and Notepad will open with text in it. Please post this text.
Maybe that will explain something.

Hi Bobbi

I'm posting the "startuplist.txt" file.

Regards

StartupList report, 30/11/2004, 10:04:16 a.m.
StartupList version: 1.52.2
Started from : C:\00\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\NOVELL\CLIENT32\NWRECMSG.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INOTASK.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INORT9X.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\INORPC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\CA\ETRUST ANTIVIRUS\REALMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ARCHIVOS DE PROGRAMA\TOTALCOMMANDER\TOTALCMD.EXE
C:\ARCHIVOS DE PROGRAMA\ACAD2000\ACAD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\00\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Menú Inicio\Programas\Inicio]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All users\Menú Inicio\Programas\Inicio]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SoundFusion = RunDll32 cwcprops.cpl,CrystalControlWnd
LoadQM = loadqm.exe
Realtime Monitor = C:\ARCHIV~1\CA\ETRUST~1\REALMON.EXE -s

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
InoTask = C:\Archivos de programa\CA\eTrust Antivirus\InoTask.exe
InoRT = C:\Archivos de programa\CA\eTrust Antivirus\InoRT9x.exe
InoRPC = C:\Archivos de programa\CA\eTrust Antivirus\InoRpc.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
*Registry key not found*

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[SetupcPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

[AppletsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

[FontsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

[{5A8D6EE0-3E18-11D0-821E-444553540000}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36

[PerUser_ICW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

[PerUser_Msinfo] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

[PerUser_Msinfo2] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

[MotownMmsysPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

[MotownAvivideoPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

[MmoptPreferredAudioDevices] *
StubPath = rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,@0,SPCI\VEN_1013&DEV_6003&SUBSYS_60031013&REV_01\BUS_00&DEV_06&FUNC_00

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

[MotownMPlayPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf

[PerUser_Base] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

[ShellPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

[Shell2PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

[PerUser_winbase_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_winapps_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[TapiPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

[{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1

[PerUserOldLinks] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

[MmoptRegisterPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

[OlsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

[PerUser_Paint_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_Calc_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_CVT_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

[MotownRecPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Vol] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

[PerUser_MSWordPad_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

[PerUser_RNA_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

[PerUser_Dialer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_CDPlayer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[OlsCompuservePerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 C:\WINDOWS\INF\ols.inf

[OlsTelefonicaIPPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsTelefonicaIPPerUser 64 C:\WINDOWS\INF\ols.inf

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[NetservrPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection NetservrPerUser 64 C:\WINDOWS\INF\netservr.inf

[PerUser_CharMap_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_dxxspace_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf

[PerUser_ClipBrd_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\OBJETO~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 26/11/2004, 13:8:28)

[rename]
NUL=C:\~MSSETUP.T\~msstfof.t\acmsetup.exe
NUL=C:\~MSSETUP.T\~msstfof.t\acmsetup.hlp
NUL=C:\~MSSETUP.T\~msstfof.t\mssetup.dll
NUL=C:\~MSSETUP.T\~msstfof.t\off97_bb.dll
NUL=C:\~MSSETUP.T\~msstfof.t\offsetup.ttf
NUL=C:\~MSSETUP.T\~msstfof.t\Off97Pro.stf
NUL=C:\~MSSETUP.T\~msstfof.t\Off97Pro.inf
NUL=C:\~MSSETUP.T\~msstfof.t\msvcrt20.dll
NUL=C:\~MSSETUP.T\~msstfof.t\msvcrt40.dll
NUL=C:\~MSSETUP.T\~msstfof.t\offclean.dll
NUL=C:\~MSSETUP.T\~msstfof.t\offcln97.opc
NUL=C:\~MSSETUP.T\~msstfof.t\ffast_bb.dll
NUL=C:\~MSSETUP.T\~msstfof.t\msacccah.dll
NUL=C:\~MSSETUP.T\~msstfof.t\wmsset32.dll
NUL=C:\~MSSETUP.T\~msstfof.t\selfreg.dll
NUL=C:\~MSSETUP.T\~msstfof.t\odbcstf.dll
NUL=C:\~MSSETUP.T\~msstfof.t\odbccp32.dll
NUL=C:\~MSSETUP.T\~msstfof.t\odbcint.dll
NUL=C:\~MSSETUP.T\~msstfof.t\odbckey.inf
NUL=C:\~MSSETUP.T\~msstfof.t\32autole.dll
NUL=C:\~MSSETUP.T\~msstfof.t\off97inv.dll
NUL=C:\~MSSETUP.T\~msstfof.t\_MSSETUP._Q_

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)
mode con codepage select=850
keyb la,,C:\WINDOWS\COMMAND\keyboard.sys
SET PATH=%PATH%;C:\ARCHIV~1\ARCHIV~1\AUTODE~1;C:\ARCHIV~1\CA\SHARED~1\SCANEN~1;C:\ARCHIV~1\CA\ETRUST~1
PATH C:\Novell\Client32;%PATH%
Set NWLANGUAGE=ENGLISH
SET AVENGINE=C:\ARCHIV~1\CA\SHARED~1\SCANEN~1
C:\ARCHIV~1\CA\SHARED~1\SCANEN~1\EXAMINE.EXE
SET INOCULAN=C:\ARCHIV~1\CA\ETRUST~1
SET CLASSPATH="C:\Archivos de programa\Java\j2re1.4.1_01\lib\ext\QTJava.zip"
SET QTJAVA="C:\Archivos de programa\Java\j2re1.4.1_01\lib\ext\QTJava.zip"

--------------------------------------------------

C:\CONFIG.SYS listing:

device=C:\WINDOWS\COMMAND\display.sys con=(ega,,1)
Country=052,850,C:\WINDOWS\COMMAND\country.sys

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

*File not found*

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: *Registry key not found*
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Regedit.exe has no CompanyName property! It is either missing or named something else.
- Regedit.exe has no OriginalFilename property! It is either missing or named something else.
- Regedit.exe has no FileDescription property! It is either missing or named something else.

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}
SpywareGuard Download Protection - C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\DLPROTECT.DLL - {4A368E80-174F-4872-96B5-0B27DDD11DB2}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Optimización del inicio de aplicaciones.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Internet Explorer Classes for Java]
CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab
OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7753.4592592593

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[Java Plug-in 1.4.1_01]
InProcServer32 = C:\Archivos de programa\Java\j2re1.4.1_01\bin\npjpi141_01.dll
CODEBASE = http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab

[Java Plug-in 1.4.1_01]
InProcServer32 = C:\Archivos de programa\Java\j2re1.4.1_01\bin\npjpi141_01.dll
CODEBASE = http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab

[cont.ablb]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONT.OCX
CODEBASE = http://www.rentasgcba.gov.ar/abl_pat/distribuc/cont.CAB

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll
NameSpace #2: C:\WINDOWS\SYSTEM\NWWS2NDS.DLL
NameSpace #3: C:\WINDOWS\SYSTEM\NWWS2SAP.DLL
NameSpace #4: C:\WINDOWS\SYSTEM\NWWS2SLP.DLL
Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll
Protocol #2: C:\WINDOWS\SYSTEM\mswsosp.dll
Protocol #3: C:\WINDOWS\SYSTEM\mswsosp.dll
Protocol #4: C:\WINDOWS\SYSTEM\mswsosp.dll
Protocol #5: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #6: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #7: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #8: C:\WINDOWS\SYSTEM\rsvpsp.dll
Protocol #9: C:\WINDOWS\SYSTEM\rsvpsp.dll

--------------------------------------------------

Enumerating Win9x VxD services:

VNETSUP: vnetsup.vxd
NDIS: ndis.vxd,ndis2sup.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
NTKern: *NTKERN
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
IOS: *IOS
MTRR: *mtrr
SPOOLER: *SPOOLER
UDF: *UDF
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VRTWD: C:\WINDOWS\SYSTEM\vrtwd.386
VFIXD: C:\WINDOWS\SYSTEM\vfixd.vxd
VNETBIOS: vnetbios.vxd
VREDIR: vredir.vxd
DFS: dfs.vxd
NWREDIR: (no file)
NWLink: nwlink2.vxd
NSCL: (no file)
VSERVER: vserver.vxd
NOVELLNIOS: nios.vxd

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 23.364 bytes
Report generated in 2,257 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Hi Bobbi

Sorry, I haven't notice about the last post, don't forget me!!!

Regards Wave.gif

Hi kodiak,

Thanks for reminding, your post slipped through my net. We're back.

This is the only strange thing I see. Though I don't see how that could relate to your problem.

I'll ask others to check it. Maybe they see something I don't.

Stupid question.... Can you reach these sites with Internet Explorer? If you also have Firefox, with Firefox?

Hi Bobbi

I usualy work with Opera, I don't know Firefox, but the problem
is the same with Internet Explorer.

Thank you for all time you give me, I don't know how I'll pay you

Regards

Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg and save it on your Desktop. It will reset your Internet Explorer to its defaults, and since Opera also uses Internet, quite possibly that too.

Locate fixme.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Have you tried looking for answers at Opera's forums. http://my.opera.com/forums/.

I've heard that FindWhateverNow looks like it might be a site from Zestyfind.

Download the following tool and install it in its own folder:
http://download.broadbandmedic.com/VX2Finder9x(126).exe
http://www.downloads.subratam.org/VX2Finder9x(126).exe
http://downloads.subratam.org/VX2Finder(126).exe

=== Get Name of Hidden dll ===
Run vx2finder9x(126).exe
Press 'Click to Find VX2.BetterInternet'
Press 'Make Log' and post it in this thread for review

Hi Bobbi

I do all steps you recommendated to me.

1) Creating a file fixme.reg and running it.

2)Download http://www.downloads.subratam.org/VX2Finder9x(126).exe
and run this.

It find no items, so no generate a log file.

3)At last I tried on Opera page and linked to

http://es.trendmicro-europe.com

There, I check my PC by "HouseCall", detectindg a trojan virus.
So I delete the file over.exe from the Program Files Folder,
but the problem still.

4) I'm consulting other forums too, I wish somebody will know about this.


Regards

Hi kodiak,

I haven't heard anything new as well... If I hear something I will post it here.