Hi Carlos, sorry about the delay. Don't know if this will fix the desktop, but should remove the rest of the infection.
First use ERUNT to back up you reisty, then do the rest.
REGISTRY FIXREGEDIT4
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{445CCC1C-B639-4924-B785-BA1DAA48ED61}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{445CCC1C-B639-4924-B785-BA1DAA48ED61}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{445CCC1C-B639-4924-B785-BA1DAA48ED61}\InProcServer32]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FEB0D4C-F53C-470C-9640-1C4A5A262E26}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4FEB0D4C-F53C-470C-9640-1C4A5A262E26}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4FEB0D4C-F53C-470C-9640-1C4A5A262E26}\InProcServer32]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{783C1844-6785-40D0-9629-3F3B0D927E43}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783C1844-6785-40D0-9629-3F3B0D927E43}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{783C1844-6785-40D0-9629-3F3B0D927E43}\InProcServer32]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8691F860-96E4-4FB3-8D35-531C0D1B0AC1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8691F860-96E4-4FB3-8D35-531C0D1B0AC1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8691F860-96E4-4FB3-8D35-531C0D1B0AC1}\InProcServer32]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1D04022-B193-4344-AA49-4C47FBB4C703}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1D04022-B193-4344-AA49-4C47FBB4C703}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1D04022-B193-4344-AA49-4C47FBB4C703}\InProcServer32]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F637F016-4785-493B-932D-9359FC69AAA0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F637F016-4785-493B-932D-9359FC69AAA0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F637F016-4785-493B-932D-9359FC69AAA0}\InProcServer32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBRjKdd]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\perfnw32]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=" msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Next you will need to create the repair registry fix to do that copy and paste
ALL of the above in the quote box to a notepad file. Ensure there is
no space above the
REGEDIT4.
Then in notepad go to
FILE > SAVE AS and in the dropdown box, set the top box
SAVE IN to
DESKTOP Then in the
FILE NAME box type (including the " " marks),
"fix.reg"Click save.
This will create a fix.reg file on your desktop
To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.
Please download
OTMoveIt2 by by OldTimer
Save it to your
desktop.Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\WINDOWS\system32\TvEKnUvw.ini2
C:\WINDOWS\system32\QqrqBcfe.ini2
C:\WINDOWS\system32\remL
C:\WINDOWS\system32\1046a
C:\WINDOWS\system32\arDA
C:\WINDOWS\system32\dFrnx18
C:\WINDOWS\system32\wvUnKEvT
C:\WINDOWS\system32\wvUnKEvT.*
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
NOTE: If OTMOVEITE reboots, before you can get the ruslts they can be found here
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")
Please post the OTMOVEIT2 results nad a new DSS log.