• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
alfileres

Cannot connect to internet after Antivir deleted infected files

79 posts in this topic

I had some trojans in a Windows XP (SP3) machine. So I ran antivir from a CD linux boot and instruct it to repair and if it was not possible, to delete the infected files.

As result, I have now a system that cannot connect to internet. In fact, the problem appears to be that the DHCP client service cannot start.

 

The trojan manifested in redirecting to another website the google search results.

In addition I had other trojans / rootkits.

 

Do you think I have any chance to get Internet connectivity back?

Thank you, your help is greatly appreciated.

Share this post


Link to post
Share on other sites

I've put back the files afd.sys and netbt.sys from the sp3 installation

 

 

Edit: Please read the Instructions and post the requested logs. We need the information in order to help you.

Edited by cnm

Share this post


Link to post
Share on other sites

All right,

 

Here are the logs as requested. Please be aware that some other files has been cleaned / removed by Antivir.

 

 

Malwarebytes Anti-Malware (Versión de Prueba) 1.60.1.1000

www.malwarebytes.org

 

Versión de la Base de Datos: v2012.01.13.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

Jose :: NOMBRE-D4REFSK8 [administrador]

 

Protección: Habilitado

 

29/02/2012 23:22:36

mbam-log-2012-02-29 (23-22-36).txt

 

Tipos de Análisis: Análisis Rápido

Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opciones de análisis desactivados: P2P

Objetos examinados: 187503

Tiempo transcurrido: 9 minuto(s), 27 segundo(s)

 

Procesos en Memoria Detectados: 0

(No se han detectado elementos maliciosos)

 

Módulos de Memoria Detectados: 0

(No se han detectado elementos maliciosos)

 

Claves del Registro Detectados: 0

(No se han detectado elementos maliciosos)

 

Valores del Registro Detectados: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run| (Exploit.Drop) -> datos: C:\DOCUME~1\Jose\CONFIG~1\Temp\wpbt0.dll -> En cuarentena y eliminado con éxito.

 

Elementos de Datos del Registro Detectados: 7

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Malo: (0) Bueno: (1) -> En cuarentena y reparado con éxito.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Malo: (0) Bueno: (1) -> En cuarentena y reparado con éxito.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Malo: (0) Bueno: (1) -> En cuarentena y reparado con éxito.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Malo: (0) Bueno: (1) -> En cuarentena y reparado con éxito.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Malo: (0) Bueno: (1) -> En cuarentena y reparado con éxito.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Malo: (0) Bueno: (1) -> En cuarentena y reparado con éxito.

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.

 

Carpetas Detectadas: 0

(No se han detectado elementos maliciosos)

 

Archivos Detectados: 1

C:\Documents and Settings\Jose\Configuración local\Temp\wpbt0.dll (Exploit.Drop) -> En cuarentena y eliminado con éxito.

 

fin)

 

 

 

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29

Run by Jose at 19:14:38 on 2012-03-01

Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.2039.1266 [GMT 1:00]

.

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe

C:\Archivos de programa\Microsoft\BingBar\BBSvc.EXE

C:\Archivos de programa\Microsoft\BingBar\SeaPort.EXE

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe

C:\Archivos de programa\EeePC\ACPI\AsAcpiSvr.exe

C:\Archivos de programa\EeePC\ACPI\AsEPCMon.exe

C:\Archivos de programa\EeePC\ACPI\AsTray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Archivos de programa\Java\jre6\bin\jqs.exe

C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe

C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe

C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Archivos de programa\Google\Update\1.3.21.99\GoogleCrashHandler.exe

C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe

C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

C:\Archivos de programa\ASUS\Eee Docking\Eee Docking.exe

C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe

C:\Documents and Settings\Jose\Local Settings\Apps\F.lux\flux.exe

C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

C:\ARCHIV~1\MI3AA1~1\rapimgr.exe

C:\Archivos de programa\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Update\1.3.21.99\GoogleCrashHandler.exe

C:\Archivos de programa\Verbindungsassistent\wtgservice.exe

C:\WINDOWS\system32\igfxext.exe

C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe

svchost.exe

C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://eeepc.asus.com/global

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\archivos de programa\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\archivos de programa\divx\divx plus web player\npdivx32.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archivos de programa\spybot - search & destroy\SDHelper.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\archivos de programa\divx\divx plus web player\npdivx32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\archivos de programa\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\archivos de programa\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\archivos de programa\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [Eee Docking] c:\archivos de programa\asus\eee docking\Eee Docking.exe

uRun: [Google Update] "c:\documents and settings\jose\configuración local\datos de programa\google\update\GoogleUpdate.exe" /c

uRun: [H/PC Connection Agent] "c:\archivos de programa\microsoft activesync\wcescomm.exe"

uRun: [F.lux] "c:\documents and settings\jose\local settings\apps\f.lux\flux.exe" /noshow

uRun: [spybotSD TeaTimer] c:\archivos de programa\spybot - search & destroy\TeaTimer.exe

mRun: [AsusACPIServer] c:\archivos de programa\eeepc\acpi\AsAcpiSvr.exe

mRun: [AsusEPCMonitor] c:\archivos de programa\eeepc\acpi\AsEPCMon.exe

mRun: [AsusTray] c:\archivos de programa\eeepc\acpi\AsTray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\archivos de programa\synaptics\syntp\SynTPEnh.exe

mRun: [synAsusAcpi] c:\archivos de programa\synaptics\syntp\SynAsusAcpi.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\archivos de programa\archivos comunes\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\archivos de programa\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [avgnt] "c:\archivos de programa\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "c:\archivos de programa\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\superh~1.lnk - c:\archivos de programa\asus\eeepc\super hybrid engine\SuperHybridEngine.exe

StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\micros~1.lnk - c:\archivos de programa\microsoft office\office10\OSA.EXE

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~4\office10\EXCEL.EXE/3000

IE: Enviar a &Bluetooth - c:\archivos de programa\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Enviar a Bluetooth - c:\archivos de programa\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\archivos de programa\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\archivos de programa\windows live\writer\WriterBrowserExtension.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\archiv~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\archiv~1\mi3aa1~1\INetRepl.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\archivos de programa\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archivos de programa\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9A51D1B7-6B54-47EE-B541-63D032C92A52} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{9A51D1B7-6B54-47EE-B541-63D032C92A52} : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archiv~1\archiv~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, OjsiyrEmhang.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jose\datos de programa\mozilla\firefox\profiles\a2umw4m8.default\

FF - prefs.js: network.proxy.type - 0

FF - component: c:\archivos de programa\google\google gears\firefox\lib\ff36\gears.dll

FF - component: c:\documents and settings\jose\datos de programa\mozilla\firefox\profiles\a2umw4m8.default\extensions\piclens@cooliris.com\components\cooliris.dll

FF - plugin: c:\archivos de programa\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\archivos de programa\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\archivos de programa\google\picasa3\npPicasa3.dll

FF - plugin: c:\archivos de programa\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\archivos de programa\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\archivos de programa\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\archivos de programa\mozilla firefox 4.0 beta 11\plugins\npdeployJava1.dll

FF - plugin: c:\archivos de programa\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\jose\configuraciã³n local\datos de programa\google\update\1.3.21.99\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-29 36000]

R2 AntiVirSchedulerService;Avira Programador;c:\archivos de programa\avira\antivir desktop\sched.exe [2012-1-29 86224]

R2 AntiVirService;Avira Realtime Protection;c:\archivos de programa\avira\antivir desktop\avguard.exe [2012-1-29 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-29 74640]

R2 BBSvc;Bing Bar Update Service;c:\archivos de programa\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]

R2 BBUpdate;BBUpdate;c:\archivos de programa\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]

R2 DeviceManager;DeviceManager;c:\archivos de programa\archivos comunes\devicehelper\devicemanager.exe -start --> c:\archivos de programa\archivos comunes\devicehelper\DeviceManager.exe -start [?]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-22 55152]

R2 MBAMService;MBAMService;c:\archivos de programa\malwarebytes' anti-malware\mbamservice.exe [2012-2-29 652360]

R2 WTGService;WTGService;c:\archivos de programa\verbindungsassistent\WTGService.exe [2011-1-18 330696]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-5-20 38912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-29 20464]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-1 40776]

S2 aw_host;CdaD10BA;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 ccevtmgr;McciCMService;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 CTMFLT;Aeaudio;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 CTMMOUNT;Rawwan;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 CTMSHD;OdysseyIM3;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 gupdate;Google Update Service (gupdate);c:\archivos de programa\google\update\GoogleUpdate.exe [2010-9-10 136176]

S2 iksysflt;MRENDIS5;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 mclogmanagerservice;Aswmon2;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 mksvirmonsvc;Psdistributionagent;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 MpFilter;SRS_SSCFilter;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 navapel;Symtdi;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 navapsvc;K750bus;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 ofcpfwsvc;Pclepci;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 savrtpel;Bcserver;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 TeamViewer;Wencrservice;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S2 veteboot;Vaiomediaplatform-integratedserver-http;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-22 1684736]

S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [2011-1-18 100224]

S3 fsssvc;Windows Live Protección Infantil;c:\archivos de programa\windows live\family safety\fsssvc.exe [2009-2-6 533360]

S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\google\update\GoogleUpdate.exe [2010-9-10 136176]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-1-18 103040]

S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2009-12-17 103552]

S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-5-22 232872]

S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-4-1 39040]

.

=============== Created Last 30 ================

.

2012-03-01 18:03:36 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-01 00:14:06 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys

2012-03-01 00:14:06 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-03-01 00:12:45 -------- d-----w- c:\windows\system32\CatRoot_bak

2012-02-29 23:42:36 -------- d-----w- c:\windows\ServicePackFiles

2012-02-29 23:40:56 19569 ----a-w- c:\windows\000001_.tmp

2012-02-29 23:40:43 -------- d-----w- c:\windows\EHome

2012-02-29 23:27:56 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2012-02-29 23:27:50 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2012-02-29 23:27:49 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2012-02-29 23:27:43 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2012-02-29 23:27:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2012-02-29 23:27:29 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2012-02-29 23:27:22 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2012-02-29 23:27:20 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2012-02-29 23:27:15 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2012-02-29 23:27:14 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2012-02-29 23:26:47 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2012-02-29 23:26:44 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2012-02-29 23:26:38 35402 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2012-02-29 23:26:24 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2012-02-29 23:26:15 54272 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2012-02-29 23:26:09 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2012-02-29 23:26:00 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys

2012-02-29 23:24:55 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys

2012-02-29 23:24:49 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2012-02-29 23:24:42 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2012-02-29 23:24:41 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys

2012-02-29 23:24:40 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys

2012-02-29 23:24:36 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll

2012-02-29 23:24:29 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2012-02-29 23:24:23 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2012-02-29 23:24:17 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2012-02-29 23:24:11 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2012-02-29 23:24:05 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2012-02-29 23:22:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys

2012-02-29 23:22:52 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll

2012-02-29 23:22:47 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2012-02-29 23:22:41 212480 -c--a-w- c:\windows\system32\dllcache\um54scan.dll

2012-02-29 23:22:35 216576 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2012-02-29 23:22:29 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys

2012-02-29 23:22:27 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys

2012-02-29 23:22:21 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2012-02-29 23:22:12 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2012-02-29 23:22:06 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2012-02-29 23:22:00 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys

2012-02-29 23:21:55 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll

2012-02-29 23:21:49 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys

2012-02-29 23:21:43 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll

2012-02-29 23:21:37 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys

2012-02-29 23:21:31 43008 -c--a-w- c:\windows\system32\dllcache\tp4res.dll

2012-02-29 23:21:30 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe

2012-02-29 23:21:24 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll

2012-02-29 23:21:17 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys

2012-02-29 23:21:11 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys

2012-02-29 23:21:05 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys

2012-02-29 23:19:58 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll

2012-02-29 23:19:48 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys

2012-02-29 23:19:43 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys

2012-02-29 23:19:37 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys

2012-02-29 23:19:32 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys

2012-02-29 23:19:27 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2012-02-29 23:19:21 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2012-02-29 23:19:16 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2012-02-29 23:19:11 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2012-02-29 23:19:06 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2012-02-29 23:19:00 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2012-02-29 23:18:55 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2012-02-29 23:18:48 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2012-02-29 23:18:42 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2012-02-29 23:18:37 286848 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2012-02-29 23:18:31 17024 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2012-02-29 23:18:22 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2012-02-29 23:18:17 99840 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2012-02-29 23:18:08 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2012-02-29 23:18:00 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys

2012-02-29 23:17:55 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

2012-02-29 23:17:49 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

2012-02-29 23:17:43 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2012-02-29 23:17:38 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys

2012-02-29 23:17:32 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll

2012-02-29 23:17:27 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys

2012-02-29 23:17:22 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys

2012-02-29 23:17:21 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys

2012-02-29 23:17:21 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll

2012-02-29 23:17:15 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys

2012-02-29 23:17:03 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys

2012-02-29 23:15:59 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys

2012-02-29 23:14:50 161696 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2012-02-29 23:14:45 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2012-02-29 23:14:40 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2012-02-29 23:14:35 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2012-02-29 23:14:30 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2012-02-29 23:14:21 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2012-02-29 23:14:16 18176 -c--a-w- c:\windows\system32\dllcache\sermouse.sys

2012-02-29 23:14:10 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys

2012-02-29 23:14:08 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys

2012-02-29 23:14:03 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys

2012-02-29 23:13:57 17536 -c--a-w- c:\windows\system32\dllcache\scr111.sys

2012-02-29 23:13:52 16768 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys

2012-02-29 23:13:46 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys

2012-02-29 23:13:41 24064 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys

2012-02-29 23:13:39 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys

2012-02-29 23:13:34 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll

2012-02-29 23:13:27 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys

2012-02-29 23:13:22 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll

2012-02-29 23:13:17 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys

2012-02-29 23:13:12 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll

2012-02-29 23:13:07 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys

2012-02-29 23:13:02 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll

2012-02-29 23:11:56 10240 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll

2012-02-29 23:11:50 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys

2012-02-29 23:11:47 79360 -c--a-w- c:\windows\system32\dllcache\rocket.sys

2012-02-29 23:11:42 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2012-02-29 23:11:39 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys

2012-02-29 23:11:34 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll

2012-02-29 23:11:29 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys

2012-02-29 23:11:18 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys

2012-02-29 23:11:11 715370 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2012-02-29 23:11:06 899754 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2012-02-29 23:11:01 41984 -c--a-w- c:\windows\system32\dllcache\qvusd.dll

2012-02-29 23:10:56 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys

2012-02-29 23:10:47 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys

2012-02-29 23:10:42 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys

2012-02-29 23:10:37 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys

2012-02-29 23:10:32 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys

2012-02-29 23:10:27 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys

2012-02-29 23:10:25 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys

2012-02-29 23:10:18 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys

2012-02-29 23:10:14 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys

2012-02-29 23:10:09 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys

2012-02-29 23:10:07 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll

2012-02-29 23:10:02 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll

2012-02-29 23:08:55 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll

2012-02-29 23:07:56 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll

2012-02-29 23:07:52 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys

2012-02-29 23:07:47 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe

2012-02-29 23:07:42 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll

2012-02-29 23:07:37 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys

2012-02-29 23:07:32 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll

2012-02-29 23:07:27 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys

2012-02-29 23:07:23 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys

2012-02-29 23:07:18 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys

2012-02-29 23:07:13 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys

2012-02-29 23:07:08 54826 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys

2012-02-29 23:07:03 44201 -c--a-w- c:\windows\system32\dllcache\otceth5.sys

2012-02-29 23:05:55 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys

2012-02-29 23:05:49 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys

2012-02-29 23:05:48 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys

2012-02-29 23:05:39 67166 -c--a-w- c:\windows\system32\dllcache\netflx3.sys

2012-02-29 23:05:32 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys

2012-02-29 23:05:27 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll

2012-02-29 23:05:23 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys

2012-02-29 23:05:14 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll

2012-02-29 23:05:10 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys

2012-02-29 23:05:05 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys

2012-02-29 23:05:01 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll

2012-02-29 23:03:56 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2012-02-29 23:03:49 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2012-02-29 23:03:38 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2012-02-29 23:03:36 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys

2012-02-29 23:03:35 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll

2012-02-29 23:03:01 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2012-02-29 23:02:56 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2012-02-29 23:02:53 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2012-02-29 23:02:42 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys

2012-02-29 23:02:39 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2012-02-29 23:02:32 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2012-02-29 23:02:22 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys

2012-02-29 23:02:14 320512 -c--a-w- c:\windows\system32\dllcache\mgaum.sys

2012-02-29 23:02:09 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll

2012-02-29 23:02:07 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys

2012-02-29 23:02:03 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll

2012-02-29 23:00:59 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys

2012-02-29 23:00:52 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys

2012-02-29 23:00:48 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys

2012-02-29 23:00:44 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys

2012-02-29 23:00:39 16128 -c--a-w- c:\windows\system32\dllcache\lit220p.sys

2012-02-29 23:00:36 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2012-02-29 23:00:32 26922 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys

2012-02-29 23:00:27 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys

2012-02-29 23:00:20 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll

2012-02-29 23:00:19 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll

2012-02-29 23:00:17 254464 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll

2012-02-29 23:00:15 49152 -c--a-w- c:\windows\system32\dllcache\kdsui.dll

2012-02-29 23:00:01 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll

2012-02-29 22:59:57 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll

2012-02-29 22:59:42 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2012-02-29 22:59:38 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2012-02-29 22:59:34 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2012-02-29 22:59:30 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2012-02-29 22:59:22 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys

2012-02-29 22:59:18 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys

2012-02-29 22:59:16 29184 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2012-02-29 22:59:12 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys

2012-02-29 22:59:12 152576 -c--a-w- c:\windows\system32\dllcache\irftp.exe

2012-02-29 22:59:11 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys

2012-02-29 22:59:01 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2012-02-29 22:57:59 62976 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll

2012-02-29 22:56:57 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys

2012-02-29 22:55:58 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll

2012-02-29 22:54:59 19200 -c--a-w- c:\windows\system32\dllcache\hidir.sys

2012-02-29 22:53:58 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys

2012-02-29 22:52:59 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys

2012-02-29 22:51:57 144896 -c--a-w- c:\windows\system32\dllcache\epcfw2k.sys

2012-02-29 22:50:55 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys

2012-02-29 22:49:59 102484 -c--a-w- c:\windows\system32\dllcache\digiinf.dll

2012-02-29 22:48:59 28160 -c--a-w- c:\windows\system32\dllcache\cyzports.dll

2012-02-29 22:47:59 45696 -c--a-w- c:\windows\system32\dllcache\cirrus.sys

2012-02-29 22:46:47 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2012-02-29 22:45:59 11359 -c--a-w- c:\windows\system32\dllcache\atv02nt5.dll

2012-02-29 22:44:59 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys

2012-02-29 22:43:44 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2012-02-29 22:21:49 -------- d-----w- c:\documents and settings\jose\datos de programa\Malwarebytes

2012-02-29 22:21:40 -------- d-----w- c:\documents and settings\all users\datos de programa\Malwarebytes

2012-02-29 22:21:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-29 22:21:37 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware

2012-02-29 08:52:19 0 --sha-w- c:\windows\system32\dds_log_trash.cmd

2012-02-29 08:49:53 26112 ----a-w- c:\windows\system32\OjsiyrEmhang.dll

2012-02-19 14:20:02 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-19 14:20:02 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-06 21:02:14 -------- d-----w- C:\Jts

.

==================== Find3M ====================

.

2012-01-12 17:20:19 1860096 ----a-w- c:\windows\system32\win32k.sys

2011-12-19 08:07:55 832512 ----a-w- c:\windows\system32\wininet.dll

2011-12-19 08:07:55 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-19 08:07:54 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-12-19 08:07:54 17408 ----a-w- c:\windows\system32\corpol.dll

2011-12-16 08:50:35 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-16 08:50:34 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

.

============= FINISH: 19:16:31,59 ===============

 

 

 

Results of screen317's Security Check version 0.99.31

Windows XP Service Pack 3 x86

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Avira Free Antivirus

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

CCleaner

Java 6 Update 29

Java version out of date!

Adobe Flash Player 11.1.102.55

Adobe Reader 8 Adobe Reader out of date!

Mozilla Firefox (11.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbam.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

 

 

Thank you in advance!

Share this post


Link to post
Share on other sites

Hello alfileres.

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Share this post


Link to post
Share on other sites

Thank you cnm for your quick reply.

 

 

Here is the FSS log:

 

Farbar Service Scanner Version: 01-03-2012

Ran by Jose (administrator) on 01-03-2012 at 22:21:39

Running from "E:\"

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

 

NetBt Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open NetBt registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open NetBt registry key. The service key does not exist.

Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist.

 

 

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error: Google IP is unreachable

Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

 

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll

[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

 

C:\WINDOWS\system32\ipnathlp.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

 

C:\WINDOWS\system32\netman.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\srsvc.dll

[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

 

C:\WINDOWS\system32\Drivers\sr.sys

[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

 

C:\WINDOWS\system32\wscsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\wuauserv.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

 

C:\WINDOWS\system32\qmgr.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

 

C:\WINDOWS\system32\es.dll

[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

 

C:\WINDOWS\system32\cryptsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

 

C:\WINDOWS\system32\svchost.exe

[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

 

C:\WINDOWS\system32\rpcss.dll

[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

 

C:\WINDOWS\system32\services.exe

[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9

 

 

Extra List:

=======

fssfltr(8) Gpc(6) IPSec(4) PSched(7) Tcpip(3)

0x080000000400000001000000020000000300000005000000060000000700000008000000

IpSec Tag value is correct.

 

**** End of log ****

Share this post


Link to post
Share on other sites

Goodness! If all thoise files were bad we would have a lot of work to do. However I have looked up the MD5 for several of them and they appear to be correct. For instance, 2E6D76CAB5A402AF257A963916FE05E7 is the correct MD5 for dnsrslvr.dll. So that is a bit mysterious of FSS.

 

These two scans will not require internet access. Please download to your other PC and transfer them to the Desktop of the affected PC, then run and post the logs.

 

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

 


  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

 

 

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • In the 'Custom Scans/Fixes' window at the bottom, please copy and paste the contents of this codebox:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    dnsrslvr.dll
    ipnathlp.dll
    netman.dll
    WMIsvc.dll
    srsvc.dll
    sr.sys
    wscsvc.dll
    WMIsvc.dll
    wuauserv.dll
    qmgr.dll
    es.dll
    cryptsvc.dll
    svchost.exe
    rpcss.dll
    services.exe
    /md5stop
    %systemroot%\*. /mp /s


     

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy the contents of these files, one at a time, and post with your additional two replies.

Share this post


Link to post
Share on other sites

Hi again!

 

Maybe some files are correct because I re-installed the SP3 in the hope that this will fix the problem ...

Here are the logs

 

23:22:41.0921 3268 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24

23:22:42.0125 3268 ============================================================

23:22:42.0125 3268 Current date / time: 2012/03/01 23:22:42.0125

23:22:42.0125 3268 SystemInfo:

23:22:42.0125 3268

23:22:42.0125 3268 OS Version: 5.1.2600 ServicePack: 3.0

23:22:42.0125 3268 Product type: Workstation

23:22:42.0125 3268 ComputerName: NOMBRE-D4REFSK8

23:22:42.0125 3268 UserName: Jose

23:22:42.0125 3268 Windows directory: C:\WINDOWS

23:22:42.0125 3268 System windows directory: C:\WINDOWS

23:22:42.0125 3268 Processor architecture: Intel x86

23:22:42.0125 3268 Number of processors: 2

23:22:42.0125 3268 Page size: 0x1000

23:22:42.0125 3268 Boot type: Normal boot

23:22:42.0125 3268 ============================================================

23:22:43.0500 3268 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

23:22:43.0500 3268 Drive \Device\Harddisk1\DR5 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

23:22:43.0500 3268 \Device\Harddisk0\DR0:

23:22:43.0500 3268 MBR used

23:22:43.0500 3268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x901F5C0

23:22:43.0500 3268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x901F5FF, BlocksNum 0x901B73E

23:22:43.0500 3268 \Device\Harddisk1\DR5:

23:22:43.0500 3268 MBR used

23:22:43.0500 3268 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xC, StartLBA 0x478, BlocksNum 0x777B88

23:22:43.0625 3268 Initialize success

23:22:43.0625 3268 ============================================================

23:22:53.0281 3508 ============================================================

23:22:53.0281 3508 Scan started

23:22:53.0281 3508 Mode: Manual;

23:22:53.0281 3508 ============================================================

23:22:53.0593 3508 Abiosdsk - ok

23:22:53.0625 3508 abp480n5 - ok

23:22:53.0671 3508 ACPI (cf2a07e1751a2d612d7e13aa431ab057) C:\WINDOWS\system32\DRIVERS\ACPI.sys

23:22:53.0687 3508 ACPI - ok

23:22:53.0718 3508 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

23:22:53.0734 3508 ACPIEC - ok

23:22:53.0750 3508 adpu160m - ok

23:22:53.0812 3508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

23:22:53.0812 3508 aec - ok

23:22:53.0843 3508 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys

23:22:53.0843 3508 AFD - ok

23:22:53.0859 3508 Aha154x - ok

23:22:53.0890 3508 aic78u2 - ok

23:22:53.0906 3508 aic78xx - ok

23:22:53.0937 3508 AliIde - ok

23:22:54.0031 3508 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

23:22:54.0265 3508 Ambfilt - ok

23:22:54.0281 3508 amsint - ok

23:22:54.0406 3508 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys

23:22:54.0468 3508 AR5416 - ok

23:22:54.0515 3508 asc - ok

23:22:54.0546 3508 asc3350p - ok

23:22:54.0578 3508 asc3550 - ok

23:22:54.0687 3508 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys

23:22:54.0687 3508 AsusACPI - ok

23:22:54.0734 3508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

23:22:54.0750 3508 AsyncMac - ok

23:22:54.0812 3508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

23:22:54.0843 3508 atapi - ok

23:22:54.0859 3508 Atdisk - ok

23:22:54.0937 3508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

23:22:54.0953 3508 Atmarpc - ok

23:22:55.0000 3508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

23:22:55.0000 3508 audstub - ok

23:22:55.0062 3508 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

23:22:55.0062 3508 avgntflt - ok

23:22:55.0093 3508 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys

23:22:55.0093 3508 avipbb - ok

23:22:55.0140 3508 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

23:22:55.0140 3508 avkmgr - ok

23:22:55.0218 3508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

23:22:55.0218 3508 Beep - ok

23:22:55.0265 3508 btaudio - ok

23:22:55.0296 3508 BTDriver - ok

23:22:55.0343 3508 BTWDNDIS - ok

23:22:55.0375 3508 btwhid - ok

23:22:55.0406 3508 BTWUSB - ok

23:22:55.0484 3508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

23:22:55.0500 3508 cbidf2k - ok

23:22:55.0609 3508 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

23:22:55.0625 3508 CCDECODE - ok

23:22:55.0703 3508 cd20xrnt - ok

23:22:55.0750 3508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

23:22:55.0750 3508 Cdaudio - ok

23:22:55.0796 3508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

23:22:55.0812 3508 Cdfs - ok

23:22:55.0859 3508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

23:22:55.0859 3508 Cdrom - ok

23:22:55.0890 3508 Changer - ok

23:22:55.0984 3508 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

23:22:56.0000 3508 CmBatt - ok

23:22:56.0015 3508 CmdIde - ok

23:22:56.0062 3508 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

23:22:56.0093 3508 Compbatt - ok

23:22:56.0125 3508 Cpqarray - ok

23:22:56.0250 3508 dac2w2k - ok

23:22:56.0265 3508 dac960nt - ok

23:22:56.0359 3508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

23:22:56.0375 3508 Disk - ok

23:22:56.0468 3508 dmboot (c252a99c0a78b39faa2e2d1d048b1050) C:\WINDOWS\system32\drivers\dmboot.sys

23:22:56.0546 3508 dmboot - ok

23:22:56.0609 3508 dmio (33b4d4039cd2cb25351a7bf13b2988d9) C:\WINDOWS\system32\drivers\dmio.sys

23:22:56.0640 3508 dmio - ok

23:22:56.0687 3508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

23:22:56.0703 3508 dmload - ok

23:22:56.0750 3508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

23:22:56.0750 3508 DMusic - ok

23:22:56.0843 3508 dpti2o - ok

23:22:56.0906 3508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

23:22:56.0906 3508 drmkaud - ok

23:22:57.0093 3508 ewsercd (e66710639a292f6341d63b01ee8e8037) C:\WINDOWS\system32\DRIVERS\ewsercd.sys

23:22:57.0109 3508 ewsercd - ok

23:22:57.0171 3508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

23:22:57.0203 3508 Fastfat - ok

23:22:57.0250 3508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

23:22:57.0250 3508 Fdc - ok

23:22:57.0281 3508 Fips (e5e61f2c07344e91dbfb7eafde549ab4) C:\WINDOWS\system32\drivers\Fips.sys

23:22:57.0281 3508 Fips - ok

23:22:57.0312 3508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

23:22:57.0312 3508 Flpydisk - ok

23:22:57.0359 3508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

23:22:57.0390 3508 FltMgr - ok

23:22:57.0437 3508 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

23:22:57.0437 3508 fssfltr - ok

23:22:57.0484 3508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

23:22:57.0484 3508 Fs_Rec - ok

23:22:57.0531 3508 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

23:22:57.0546 3508 Ftdisk - ok

23:22:57.0625 3508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

23:22:57.0625 3508 Gpc - ok

23:22:57.0781 3508 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

23:22:57.0781 3508 HDAudBus - ok

23:22:57.0843 3508 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

23:22:57.0859 3508 HidUsb - ok

23:22:57.0890 3508 hpn - ok

23:22:58.0218 3508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

23:22:58.0234 3508 HTTP - ok

23:22:58.0296 3508 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

23:22:58.0312 3508 hwdatacard - ok

23:22:58.0375 3508 hwusbfake (1d4d6d24256f61e6b08a3cf8184a78b8) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys

23:22:58.0406 3508 hwusbfake - ok

23:22:58.0437 3508 i2omgmt - ok

23:22:58.0468 3508 i2omp - ok

23:22:58.0578 3508 i8042prt (4a2490a66e8271901e89dd5fb79748ae) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

23:22:58.0578 3508 i8042prt - ok

23:22:58.0937 3508 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

23:22:59.0203 3508 ialm - ok

23:22:59.0296 3508 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys

23:22:59.0296 3508 iaStor - ok

23:22:59.0406 3508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

23:22:59.0406 3508 Imapi - ok

23:22:59.0453 3508 ini910u - ok

23:22:59.0687 3508 IntcAzAudAddService (9037c8bd3e896d7f2803a171fdeaeef4) C:\WINDOWS\system32\drivers\RtkHDAud.sys

23:22:59.0765 3508 IntcAzAudAddService - ok

23:22:59.0796 3508 IntelIde - ok

23:22:59.0875 3508 intelppm (49a060498c09db18c3ea9939789005ab) C:\WINDOWS\system32\DRIVERS\intelppm.sys

23:22:59.0890 3508 intelppm - ok

23:22:59.0984 3508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

23:23:00.0031 3508 Ip6Fw - ok

23:23:00.0093 3508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

23:23:00.0093 3508 IpFilterDriver - ok

23:23:00.0125 3508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

23:23:00.0140 3508 IpInIp - ok

23:23:00.0203 3508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

23:23:00.0203 3508 IpNat - ok

23:23:00.0250 3508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

23:23:00.0250 3508 IPSec - ok

23:23:00.0312 3508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

23:23:00.0328 3508 IRENUM - ok

23:23:00.0390 3508 isapnp (0f3d281b0410fe5d482aada37d20524b) C:\WINDOWS\system32\DRIVERS\isapnp.sys

23:23:00.0406 3508 isapnp - ok

23:23:00.0484 3508 Kbdclass (188ddd286bc0daea6984858c6a4d7bbf) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

23:23:00.0484 3508 Kbdclass - ok

23:23:00.0531 3508 kbdhid (72efebecf76eb1dccc5ba9ea746d90e8) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

23:23:00.0546 3508 kbdhid - ok

23:23:00.0609 3508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

23:23:00.0625 3508 kmixer - ok

23:23:00.0687 3508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

23:23:00.0703 3508 KSecDD - ok

23:23:00.0812 3508 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

23:23:00.0828 3508 L1c - ok

23:23:00.0890 3508 lbrtfdc - ok

23:23:01.0046 3508 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

23:23:01.0046 3508 MBAMProtector - ok

23:23:01.0156 3508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

23:23:01.0156 3508 mnmdd - ok

23:23:01.0218 3508 Modem (9024556e739b8469d2b8f5f0e4c9bc9f) C:\WINDOWS\system32\drivers\Modem.sys

23:23:01.0234 3508 Modem - ok

23:23:01.0343 3508 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

23:23:01.0515 3508 Monfilt - ok

23:23:01.0609 3508 Mouclass (6fd36b4994a2363659a65c9f970cfdb7) C:\WINDOWS\system32\DRIVERS\mouclass.sys

23:23:01.0609 3508 Mouclass - ok

23:23:01.0671 3508 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys

23:23:01.0671 3508 mouhid - ok

23:23:01.0734 3508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

23:23:01.0750 3508 MountMgr - ok

23:23:01.0781 3508 mraid35x - ok

23:23:01.0843 3508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

23:23:01.0843 3508 MRxDAV - ok

23:23:02.0046 3508 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

23:23:02.0109 3508 MRxSmb - ok

23:23:02.0265 3508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

23:23:02.0265 3508 Msfs - ok

23:23:02.0328 3508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

23:23:02.0328 3508 MSKSSRV - ok

23:23:02.0375 3508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

23:23:02.0375 3508 MSPCLOCK - ok

23:23:02.0421 3508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

23:23:02.0437 3508 MSPQM - ok

23:23:02.0500 3508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

23:23:02.0500 3508 mssmbios - ok

23:23:02.0546 3508 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

23:23:02.0546 3508 MSTEE - ok

23:23:02.0625 3508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

23:23:02.0640 3508 Mup - ok

23:23:02.0734 3508 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

23:23:02.0750 3508 NABTSFEC - ok

23:23:02.0828 3508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

23:23:02.0859 3508 NDIS - ok

23:23:02.0906 3508 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

23:23:02.0921 3508 NdisIP - ok

23:23:02.0953 3508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

23:23:02.0953 3508 NdisTapi - ok

23:23:03.0015 3508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

23:23:03.0015 3508 Ndisuio - ok

23:23:03.0046 3508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

23:23:03.0046 3508 NdisWan - ok

23:23:03.0078 3508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

23:23:03.0078 3508 NDProxy - ok

23:23:03.0093 3508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

23:23:03.0093 3508 NetBIOS - ok

23:23:03.0187 3508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

23:23:03.0187 3508 Npfs - ok

23:23:03.0265 3508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

23:23:03.0328 3508 Ntfs - ok

23:23:03.0375 3508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

23:23:03.0375 3508 Null - ok

23:23:03.0453 3508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

23:23:03.0468 3508 NwlnkFlt - ok

23:23:03.0484 3508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

23:23:03.0500 3508 NwlnkFwd - ok

23:23:03.0593 3508 Parport (e7855cbd8bd1fda085a3f92cff7906e2) C:\WINDOWS\system32\drivers\Parport.sys

23:23:03.0609 3508 Parport - ok

23:23:03.0640 3508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

23:23:03.0640 3508 PartMgr - ok

23:23:03.0671 3508 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys

23:23:03.0687 3508 ParVdm - ok

23:23:03.0718 3508 PCI (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\WINDOWS\system32\DRIVERS\pci.sys

23:23:03.0734 3508 PCI - ok

23:23:03.0750 3508 PCIDump - ok

23:23:03.0765 3508 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys

23:23:03.0781 3508 PCIIde - ok

23:23:03.0812 3508 Pcmcia (f50c27cca56dc97b3a45e7f0059bd2ba) C:\WINDOWS\system32\drivers\Pcmcia.sys

23:23:03.0828 3508 Pcmcia - ok

23:23:03.0843 3508 PDCOMP - ok

23:23:03.0875 3508 PDFRAME - ok

23:23:03.0906 3508 PDRELI - ok

23:23:03.0921 3508 PDRFRAME - ok

23:23:03.0937 3508 perc2 - ok

23:23:03.0953 3508 perc2hib - ok

23:23:04.0062 3508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

23:23:04.0062 3508 PptpMiniport - ok

23:23:04.0093 3508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

23:23:04.0093 3508 PSched - ok

23:23:04.0125 3508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

23:23:04.0125 3508 Ptilink - ok

23:23:04.0171 3508 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

23:23:04.0187 3508 PxHelp20 - ok

23:23:04.0218 3508 qcusbser (9ccf89372c5a04e97cd89b58ae697796) C:\WINDOWS\system32\DRIVERS\qcusbser.sys

23:23:04.0234 3508 qcusbser - ok

23:23:04.0250 3508 ql1080 - ok

23:23:04.0281 3508 Ql10wnt - ok

23:23:04.0296 3508 ql12160 - ok

23:23:04.0312 3508 ql1240 - ok

23:23:04.0343 3508 ql1280 - ok

23:23:04.0390 3508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

23:23:04.0390 3508 RasAcd - ok

23:23:04.0421 3508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

23:23:04.0421 3508 Rasl2tp - ok

23:23:04.0453 3508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

23:23:04.0453 3508 RasPppoe - ok

23:23:04.0468 3508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

23:23:04.0468 3508 Raspti - ok

23:23:04.0531 3508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

23:23:04.0531 3508 Rdbss - ok

23:23:04.0562 3508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

23:23:04.0562 3508 RDPCDD - ok

23:23:04.0640 3508 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

23:23:04.0671 3508 RDPWD - ok

23:23:04.0734 3508 redbook (20950948970a0ea329b4254052bcf093) C:\WINDOWS\system32\DRIVERS\redbook.sys

23:23:04.0734 3508 redbook - ok

23:23:04.0984 3508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

23:23:05.0000 3508 Secdrv - ok

23:23:05.0031 3508 Serial (f41b42b92ae9c1191858c3f80cc24a9c) C:\WINDOWS\system32\drivers\Serial.sys

23:23:05.0046 3508 Serial - ok

23:23:05.0093 3508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

23:23:05.0093 3508 Sfloppy - ok

23:23:05.0125 3508 Simbad - ok

23:23:05.0171 3508 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

23:23:05.0171 3508 SLIP - ok

23:23:05.0218 3508 Sparrow - ok

23:23:05.0296 3508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

23:23:05.0296 3508 splitter - ok

23:23:05.0359 3508 sr (ccb3065c3ee63a4515fe84af9e78d1dd) C:\WINDOWS\system32\DRIVERS\sr.sys

23:23:05.0390 3508 sr - ok

23:23:05.0437 3508 SRS_PremiumSound_Service (0bd44aa4743a9dbd2c638d699a7fd438) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys

23:23:05.0453 3508 SRS_PremiumSound_Service - ok

23:23:05.0500 3508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

23:23:05.0531 3508 Srv - ok

23:23:05.0609 3508 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

23:23:05.0609 3508 ssmdrv - ok

23:23:05.0656 3508 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

23:23:05.0671 3508 streamip - ok

23:23:05.0718 3508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

23:23:05.0718 3508 swenum - ok

23:23:05.0765 3508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

23:23:05.0765 3508 swmidi - ok

23:23:05.0796 3508 symc810 - ok

23:23:05.0812 3508 symc8xx - ok

23:23:05.0843 3508 sym_hi - ok

23:23:05.0859 3508 sym_u3 - ok

23:23:05.0890 3508 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys

23:23:05.0890 3508 SynTP - ok

23:23:05.0921 3508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

23:23:05.0921 3508 sysaudio - ok

23:23:06.0000 3508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

23:23:06.0015 3508 Tcpip - ok

23:23:06.0046 3508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

23:23:06.0062 3508 TDPIPE - ok

23:23:06.0078 3508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

23:23:06.0093 3508 TDTCP - ok

23:23:06.0156 3508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

23:23:06.0156 3508 TermDD - ok

23:23:06.0203 3508 TosIde - ok

23:23:06.0312 3508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

23:23:06.0328 3508 Udfs - ok

23:23:06.0359 3508 ultra - ok

23:23:06.0406 3508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

23:23:06.0406 3508 Update - ok

23:23:06.0468 3508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

23:23:06.0468 3508 usbccgp - ok

23:23:06.0515 3508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

23:23:06.0531 3508 usbehci - ok

23:23:06.0562 3508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

23:23:06.0562 3508 usbhub - ok

23:23:06.0578 3508 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

23:23:06.0593 3508 usbstor - ok

23:23:06.0640 3508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

23:23:06.0640 3508 usbuhci - ok

23:23:06.0687 3508 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

23:23:06.0687 3508 usbvideo - ok

23:23:06.0734 3508 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

23:23:06.0734 3508 usb_rndisx - ok

23:23:06.0796 3508 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys

23:23:06.0812 3508 uvclf - ok

23:23:06.0843 3508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

23:23:06.0843 3508 VgaSave - ok

23:23:06.0859 3508 ViaIde - ok

23:23:06.0921 3508 VolSnap (c41ffdc191e6c832e2e53c967eae0a16) C:\WINDOWS\system32\drivers\VolSnap.sys

23:23:06.0937 3508 VolSnap - ok

23:23:07.0062 3508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

23:23:07.0062 3508 Wanarp - ok

23:23:07.0140 3508 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

23:23:07.0140 3508 Wdf01000 - ok

23:23:07.0171 3508 WDICA - ok

23:23:07.0218 3508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

23:23:07.0218 3508 wdmaud - ok

23:23:07.0406 3508 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

23:23:07.0406 3508 WS2IFSL - ok

23:23:07.0453 3508 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

23:23:07.0468 3508 WSTCODEC - ok

23:23:07.0515 3508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

23:23:07.0531 3508 WudfPf - ok

23:23:07.0546 3508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

23:23:07.0562 3508 WudfRd - ok

23:23:07.0671 3508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

23:23:07.0906 3508 \Device\Harddisk0\DR0 - ok

23:23:07.0921 3508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR5

23:23:16.0000 3508 \Device\Harddisk1\DR5 - ok

23:23:16.0125 3508 Boot (0x1200) (1cac8553b2f8c12871a8a453dfee50e0) \Device\Harddisk0\DR0\Partition0

23:23:16.0125 3508 \Device\Harddisk0\DR0\Partition0 - ok

23:23:16.0140 3508 Boot (0x1200) (23d9801df2bad941df900c69868db793) \Device\Harddisk0\DR0\Partition1

23:23:16.0156 3508 \Device\Harddisk0\DR0\Partition1 - ok

23:23:16.0156 3508 Boot (0x1200) (3d04f5251c7666dc73736f0d5e0747e9) \Device\Harddisk1\DR5\Partition0

23:23:16.0156 3508 \Device\Harddisk1\DR5\Partition0 - ok

23:23:16.0156 3508 ============================================================

23:23:16.0156 3508 Scan finished

23:23:16.0156 3508 ============================================================

23:23:16.0187 2736 Detected object count: 0

23:23:16.0187 2736 Actual detected object count: 0

23:23:34.0640 2928 Deinitialize success

 

 

OTL logfile created on: 01/03/2012 23:28:52 - Run 1

OTL by OldTimer - Version 3.2.34.0 Folder = E:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

 

1,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,42% Memory free

3,33 Gb Paging File | 2,81 Gb Available in Paging File | 84,54% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa

Drive C: | 72,06 Gb Total Space | 11,47 Gb Free Space | 15,92% Space Free | Partition Type: NTFS

Drive D: | 72,05 Gb Total Space | 71,56 Gb Free Space | 99,31% Space Free | Partition Type: NTFS

Drive E: | 3,73 Gb Total Space | 2,72 Gb Free Space | 73,06% Space Free | Partition Type: FAT32

 

Computer Name: NOMBRE-D4REFSK8 | User Name: Jose | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - E:\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Archivos de programa\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Archivos de programa\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

PRC - C:\Archivos de programa\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Archivos de programa\Verbindungsassistent\WTGService.exe ()

PRC - C:\Documents and Settings\Jose\Local Settings\Apps\F.lux\flux.exe ()

PRC - C:\Archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe ()

PRC - C:\Archivos de programa\ASUS\Eee Docking\Eee Docking.exe ()

PRC - C:\Archivos de programa\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

PRC - C:\Archivos de programa\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)

PRC - C:\Archivos de programa\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)

PRC - C:\Archivos de programa\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

PRC - C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Archivos de programa\FileZilla FTP Client\fzshellext.dll ()

MOD - C:\Archivos de programa\Avira\AntiVir Desktop\sqlite3.dll ()

MOD - C:\Archivos de programa\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Archivos de programa\Verbindungsassistent\WTGService.exe ()

MOD - C:\Archivos de programa\WinRAR\RarExt.dll ()

MOD - C:\Documents and Settings\Jose\Local Settings\Apps\F.lux\flux.exe ()

MOD - C:\Archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe ()

MOD - C:\Archivos de programa\ASUS\Eee Docking\Eee Docking.exe ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (ZSMC303) -- File not found

SRV - (zpmysql) -- File not found

SRV - (xnacc) -- File not found

SRV - (XFX_program) -- File not found

SRV - (WscNetDr) -- File not found

SRV - (wpsscannersvc) -- File not found

SRV - (WMIService) -- File not found

SRV - (WmFilter) -- File not found

SRV - (WISTechVIDCAP) -- File not found

SRV - (winss) -- File not found

SRV - (winpowerrmi) -- File not found

SRV - (winachcf) -- File not found

SRV - (websensedcagent) -- File not found

SRV - (webfilter) -- File not found

SRV - (wdm_au8820) -- File not found

SRV - (wcontrol) -- File not found

SRV - (Wbutton) -- File not found

SRV - (wanminiportservice) -- File not found

SRV - (wandrv) -- File not found

SRV - (wampmysqld) -- File not found

SRV - (WacomVKHid) -- File not found

SRV - (wacomkey) -- File not found

SRV - (w810obex) -- File not found

SRV - (W700mgmt) -- File not found

SRV - (w550mgmt) -- File not found

SRV - (w550mdm) -- File not found

SRV - (w39n51) -- File not found

SRV - (w200mdfl) -- File not found

SRV - (vxsvc) -- File not found

SRV - (vwd) -- File not found

SRV - (vulfnths) -- File not found

SRV - (vpcbus) -- File not found

SRV - (vnxservice) -- File not found

SRV - (vmparport) -- File not found

SRV - (vmount2) -- File not found

SRV - (viaudio) -- File not found

SRV - (veteboot) -- File not found

SRV - (vaiomediaplatform-photoserver-appserver) -- File not found

SRV - (useraccess7) -- File not found

SRV - (useraccess) -- File not found

SRV - (usbcm) -- File not found

SRV - (USBCamera) -- File not found

SRV - (USB28xxOEM) -- File not found

SRV - (upsentry_smart) -- File not found

SRV - (unlockerdriver5) -- File not found

SRV - (UimBus) -- File not found

SRV - (UCTblHid) -- File not found

SRV - (U81xbus) -- File not found

SRV - (tvald) -- File not found

SRV - (tsmservice) -- File not found

SRV - (tsmapip) -- File not found

SRV - (trayman) -- File not found

SRV - (transactional) -- File not found

SRV - (tossmbnt) -- File not found

SRV - (tosrfec) -- File not found

SRV - (toshidpt) -- File not found

SRV - (tos_sps32) -- File not found

SRV - (tmesbs32) -- File not found

SRV - (timounter) -- File not found

SRV - (tgsrvc_smartagent) -- File not found

SRV - (TeamViewer) -- File not found

SRV - (tdrpman174) -- File not found

SRV - (tbhsd) -- File not found

SRV - (sysmgmthp) -- File not found

SRV - (sysaidagent) -- File not found

SRV - (symwsc) -- File not found

SRV - (svcwrsssdk) -- File not found

SRV - (SunkFilt39) -- File not found

SRV - (stirusb) -- File not found

SRV - (ssm_mdfl) -- File not found

SRV - (srvdpi) -- File not found

SRV - (SrvcSSIOMngr) -- File not found

SRV - (sr_watchdog) -- File not found

SRV - (sqlagent$sony_mediamgr) -- File not found

SRV - (spupdsvc) -- File not found

SRV - (spsslm) -- File not found

SRV - (SPFDRV) -- File not found

SRV - (spcstb) -- File not found

SRV - (sonypvs1) -- File not found

SRV - (SNTIE) -- File not found

SRV - (snpstd2) -- File not found

SRV - (snmptrapdservice) -- File not found

SRV - (snapman) -- File not found

SRV - (slee_503_service) -- File not found

SRV - (siswlsvc) -- File not found

SRV - (SiSGbeXP) -- File not found

SRV - (sglfb) -- File not found

SRV - (sfcure01) -- File not found

SRV - (sentinelprotectionserver) -- File not found

SRV - (se58unic) -- File not found

SRV - (se58mdfl) -- File not found

SRV - (SE2Eobex) -- File not found

SRV - (SE2Emgmt) -- File not found

SRV - (SE2Bobex) -- File not found

SRV - (sbhooksvc) -- File not found

SRV - (savrtpel) -- File not found

SRV - (SaiClass) -- File not found

SRV - (s7otranx) -- File not found

SRV - (s217mdm) -- File not found

SRV - (RR2Vbi) -- File not found

SRV - (roxliveshare) -- File not found

SRV - (rnadirectory) -- File not found

SRV - (rnadiagnosticsservice) -- File not found

SRV - (riomsc) -- File not found

SRV - (retrowdsvc) -- File not found

SRV - (relational) -- File not found

SRV - (rchost) -- File not found

SRV - (raidmsvr) -- File not found

SRV - (quickbooksdb) -- File not found

SRV - (ql2100) -- File not found

SRV - (qconsvc) -- File not found

SRV - (PSSdk21) -- File not found

SRV - (ps2) -- File not found

SRV - (prevxagent) -- File not found

SRV - (PNRPSvc) -- File not found

SRV - (Pnp680r) -- File not found

SRV - (pnkbstrb) -- File not found

SRV - (PGPdisk) -- File not found

SRV - (pfmodnt) -- File not found

SRV - (pdlnctdl) -- File not found

SRV - (PDExchange) -- File not found

SRV - (pccsmcfd) -- File not found

SRV - (parallel) -- File not found

SRV - (p2pgasvc) -- File not found

SRV - (P16X) -- File not found

SRV - (orbpvr) -- File not found

SRV - (oracleorahomepagingserver) -- File not found

SRV - (oraclemtsrecoveryservice) -- File not found

SRV - (omniusb) -- File not found

SRV - (ofcpfwsvc) -- File not found

SRV - (NwSapAgent) -- File not found

SRV - (NWHOST) -- File not found

SRV - (nwcworkstation) -- File not found

SRV - (nvport) -- File not found

SRV - (nvax) -- File not found

SRV - (nvata) -- File not found

SRV - (NTACCESS) -- File not found

SRV - (NsTrcNT) -- File not found

SRV - (nsm1bus) -- File not found

SRV - (npptnt2) -- File not found

SRV - (npkcusb) -- File not found

SRV - (nmwcdc) -- File not found

SRV - (nipsvc) -- File not found

SRV - (NIPALK) -- File not found

SRV - (nimdbgk) -- File not found

SRV - (nimcrpcsu) -- File not found

SRV - (netwg311) -- File not found

SRV - (NetwareWorkstation) -- File not found

SRV - (netw4x32) -- File not found

SRV - (navapsvc) -- File not found

SRV - (navapel) -- File not found

SRV - (nalntservice) -- File not found

SRV - (n558) -- File not found

SRV - (mxnic) -- File not found

SRV - (mwsejcap) -- File not found

SRV - (mwsarcpkt) -- File not found

SRV - (MTsensor) -- File not found

SRV - (MSTAPE) -- File not found

SRV - (msmframework) -- File not found

SRV - (msdv) -- File not found

SRV - (MRESP50) -- File not found

SRV - (MpFilter) -- File not found

SRV - (MobilityService) -- File not found

SRV - (mmc_2K) -- File not found

SRV - (mksvirmonsvc) -- File not found

SRV - (MKEMUSB) -- File not found

SRV - (mhn) -- File not found

SRV - (mgabg) -- File not found

SRV - (merakpop3) -- File not found

SRV - (mcmscsvc) -- File not found

SRV - (mclogmanagerservice) -- File not found

SRV - (mbackmonitor) -- File not found

SRV - (MA8032U) -- File not found

SRV - (lxcccustomerconnect) -- File not found

SRV - (lwwlicenseservice) -- File not found

SRV - (lvupdtio) -- File not found

SRV - (lvmvdrv) -- File not found

SRV - (ltmodem5) -- File not found

SRV - (lirsgt) -- File not found

SRV - (LHidUsbK) -- File not found

SRV - (LHidFilt) -- File not found

SRV - (L8042mou) -- File not found

SRV - (L6POD) -- File not found

SRV - (kraidsvc) -- File not found

SRV - (k750bus) -- File not found

SRV - (jukebox3) -- File not found

SRV - (JiaoCap) -- File not found

SRV - (jconfigd) -- File not found

SRV - (ISAMSvc) -- File not found

SRV - (ireike) -- File not found

SRV - (irda) -- File not found

SRV - (iolodmv) -- File not found

SRV - (inort) -- File not found

SRV - (incdrm) -- File not found

SRV - (imonnt) -- File not found

SRV - (iksysflt) -- File not found

SRV - (igfx) -- File not found

SRV - (ifp800) -- File not found

SRV - (icepack) -- File not found

SRV - (ICAM3NT5) -- File not found

SRV - (ibmfilter) -- File not found

SRV - (IBM_LLC2) -- File not found

SRV - (hpzius12) -- File not found

SRV - (HPSLPSVC) -- File not found

SRV - (HpqRemHid) -- File not found

SRV - (HpqKbFiltr) -- File not found

SRV - (Hotkey) -- File not found

SRV - (hap17v2k) -- File not found

SRV - (HabuFltr) -- File not found

SRV - (gv3) -- File not found

SRV - (GTSCSER) -- File not found

SRV - (GTF32BUS) -- File not found

SRV - (GT680x) -- File not found

SRV - (ghaio) -- File not found

SRV - (genregistrar) -- File not found

SRV - (GBDevice) -- File not found

SRV - (FTSER2K) -- File not found

SRV - (ftsata2) -- File not found

SRV - (filechecker) -- File not found

SRV - (fcprintservice) -- File not found

SRV - (fasttrackinstallerservice) -- File not found

SRV - (eskerlicensecontrol) -- File not found

SRV - (epson_pm_rpcv4_01) -- File not found

SRV - (enxpsvc) -- File not found

SRV - (entertainment) -- File not found

SRV - (enodpl) -- File not found

SRV - (ELmon) -- File not found

SRV - (ELhid) -- File not found

SRV - (elbydelay) -- File not found

SRV - (EKECioCtl) -- File not found

SRV - (eelsservice) -- File not found

SRV - (dsunidrv) -- File not found

SRV - (DritekPortIO) -- File not found

SRV - (dot4scan) -- File not found

SRV - (dnetc) -- File not found

SRV - (dlcq_device) -- File not found

SRV - (dlcg_device) -- File not found

SRV - (digitizer) -- File not found

SRV - (DgiVecp) -- File not found

SRV - (ddxgb) -- File not found

SRV - (DCamUSBSQTECH) -- File not found

SRV - (cxusb) -- File not found

SRV - (CX23880) -- File not found

SRV - (cwafadminmonitor) -- File not found

SRV - (cvslock) -- File not found

SRV - (ctxcpuusync) -- File not found

SRV - (CTMSHD) -- File not found

SRV - (CTMMOUNT) -- File not found

SRV - (CTMFLT) -- File not found

SRV - (CTHWIUT.DLL) -- File not found

SRV - (crcdisk) -- File not found

SRV - (cq_mem) -- File not found

SRV - (com0com) -- File not found

SRV - (co_mon) -- File not found

SRV - (cmudau) -- File not found

SRV - (cmuda) -- File not found

SRV - (cics.region2) -- File not found

SRV - (cdudf_xp) -- File not found

SRV - (cdrbsdrv) -- File not found

SRV - (cdr4_xp) -- File not found

SRV - (cdmservice) -- File not found

SRV - (c-dillasrv) -- File not found

SRV - (CcmExec) -- File not found

SRV - (ccevtmgr) -- File not found

SRV - (caccprovsp) -- File not found

SRV - (btkrnl) -- File not found

SRV - (bthserv) -- File not found

SRV - (bthport) -- File not found

SRV - (bt3cusb) -- File not found

SRV - (BootScreen) -- File not found

SRV - (bobo) -- File not found

SRV - (bltrust) -- File not found

SRV - (bhmonitorservice) -- File not found

SRV - (bdftdif) -- File not found

SRV - (bcftdi) -- File not found

SRV - (backupexecrpcservice) -- File not found

SRV - (axskbus) -- File not found

SRV - (aw_host) -- File not found

SRV - (autostore) -- File not found

SRV - (AtlsAud) -- File not found

SRV - (ATKGFNEXSrv) -- File not found

SRV - (ATKFUSService) -- File not found

SRV - (atinevxx) -- File not found

SRV - (ATIBTCAP) -- File not found

SRV - (askernel) -- File not found

SRV - (ashampoodefragservice) -- File not found

SRV - (armoucfltr) -- File not found

SRV - (aracpi) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (apache2) -- File not found

SRV - (aliadwdm) -- File not found

SRV - (afs2k) -- File not found

SRV - (AEADIFilters) -- File not found

SRV - (adsexpb) -- File not found

SRV - (AdfuUd) -- File not found

SRV - (aavmker4) -- File not found

SRV - (a8djusb) -- File not found

SRV - (A88xTuner) -- File not found

SRV - (a016mdm) -- File not found

SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AntiVirSchedulerService) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (BBSvc) -- C:\Archivos de programa\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (BBUpdate) -- C:\Archivos de programa\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (WTGService) -- C:\Archivos de programa\Verbindungsassistent\WTGService.exe ()

SRV - (DeviceManager) -- C:\Archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe ()

SRV - (MDM) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)

DRV - (ewsercd) -- C:\WINDOWS\system32\drivers\ewsercd.sys (Huawei Technologies Co., Ltd.)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (qcusbser) -- C:\WINDOWS\system32\drivers\qcusbser.sys (TCT International Mobile Ltd)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\SearchScopes,DefaultScope = {520E21C6-4C1F-48C6-BB0B-33B41FF09524}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes\{520E21C6-4C1F-48C6-BB0B-33B41FF09524}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9

FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.3.53363

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Archivos de programa\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Archivos de programa\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/19 12:01:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Archivos de programa\Google\Google Gears\Firefox\ [2010/09/10 22:42:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Archivos de programa\DivX\DivX Plus Web Player\firefox\html5video [2011/03/22 22:21:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Archivos de programa\DivX\DivX Plus Web Player\firefox\wpa [2011/03/22 22:21:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ff [2009/12/28 14:17:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox 4.0 Beta 11\components [2012/02/26 18:24:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox 4.0 Beta 11\plugins [2011/08/17 06:21:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/05/01 22:13:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/07/16 23:10:43 | 000,000,000 | ---D | M]

 

[2009/12/16 22:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Extensions

[2009/12/16 22:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2012/02/28 20:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Firefox\Profiles\a2umw4m8.default\extensions

[2012/01/29 10:24:26 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Firefox\Profiles\a2umw4m8.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

[2011/01/09 11:21:06 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Firefox\Profiles\a2umw4m8.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

[2012/02/28 20:29:39 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Firefox\Profiles\a2umw4m8.default\extensions\donottrackplus@abine.com

[2011/12/18 09:25:41 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Firefox\Profiles\a2umw4m8.default\extensions\piclens@cooliris.com

[2011/10/28 16:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions

[2011/05/01 22:13:23 | 000,000,000 | ---D | M] (Default) -- C:\Archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/12/28 14:17:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009/12/28 16:05:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010/05/04 20:54:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/08 21:21:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/10 23:02:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/28 00:00:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/04/16 20:42:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSE\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\A2UMW4M8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011/05/01 22:13:12 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\com

Share this post


Link to post
Share on other sites

These instructions are by sUBs at http://www.techsupportforum.com/forums/

I don't know whether they apply to XP, but please give it a try.

 

1. Locate the file - C:\Windows\inf\Nettcpip.inf

  • It's important that you first make a copy of the file. Place the copy on your Desktop.
  • Once you have done that, use Notepad open the original file for editing.

 

nettcpipinf.png

 

 

2. Locate the [MS_TCPIP.PrimaryInstall] section.

 

3. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0×80.

 

 

nettcpipinfEdited.png

 

 

4. Save the file, and then exit Notepad.

 

 

resetTcpip0.png

 

 

5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.

 

 

resetTcpip2.pngresetTcpip3.png

 

 

6. On the General tab, click Install, select Protocol, and then click Add.

 

 

resetTcpip4.png

 

 

7. In the Select Network Protocols window, click Have Disk.

 

 

resetTcpip5.png

 

 

 

8. In the Copy manufacturer’s files from: text box, type c:\windows\inf, and then click OK.

 

 

resetTcpip6.png

 

 

 

9. Select Internet Protocol (TCP/IP), and then click OK.

 

 

resetTcpip7.png

 

 

Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.

 

10. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.

 

 

11. It is important that you restart the computer to complete the uninstall.

 

 

 

------------

 

 

Step #2 - Reinstall of TCP/IP

 

 

nettcpipinf.png

 

 

 

Take the nettcpip.inf which you have earlier copied to Desktop. Move it back to the directory C:\Windows\INF\ overwriting the existing copy. The file shall now look exactly like the sample above.

 

 

Redo sub-steps 4-11 to re-install TCP/IP

Share this post


Link to post
Share on other sites

We're getting closer but it still does not work.

It's improved since I can connect via internet if I know the ip address. However, the dns still does not work.

 

Do you have a suggestion there?

Thank you in advance.

Share this post


Link to post
Share on other sites

Please run Farbar Service Scanner again and post new log. Sounds like DNS problem, offhand.

Share this post


Link to post
Share on other sites

Hi, this is the output from FSS

 

Farbar Service Scanner Version: 01-03-2012

Ran by Jose (administrator) on 03-03-2012 at 11:09:48

Running from "E:\"

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

 

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll

[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

 

C:\WINDOWS\system32\ipnathlp.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

 

C:\WINDOWS\system32\netman.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\srsvc.dll

[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

 

C:\WINDOWS\system32\Drivers\sr.sys

[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

 

C:\WINDOWS\system32\wscsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\wuauserv.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

 

C:\WINDOWS\system32\qmgr.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

 

C:\WINDOWS\system32\es.dll

[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

 

C:\WINDOWS\system32\cryptsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

 

C:\WINDOWS\system32\svchost.exe

[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

 

C:\WINDOWS\system32\rpcss.dll

[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

 

C:\WINDOWS\system32\services.exe

[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9

 

 

Extra List:

=======

fssfltr(8) Gpc(6) IPSec(13) NetBT(14) PSched(7) Tcpip(12)

0x0E0000000D0000000A0000000400000001000000020000000300000005000000060000000700000008000000090000000B0000000C0000000E000000

 

 

**** End of log ****

 

 

Thank you!

Share this post


Link to post
Share on other sites

Do Start > Run and enter 'cmd.exe'.

At the command prompt enter:

ipconfig /flushdns

 

Did that help?

 

If not, please reboot into 'Safe Mode with Networking'. (Hit the F8 key several times while booting to get the boot menu). Does the DNS still not work?

Share this post


Link to post
Share on other sites

Do Start > Run and enter 'cmd.exe'.

At the command prompt enter:

ipconfig /flushdns

 

Did that help?

 

If not, please reboot into 'Safe Mode with Networking'. (Hit the F8 key several times while booting to get the boot menu). Does the DNS still not work?

Share this post


Link to post
Share on other sites

It did not work. In addition, I cannot restart in safe mode with network as I get a blue screen and immediately after I get the start menu again.

Any ideas?

Share this post


Link to post
Share on other sites

Bring up OTL (don't run it just yet).

 

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:DFC5A2B2

[C:\WINDOWS\$NtUninstallKB26159$]

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

:Commands

[EMPTYTEMP]

[CREATERESTOREPOINT]

Close other windows.

Then click the red 'Run Fix' button (not the Run Scan).

 

Post the log OTL.TXT in your reply.

 

 

After that:

 

Download the Kaspersky Virus Removal Tool installer and transfer to affected PC. You'll need to give Kaspersky your email address.

 

Download the latest version of Kaspersky Virus Removal Tool

  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.
    6zvqld.gif
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved into another reply.

Share this post


Link to post
Share on other sites

OTL is taking forever. it says "killing process. DO NOT INTERRUPT..." for more than 30 mins.

It this normal? How long should it take?

 

Thank you

Share this post


Link to post
Share on other sites

It may not be able to remove that mount point. Wait maybe 5 minutes more, then kill it and proceed to try the Kaspersky AntiVirus tool.

 

 

After that:

Your inability to boot to Safe Mode plus that mount point make me think you might have ZeroAccess. It would be nice if we could run ComboFix but it would probably want an internet connection. However after the Kaspersky please download and transfer it, then run it. If it says LIMITED FUNCTIONALITY that's all right:

 

Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:

how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

Please go here to see a list of programs that should be disabled.

 

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

 

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.

Share this post


Link to post
Share on other sites

Hi again,

 

I did not manage to run OTL.

Regarding the Kaspersky Virus Removal Tool, there is not such a thing as detected section in the log or a first part. I've search for the 'detected' word in the log and I'm posting now the results here:

04/03/2012 11:56:24 Detected: http://www.securelist.com/en/advisories/43269 C:\archivos de programa\Adobe\Reader 8.0\Reader\RdLang32.ESP

04/03/2012 11:50:15 Detected: http://www.securelist.com/en/advisories/48009 C:\Archivos de programa\Java\jre6\bin\java.exe

04/03/2012 11:21:56 Detected: http://www.securelist.com/en/advisories/48033 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

04/03/2012 9:49:44 Detected: Exploit.Java.CVE-2011-3544.jt C:\Documents and Settings\Jose\Datos de programa\Sun\Java\Deployment\cache\6.0\6\6f5830c6-50b8f5a6/Photo.class

04/03/2012 9:37:58 Detected: Trojan.Win32.Yakes.qap C:\Documents and Settings\Jose\Configuración local\Datos de programa\7ca7e577\X

04/03/2012 9:34:49 Detected: Backdoor.Win32.Agent.cfwq C:\Documents and Settings\Jose\Configuración local\Archivos temporales de Internet\Content.IE5\K40LWTOE\10[1].exe

04/03/2012 9:22:24 Detected: http://www.securelist.com/en/advisories/48089 C:\Archivos de programa\Mozilla Firefox\firefox.exe

04/03/2012 9:03:23 Detected: http://www.securelist.com/en/advisories/43269 C:\Archivos de programa\Adobe\Reader 8.0\Reader\AcroRd32.dll

04/03/2012 9:14:32 Detected: http://www.securelist.com/en/advisories/48009 C:\Archivos de programa\Java\jre6\bin\java.exe

 

 

Regarding ComboFix ... It said that the PC is infected with Rootkit.ZeroAccess in the tcp/ip stack. It also complained that it could not install the Recovery Console as no internet connection was available. Here is the log:

 

ComboFix 12-03-03.02 - Jose 04/03/2012 19:20:35.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.2039.1589 [GMT 1:00]

Running from: c:\documents and settings\Jose\Escritorio\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Datos de programa\TEMP

c:\windows\$NtUninstallKB26159$

c:\windows\$NtUninstallKB26159$\2091378039\@

c:\windows\$NtUninstallKB26159$\2091378039\L\uzmqoagj

c:\windows\$NtUninstallKB26159$\2091378039\loader.tlb

c:\windows\$NtUninstallKB26159$\2091378039\U\@00000001

c:\windows\$NtUninstallKB26159$\2091378039\U\@000000c0

c:\windows\$NtUninstallKB26159$\2091378039\U\@000000cb

c:\windows\$NtUninstallKB26159$\2091378039\U\@000000cf

c:\windows\$NtUninstallKB26159$\2091378039\U\@80000000

c:\windows\$NtUninstallKB26159$\2091378039\U\@800000c0

c:\windows\$NtUninstallKB26159$\2091378039\U\@800000cb

c:\windows\$NtUninstallKB26159$\2091378039\U\@800000cf

c:\windows\$NtUninstallKB26159$\3483856644

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NWSAPAGENT

-------\Service_NwSapAgent

.

.

((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))

.

.

2012-02-29 23:46 . 2008-04-14 06:48 870784 ------w- c:\windows\system32\ati3d1ag.dll

2012-02-29 23:42 . 2008-04-14 06:48 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll

2012-02-29 23:40 . 2006-12-28 23:31 19569 ----a-w- c:\windows\000001_.tmp

2012-02-29 23:40 . 2012-02-29 23:40 -------- d-----w- c:\windows\EHome

2012-02-29 23:20 . 2001-08-17 20:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys

2012-02-29 23:20 . 2001-08-17 19:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys

2012-02-29 23:19 . 2001-08-22 21:14 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll

2012-02-29 23:19 . 2001-08-17 21:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys

2012-02-29 23:19 . 2001-08-17 21:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys

2012-02-29 23:19 . 2001-08-17 21:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys

2012-02-29 23:19 . 2001-08-17 21:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys

2012-02-29 23:19 . 2001-08-22 21:15 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2012-02-29 23:19 . 2001-08-17 20:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2012-02-29 23:19 . 2001-08-17 21:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2012-02-29 23:19 . 2001-08-22 21:15 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2012-02-29 23:19 . 2001-08-22 21:15 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2012-02-29 23:19 . 2001-08-22 21:15 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2012-02-29 23:18 . 2001-08-22 21:15 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2012-02-29 23:18 . 2001-08-22 21:15 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2012-02-29 23:18 . 2001-08-22 21:15 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2012-02-29 23:18 . 2001-08-22 20:28 286848 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2012-02-29 23:18 . 2001-08-22 20:27 17024 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2012-02-29 23:18 . 2001-08-17 19:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2012-02-29 23:18 . 2001-08-22 21:15 99840 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2012-02-29 23:18 . 2001-08-22 21:15 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2012-02-29 23:18 . 2001-08-17 20:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys

2012-02-29 23:17 . 2001-08-22 21:15 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

2012-02-29 23:17 . 2001-08-17 21:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

2012-02-29 23:17 . 2001-08-17 20:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2012-02-29 23:17 . 2001-08-17 19:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys

2012-02-29 23:17 . 2001-08-22 21:15 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll

2012-02-29 23:17 . 2001-08-17 19:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys

2012-02-29 23:17 . 2001-08-17 20:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys

2012-02-29 23:17 . 2008-04-14 12:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll

2012-02-29 23:17 . 2008-04-13 23:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys

2012-02-29 23:17 . 2001-08-17 20:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys

2012-02-29 23:17 . 2001-08-17 19:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys

2012-02-29 23:15 . 2008-04-13 21:05 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys

2012-02-29 23:14 . 2001-08-22 20:49 161696 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2012-02-29 23:14 . 2001-07-21 21:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2012-02-29 23:14 . 2001-08-17 19:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2012-02-29 23:14 . 2001-08-22 21:14 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2012-02-29 23:14 . 2001-08-17 19:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2012-02-29 23:14 . 2001-08-22 20:49 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2012-02-29 23:14 . 2001-08-22 20:49 18176 -c--a-w- c:\windows\system32\dllcache\sermouse.sys

2012-02-29 23:14 . 2001-08-17 20:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys

2012-02-29 23:14 . 2008-04-13 23:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys

2012-02-29 23:14 . 2001-08-17 20:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys

2012-02-29 23:13 . 2001-08-22 20:49 17536 -c--a-w- c:\windows\system32\dllcache\scr111.sys

2012-02-29 23:13 . 2001-08-22 20:48 16768 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys

2012-02-29 23:13 . 2001-08-17 20:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys

2012-02-29 23:13 . 2001-08-22 20:48 24064 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys

2012-02-29 23:13 . 2008-04-13 23:10 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys

2012-02-29 23:13 . 2001-08-22 21:15 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll

2012-02-29 23:13 . 2001-08-17 19:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys

2012-02-29 23:13 . 2001-08-22 21:14 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll

2012-02-29 23:13 . 2001-08-17 19:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys

2012-02-29 23:13 . 2001-08-22 21:14 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll

2012-02-29 23:13 . 2001-08-17 19:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys

2012-02-29 23:13 . 2001-08-22 21:14 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll

2012-02-29 23:11 . 2001-08-22 21:15 10240 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll

2012-02-29 23:11 . 2001-08-17 19:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys

2012-02-29 23:11 . 2008-04-14 06:22 79360 -c--a-w- c:\windows\system32\dllcache\rocket.sys

2012-02-29 23:11 . 2001-08-17 19:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2012-02-29 23:11 . 2008-04-13 23:16 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys

2012-02-29 23:11 . 2001-08-22 21:15 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll

2012-02-29 23:11 . 2008-04-13 22:53 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys

2012-02-29 23:11 . 2001-08-17 20:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys

2012-02-29 23:11 . 2001-08-22 20:46 715370 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2012-02-29 23:11 . 2001-08-22 20:46 899754 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2012-02-29 23:11 . 2001-08-22 21:15 41984 -c--a-w- c:\windows\system32\dllcache\qvusd.dll

2012-02-29 23:10 . 2001-08-17 20:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys

2012-02-29 23:10 . 2001-08-17 20:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys

2012-02-29 23:10 . 2001-08-17 20:52 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys

2012-02-29 23:10 . 2001-08-17 20:52 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys

2012-02-29 23:10 . 2001-08-17 20:52 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys

2012-02-29 23:10 . 2001-08-17 20:52 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys

2012-02-29 23:10 . 2008-04-13 23:10 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys

2012-02-29 23:10 . 2001-08-17 20:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys

2012-02-29 23:10 . 2001-08-17 20:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys

2012-02-29 23:10 . 2001-08-17 20:28 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys

2012-02-29 23:10 . 2008-04-14 06:48 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll

2012-02-29 23:10 . 2001-08-22 21:15 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll

2012-02-29 23:08 . 2008-04-14 06:47 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll

2012-02-29 23:07 . 2001-08-22 21:15 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll

2012-02-29 23:07 . 2001-08-17 21:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys

2012-02-29 23:07 . 2001-08-22 21:15 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe

2012-02-29 23:07 . 2001-08-22 21:15 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll

2012-02-29 23:07 . 2001-08-17 21:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys

2012-02-29 23:07 . 2001-08-22 21:15 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll

2012-02-29 23:07 . 2001-08-17 21:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys

2012-02-29 23:07 . 2001-08-17 21:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys

2012-02-29 23:07 . 2001-08-17 21:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys

2012-02-29 23:07 . 2001-08-17 21:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys

2012-02-29 23:07 . 2001-08-22 20:43 54826 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys

2012-02-29 23:07 . 2001-08-22 20:43 44201 -c--a-w- c:\windows\system32\dllcache\otceth5.sys

2012-02-29 23:05 . 2001-08-17 19:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys

2012-02-29 23:05 . 2001-08-17 19:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys

2012-02-29 23:05 . 2008-04-14 06:25 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys

2012-02-29 23:05 . 2001-08-22 20:39 67166 -c--a-w- c:\windows\system32\dllcache\netflx3.sys

2012-02-29 23:05 . 2001-08-17 19:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys

2012-02-29 23:05 . 2001-08-22 21:14 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll

2012-02-29 23:05 . 2001-08-17 20:49 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys

2012-02-29 23:05 . 2001-08-22 21:14 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll

2012-02-29 23:05 . 2001-08-17 19:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys

2012-02-29 23:05 . 2001-08-17 19:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys

2012-02-29 23:05 . 2001-08-22 21:14 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll

2012-02-29 23:03 . 2008-04-13 23:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2012-02-29 23:03 . 2001-08-17 20:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2012-02-29 23:03 . 2001-08-17 21:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2012-02-29 23:03 . 2008-04-13 23:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys

2012-02-29 23:03 . 2008-04-14 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll

2012-02-29 23:03 . 2001-08-17 21:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2012-02-29 23:02 . 2001-08-17 20:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2012-02-29 23:02 . 2008-04-13 23:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2012-02-29 23:02 . 2001-08-17 20:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys

2012-02-29 23:02 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2012-02-29 23:02 . 2001-08-17 20:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2012-02-29 23:02 . 2001-08-17 20:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys

2012-02-29 23:02 . 2001-08-22 20:33 320512 -c--a-w- c:\windows\system32\dllcache\mgaum.sys

2012-02-29 23:02 . 2001-08-22 21:14 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll

2012-02-29 23:02 . 2008-04-13 23:11 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys

2012-02-29 23:02 . 2001-08-22 21:15 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll

2012-02-29 23:00 . 2001-08-17 20:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys

2012-02-29 23:00 . 2001-08-17 19:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-15 16:34 . 2012-01-29 15:58 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-01-12 17:20 . 2009-05-22 04:48 1860096 ----a-w- c:\windows\system32\win32k.sys

2011-12-19 08:07 . 2009-05-22 04:48 832512 ----a-w- c:\windows\system32\wininet.dll

2011-12-19 08:07 . 2009-05-22 04:48 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-19 08:07 . 2009-05-22 04:48 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-12-19 08:07 . 2009-05-22 04:48 17408 ----a-w- c:\windows\system32\corpol.dll

2011-12-16 08:50 . 2012-01-29 15:58 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-16 08:50 . 2012-01-29 15:58 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eee Docking"="c:\archivos de programa\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]

"H/PC Connection Agent"="c:\archivos de programa\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"F.lux"="c:\documents and settings\Jose\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

"SpybotSD TeaTimer"="c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AsusACPIServer"="c:\archivos de programa\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]

"AsusEPCMonitor"="c:\archivos de programa\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]

"AsusTray"="c:\archivos de programa\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"SynTPEnh"="c:\archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]

"SynAsusAcpi"="c:\archivos de programa\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]

"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]

"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2011-06-09 254696]

"DivXUpdate"="c:\archivos de programa\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]

"Malwarebytes' Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Jose\Menú Inicio\Programas\Inicio\

_uninst_65942103.lnk - c:\documents and settings\Jose\Configuración local\Temp\_uninst_65942103.bat [N/A]

.

c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\

SuperHybridEngine.lnk - c:\archivos de programa\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-22 376832]

Microsoft Office.lnk - c:\archivos de programa\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, OjsiyrEmhang.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\archivos de programa\Microsoft ActiveSync\rapimgr.exe"= c:\archivos de programa\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\archivos de programa\Microsoft ActiveSync\wcescomm.exe"= c:\archivos de programa\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\archivos de programa\Microsoft ActiveSync\WCESMgr.exe"= c:\archivos de programa\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

"d:\\eclipse\\eclipse.exe"=

"c:\\Archivos de programa\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Archivos de programa\\DivX\\DivX Update\\DivXUpdate.exe"=

"c:\\Documents and Settings\\Jose\\Local Settings\\Apps\\F.lux\\flux.exe"=

"c:\\Archivos de programa\\Avira\\AntiVir Desktop\\ipmgui.exe"=

"c:\\Archivos de programa\\Mozilla Firefox 4.0 Beta 11\\firefox.exe"=

"c:\\Archivos de programa\\Java\\jre6\\bin\\java.exe"=

"c:\\Archivos de programa\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"=

"c:\\Archivos de programa\\Avira\\AntiVir Desktop\\avnotify.exe"=

"c:\\Documents and Settings\\Jose\\Configuración local\\Datos de programa\\Google\\Update\\GoogleUpdate.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [29/01/2012 16:58 36000]

R2 AntiVirSchedulerService;Avira Programador;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [29/01/2012 16:58 86224]

R2 BBSvc;Bing Bar Update Service;c:\archivos de programa\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]

R2 BBUpdate;BBUpdate;c:\archivos de programa\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]

R2 DeviceManager;DeviceManager;c:\archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe -start --> c:\archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe -start [?]

R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [29/02/2012 23:21 652360]

R2 WTGService;WTGService;c:\archivos de programa\Verbindungsassistent\WTGService.exe [18/01/2011 22:48 330696]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20/05/2009 6:08 38912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/02/2012 23:21 20464]

S2 gupdate;Google Update Service (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [10/09/2010 22:42 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/05/2009 5:20 1684736]

S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [18/01/2011 22:48 100224]

S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [10/09/2010 22:42 136176]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [18/01/2011 22:48 103040]

S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [17/12/2009 14:36 103552]

S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [22/05/2009 5:58 232872]

S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01/04/2009 3:41 39040]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

spcstb

tbhsd

prevxagent

MTsensor

SunkFilt39

s217mdm

CX23880

mhn

vnxservice

aavmker4

riomsc

mgabg

ghaio

EKECioCtl

TeamViewer

winachcf

symwsc

sentinelprotectionserver

sysmgmthp

lvmvdrv

tosrfec

A88xTuner

BootScreen

GT680x

atinevxx

adsexpb

ELhid

ATIBTCAP

pccsmcfd

armoucfltr

inort

siswlsvc

mxnic

toshidpt

cq_mem

NsTrcNT

srvdpi

FTSER2K

lvupdtio

nalntservice

SPFDRV

cvslock

afs2k

vaiomediaplatform-photoserver-appserver

Pnp680r

filechecker

MobilityService

ibmfilter

veteboot

elbydelay

navapsvc

cmudau

Wbutton

dnetc

AEADIFilters

btkrnl

ql2100

iolodmv

sglfb

bt3cusb

webfilter

w550mdm

bhmonitorservice

tsmservice

tgsrvc_smartagent

aracpi

P16X

nimcrpcsu

NWHOST

netw4x32

dlcg_device

jconfigd

igfx

WmFilter

mwsarcpkt

tos_sps32

se58mdfl

digitizer

slee_503_service

se58unic

ashampoodefragservice

WISTechVIDCAP

trayman

U81xbus

incdrm

crcdisk

W700mgmt

vwd

vxsvc

mcmscsvc

ftsata2

aliadwdm

CTHWIUT.DLL

dsunidrv

bcftdi

IBM_LLC2

ATKFUSService

oraclemtsrecoveryservice

ELmon

msmframework

HpqKbFiltr

lxcccustomerconnect

cdrbsdrv

sr_watchdog

snmptrapdservice

aw_host

cdudf_xp

enxpsvc

NetwareWorkstation

cmuda

SiSGbeXP

tdrpman174

sqlagent$sony_mediamgr

transactional

PGPdisk

ctxcpuusync

tmesbs32

lirsgt

Hotkey

NTACCESS

hpzius12

HPSLPSVC

SE2Bobex

com0com

k750bus

co_mon

ccevtmgr

ICAM3NT5

w810obex

askernel

hap17v2k

cics.region2

wacomkey

PNRPSvc

nvax

retrowdsvc

kraidsvc

spsslm

w200mdfl

viaudio

p2pgasvc

netwg311

MSTAPE

ofcpfwsvc

dot4scan

wpsscannersvc

winpowerrmi

jukebox3

nimdbgk

vulfnths

mwsejcap

HabuFltr

CTMSHD

nwcworkstation

ATKGFNEXSrv

w550mgmt

bltrust

NwSapAgent

wanminiportservice

SNTIE

iksysflt

ps2

ISAMSvc

MpFilter

UCTblHid

unlockerdriver5

xnacc

a016mdm

USBCamera

nvata

c-dillasrv

CcmExec

tossmbnt

useraccess

sfcure01

backupexecrpcservice

enodpl

sbhooksvc

AtlsAud

XFX_program

sonypvs1

eskerlicensecontrol

ddxgb

mclogmanagerservice

vpcbus

JiaoCap

ltmodem5

qconsvc

caccprovsp

relational

mmc_2K

fcprintservice

upsentry_smart

spupdsvc

LHidFilt

L6POD

WscNetDr

pfmodnt

pnkbstrb

wampmysqld

USB28xxOEM

WMIService

genregistrar

apache2

raidmsvr

omniusb

PSSdk21

tvald

rchost

bdftdif

SE2Emgmt

imonnt

stirusb

SE2Eobex

ifp800

roxliveshare

oracleorahomepagingserver

WacomVKHid

orbpvr

msdv

winss

sysaidagent

wcontrol

npptnt2

savrtpel

DgiVecp

DCamUSBSQTECH

icepack

navapel

wandrv

MA8032U

UimBus

cdmservice

autostore

timounter

gv3

lwwlicenseservice

RR2Vbi

tsmapip

mbackmonitor

GTSCSER

DritekPortIO

CTMMOUNT

GBDevice

irda

ireike

a8djusb

websensedcagent

nmwcdc

bthserv

ssm_mdfl

fasttrackinstallerservice

L8042mou

merakpop3

usbcm

AdfuUd

rnadirectory

vmparport

nvport

cxusb

zpmysql

MRESP50

rnadiagnosticsservice

wdm_au8820

NIPALK

mksvirmonsvc

w39n51

GTF32BUS

axskbus

entertainment

n558

MKEMUSB

cwafadminmonitor

epson_pm_rpcv4_01

cdr4_xp

quickbooksdb

pdlnctdl

CTMFLT

eelsservice

snpstd2

useraccess7

PDExchange

vmount2

bobo

HpqRemHid

parallel

SaiClass

s7otranx

svcwrsssdk

bthport

npkcusb

nipsvc

nsm1bus

LHidUsbK

ZSMC303

dlcq_device

snapman

SrvcSSIOMngr

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

napagent

hkmsvc

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-09-10 21:42]

.

2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-09-10 21:42]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://eeepc.asus.com/global

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Enviar a &Bluetooth - c:\archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar a Bluetooth - c:\archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Jose\Datos de programa\Mozilla\Firefox\Profiles\a2umw4m8.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe

MSConfigStartUp-PAwhgCLyHSr - c:\documents and settings\All Users\Datos de programa\PAwhgCLyHSr.exe

MSConfigStartUp-SRS Premium Sound - c:\archivos de programa\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-04 19:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\docume~1\Jose\CONFIG~1\Temp\RGI5.tmp

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2868)

c:\windows\system32\WININET.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\archivos de programa\Avira\AntiVir Desktop\avguard.exe

c:\archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe

c:\archivos de programa\Java\jre6\bin\jqs.exe

c:\archivos de programa\Google\Update\1.3.21.99\GoogleCrashHandler.exe

c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\archivos de programa\Avira\AntiVir Desktop\avshadow.exe

c:\archiv~1\MI3AA1~1\rapimgr.exe

c:\windows\system32\igfxext.exe

.

**************************************************************************

.

Completion time: 2012-03-04 19:44:11 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-04 18:44

.

Pre-Run: 16.073.777.152 bytes libres

Post-Run: 16.703.442.944 bytes libres

.

- - End Of File - - E832589DA1028D65385E5B99CB690B7D

 

 

Thank you in advance for your kind help

Share this post


Link to post
Share on other sites

Yes, I suspected ZeroAccess.

 

Did Kaspersky Virus Removal Tool remove those things it detected?

 

What is your status now? Please let me know.

- Still no DNS?

- Still can't boot Safe Mode with Networking?

 

 

Please be patient while I consult others as to how best to proceed.

Share this post


Link to post
Share on other sites

Status summary:

- The Kaspersky Virus Removal Tool remove all those things and the status light was yellow at the end of the process (it was red after detection prior deletion).

- DNS still does not work

- Regarding Safe Mode with Networking ... it now works! however, DNS still does not work in safe mode with networking.

 

Thank you for all your help so far. I wait for your instructions.

Share this post


Link to post
Share on other sites

That's good news. Let's see if we can fix the DNS now.

 

First make a System Restore Point. How to set a system restore point in Windows XP. Label it "Bad DNS" so you don't inadvertently use it.

 

Transfer ERUNT to the Desktop of the sick PC and run it.

Back up your Registry with ERUNT.

 

Transfer WinSockFix 1.1.0.13 to sick PC Desktop and run it.

WinSockFix 1.1.0.13. CAUTION: click on one of the blue 'Softpedia Mirror' links and don't be misled by the big DOWNLOAD button which is for something else.

Run it, reboot, and please let me know if it worked. If not, other methods are available.

Share this post


Link to post
Share on other sites

Just wanting to make sure this isn't merely a browser problem.

 

Please do Start > Run, enter 'cmd.exe'.

At the prompt enter

ping www.google.com

Do you get error "Ping request could not find host"?

 

Edit:

Also please enter

ipconfig > ipconfig.txt

Post the contents of ipconfig.txt in your reply; then you can delete it.

Share this post


Link to post
Share on other sites

yes, ping could not find host

 

here is the ipconfig output:

 

 

Configuración IP de Windows

 

 

 

 

 

Adaptador Ethernet Conexión de área local :

 

 

 

Estado de los medios. . . .: medios desconectados

 

 

 

Adaptador Ethernet Conexiones de red inalámbricas :

 

 

 

Sufijo de conexión específica DNS : localdomain

 

Dirección IP. . . . . . . . . . . : 192.168.1.6

 

Máscara de subred . . . . . . . . : 255.255.255.0

 

Puerta de enlace predeterminada : 192.168.1.1

Share this post


Link to post
Share on other sites

That is a very sparse looking ipconfig output. I expected more text. Perhaps XP needs /all.

Please enter this at command prompt:

ipconfig /all > ipconfig.txt

and post the new ipconfig.txt.

 

Please get a new copy of Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Share this post


Link to post
Share on other sites

Here is the output:

It puzzles me that it says that DHCP is not enabled but I've checked the service (DHCP Client) and it is started.

 

 

Configuración IP de Windows

 

 

 

Nombre del host . . . . . . . . . : nombre-d4refsk8

 

Sufijo DNS principal . . . . . . :

 

Tipo de nodo . . . . . . . . . . : desconocido

 

Enrutamiento habilitado. . . . . .: No

 

Proxy WINS habilitado. . . . . : No

 

Lista de búsqueda de sufijo DNS: localdomain

 

 

 

Adaptador Ethernet Conexión de área local :

 

 

 

Estado de los medios. . . .: medios desconectados

 

Descripción. . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller

 

Dirección física. . . . . . . . . : 90-E6-BA-0A-56-B9

 

 

 

Adaptador Ethernet Conexiones de red inalámbricas :

 

 

 

Sufijo de conexión específica DNS : localdomain

 

Descripción. . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter

 

Dirección física. . . . . . . . . : 00-25-D3-5A-B8-24

 

DHCP habilitado. . . . . . . . . : No

 

Autoconfiguración habilitada. . . : Sí

 

Dirección IP. . . . . . . . . . . : 192.168.1.6

 

Máscara de subred . . . . . . . . : 255.255.255.0

 

Puerta de enlace predeterminada : 192.168.1.1

 

Servidor DHCP . . . . . . . . . . : 192.168.1.1

 

Servidores DNS . . . . . . . . . .: 192.168.1.1

 

Concesión obtenida . . . . . . . : lunes, 05 de marzo de 2012 19:41:00

 

Concesión expira . . . . . . . . .: lunes, 12 de marzo de 2012 19:41:00

 

 

 

 

This is the FSS output:

Farbar Service Scanner Version: 01-03-2012

Ran by Jose (administrator) on 05-03-2012 at 19:41:53

Running from "E:\"

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

 

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll

[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

 

C:\WINDOWS\system32\ipnathlp.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

 

C:\WINDOWS\system32\netman.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\srsvc.dll

[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

 

C:\WINDOWS\system32\Drivers\sr.sys

[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

 

C:\WINDOWS\system32\wscsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\wuauserv.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

 

C:\WINDOWS\system32\qmgr.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

 

C:\WINDOWS\system32\es.dll

[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

 

C:\WINDOWS\system32\cryptsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

 

C:\WINDOWS\system32\svchost.exe

[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

 

C:\WINDOWS\system32\rpcss.dll

[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

 

C:\WINDOWS\system32\services.exe

[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9

 

 

Extra List:

=======

fssfltr(8) Gpc(6) IPSec(13) NetBT(14) PSched(7) Tcpip(12)

0x0E0000000D0000000A0000000400000001000000020000000300000005000000060000000700000008000000090000000B0000000C0000000E000000

 

 

**** End of log ****

 

 

Thank you!

Share this post


Link to post
Share on other sites

More consultation in progress. Thanks for your patience.

Share this post


Link to post
Share on other sites

Bring up OTL (don't run it just yet).

Set all of the eight sections at the top (Processes, Modules, etc) to 'None'.

 

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL

:Reg

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

:Commands

[EMPTYTEMP]

[CREATERESTOREPOINT]

Close other windows.

Then click the red 'Run Fix' button (not the Run Scan).

It will reboot.

 

Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.

  • On the General tab, click Install a popup window opens.
  • Select Protocol from the list and then click Add.
  • A new window opens, click Have Disk....
  • In the browse... box type c:\windows\inf
  • Click OK.
  • Select Internet Protocol (TCP/IP), and then click OK.
  • Restart and check the connection.

Share this post


Link to post
Share on other sites

Bring up OTL (don't run it just yet).

Set all of the eight sections at the top (Processes, Modules, etc) to 'None'.

 

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL

:Reg

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

:Commands

[EMPTYTEMP]

[CREATERESTOREPOINT]

Close other windows.

Then click the red 'Run Fix' button (not the Run Scan).

After running, it will reboot.

 

Then after reboot:

Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.

  • On the General tab, click Install a popup window opens.
  • Select Protocol from the list and then click Add.
  • A new window opens, click Have Disk....
  • In the browse... box type c:\windows\inf
  • Click OK.
  • Select Internet Protocol (TCP/IP), and then click OK.
  • Restart and check the connection.

 

Finally, please run Farbar Service Scanner again and post its log.

Share this post


Link to post
Share on other sites

Lets try removing the two Registry keys a different way.

Copy this text to Notepad (the blank line is necessary):

REGEDIT4

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2]

Save As 'WinsockOut.reg' with file type set to All types (*.*)

Then right-click the 'WinsockOut.reg' and select 'Merge'.

 

If any problem with that, try it in Safe Mode.

 

Then reboot, and do this:

Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.

  • On the General tab, click Install a popup window opens.
  • Select Protocol from the list and then click Add.
  • A new window opens, click Have Disk....
  • In the browse... box type c:\windows\inf
  • Click OK.
  • Select Internet Protocol (TCP/IP), and then click OK.
  • Restart and check the connection.

 

Finally, please run Farbar Service Scanner again and post its log.

Share this post


Link to post
Share on other sites

everything went fine, in the sense that i could run everything. However Internet still does not work.

 

here is the log

Farbar Service Scanner Version: 01-03-2012

Ran by Jose (administrator) on 06-03-2012 at 19:27:44

Running from "E:\"

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

 

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll

[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

 

C:\WINDOWS\system32\ipnathlp.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

 

C:\WINDOWS\system32\netman.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\srsvc.dll

[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

 

C:\WINDOWS\system32\Drivers\sr.sys

[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

 

C:\WINDOWS\system32\wscsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\wuauserv.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

 

C:\WINDOWS\system32\qmgr.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

 

C:\WINDOWS\system32\es.dll

[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

 

C:\WINDOWS\system32\cryptsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

 

C:\WINDOWS\system32\svchost.exe

[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

 

C:\WINDOWS\system32\rpcss.dll

[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

 

C:\WINDOWS\system32\services.exe

[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9

 

 

Extra List:

=======

fssfltr(8) Gpc(6) IPSec(13) NetBT(14) PSched(7) Tcpip(12)

0x0E0000000D0000000A0000000400000001000000020000000300000005000000060000000700000008000000090000000B0000000C0000000E000000

 

 

**** End of log ****

 

Any ideas?

Thank you!

Share this post


Link to post
Share on other sites

Go Start > Run

In the box type 'regedit' and press enter

A window will open with a tree structure

Open the tree by pressing the little arrows unitl you reach this Key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IpSec]

Right click the key and select 'Export'

Save it to your desktop

Right click the reg file on the desktop and select Edit

Copy and paste the data to your next reply

Share this post


Link to post
Share on other sites

it looks like the lpSec key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services does not exists!

I've looked for 'lpSec' in all keys (in the My PC root) and it could not find it.

Share this post


Link to post
Share on other sites

Please go to http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/

Download XP.zip

Open the .zip file and right-click the 'ipsec.reg'.

Select 'Open' or 'Merge' and click 'Yes'.

 

Now the Key will be there. Please open regedit again and export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IpSec as above.

 

Please post the data.

Share this post


Link to post
Share on other sites

done! Here is the export

 

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]

"Type"=dword:00000001

"Start"=dword:00000001

"ErrorControl"=dword:00000001

"Tag"=dword:00000005

"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\

52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,70,00,73,00,65,00,63,00,2e,\

00,73,00,79,00,73,00,00,00

"DisplayName"="IPSEC driver"

"Group"="PNP_TDI"

"Description"="IPSEC driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Security]

"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\

05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\

20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\

00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\

00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Enum]

"0"="Root\\LEGACY_IPSEC\\0000"

"Count"=dword:00000001

"NextInstance"=dword:00000001

Share this post


Link to post
Share on other sites

Good. Now please run Farbar again and post the new log, so I can tell what in that Key needs to be changed.

Share this post


Link to post
Share on other sites

here is the output from FSS

Farbar Service Scanner Version: 01-03-2012

Ran by Jose (administrator) on 07-03-2012 at 00:09:04

Running from "E:\"

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

 

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll

[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

 

C:\WINDOWS\system32\ipnathlp.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

 

C:\WINDOWS\system32\netman.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\srsvc.dll

[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

 

C:\WINDOWS\system32\Drivers\sr.sys

[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

 

C:\WINDOWS\system32\wscsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\wuauserv.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

 

C:\WINDOWS\system32\qmgr.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

 

C:\WINDOWS\system32\es.dll

[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

 

C:\WINDOWS\system32\cryptsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

 

C:\WINDOWS\system32\svchost.exe

[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

 

C:\WINDOWS\system32\rpcss.dll

[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

 

C:\WINDOWS\system32\services.exe

[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9

 

 

Extra List:

=======

fssfltr(8) Gpc(6) IPSec(5) NetBT(14) PSched(7) Tcpip(12)

0x0E0000000D0000000A0000000400000001000000020000000300000005000000060000000700000008000000090000000B0000000C0000000E000000

 

 

**** End of log ****

 

 

Thank you!

Share this post


Link to post
Share on other sites

Please copy this into Notepad and save as 'IpSec4.reg'

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"Tag"=dword:00000004

Right-click 'IpSec4.reg' and select 'Merge'. Click Yes.

After reboot please see if you have DNS.

Then run Farbar yet again and post the log.

Share this post


Link to post
Share on other sites

Hi cnm,

I followed your procedure regarding IpSec4.req but DNS still does not work.

Here is the FSS log

Farbar Service Scanner Version: 01-03-2012

Ran by Jose (administrator) on 07-03-2012 at 18:19:40

Running from "E:\"

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

 

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll

[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

 

C:\WINDOWS\system32\ipnathlp.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

 

C:\WINDOWS\system32\netman.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\srsvc.dll

[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

 

C:\WINDOWS\system32\Drivers\sr.sys

[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

 

C:\WINDOWS\system32\wscsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\wuauserv.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

 

C:\WINDOWS\system32\qmgr.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

 

C:\WINDOWS\system32\es.dll

[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

 

C:\WINDOWS\system32\cryptsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

 

C:\WINDOWS\system32\svchost.exe

[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

 

C:\WINDOWS\system32\rpcss.dll

[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

 

C:\WINDOWS\system32\services.exe

[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9

 

 

Extra List:

=======

fssfltr(8) Gpc(6) IPSec(4) NetBT(14) PSched(7) Tcpip(12)

0x0E0000000D0000000A0000000400000001000000020000000300000005000000060000000700000008000000090000000B0000000C0000000E000000

 

 

**** End of log ****

 

Thank you!

Share this post


Link to post
Share on other sites

I need to get further consultation on this. Thanks for your patience!

 

In the meantime please open the XP.zip you downloaded from http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/

Right-click on each of the included .reg files and select 'Open' or 'Merge'. You may get error on the ones that have name starting with 'Legacy_'. That's OK, just do all the others including ipsec.

Share this post


Link to post
Share on other sites

ok, I just did.

I also rebooted and tried DNS just in case (as you may imagine it did not worked).

 

I wait for your instructions.

Thank you!

Share this post


Link to post
Share on other sites

Try this - not much hope though -

 

Start > Run, 'cmd.exe'

Enter each of these commands one at a time:

netsh winsock reset 
netsh int ip reset c:\resetlog.txt

 

Please copy resetlog.txt into your next reply to confirm that all went well.

Did that help?

Share this post


Link to post
Share on other sites

it did not improved much.

here is the log:

reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation

old REG_MULTI_SZ =

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain

SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

 

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1}\NetbiosOptions

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562}\NetbiosOptions

deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A51D1B7-6B54-47EE-B541-63D032C92A52}\IpAutoconfigurationAddress

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A51D1B7-6B54-47EE-B541-63D032C92A52}\IpAutoconfigurationMask

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A51D1B7-6B54-47EE-B541-63D032C92A52}\IpAutoconfigurationSeed

reset Linkage\Bind for ms_netbt. bad value was:

REG_MULTI_SZ =

\Device\Tcpip_{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7}

\Device\Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1}

\Device\Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562}

 

reset Linkage\Route for ms_netbt. bad value was:

REG_MULTI_SZ =

"Tcpip" "{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7}"

"Tcpip" "NdisWanIp"

 

reset Linkage\Export for ms_netbt. bad value was:

REG_MULTI_SZ =

\Device\NetBT_Tcpip_{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7}

\Device\NetBT_Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1}

\Device\NetBT_Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562}

 

reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:

REG_MULTI_SZ =

PSched

 

reset Linkage\UpperBind for USB\VID_0BB4&PID_0B30\3FBF5000-7351-0801-3561-580216701000. bad value was:

REG_MULTI_SZ =

PSched

 

reset Linkage\UpperBind for PCI\VEN_1969&DEV_1062&SUBSYS_838A1043&REV_C0\4&37028E5F&0&00E3. bad value was:

REG_MULTI_SZ =

PSched

 

reset Linkage\UpperBind for PCI\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\4&23C6FC68&0&00E1. bad value was:

REG_MULTI_SZ =

PSched

 

<completed>

Share this post


Link to post
Share on other sites

After reboot, check if DNS is working.

 

Then run Farbar again and post its log.

Share this post


Link to post
Share on other sites

no luck.

here is fss log:

 

Farbar Service Scanner Version: 01-03-2012

Ran by Jose (administrator) on 07-03-2012 at 19:36:11

Running from "E:\"

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

 

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll

[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

 

C:\WINDOWS\system32\ipnathlp.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

 

C:\WINDOWS\system32\netman.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\srsvc.dll

[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

 

C:\WINDOWS\system32\Drivers\sr.sys

[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

 

C:\WINDOWS\system32\wscsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

 

C:\WINDOWS\system32\wuauserv.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

 

C:\WINDOWS\system32\qmgr.dll

[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

 

C:\WINDOWS\system32\es.dll

[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

 

C:\WINDOWS\system32\cryptsvc.dll

[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

 

C:\WINDOWS\system32\svchost.exe

[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

 

C:\WINDOWS\system32\rpcss.dll

[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

 

C:\WINDOWS\system32\services.exe

[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9

 

 

Extra List:

=======

fssfltr(8) Gpc(6) IPSec(5) NetBT(6) PSched(7) Tcpip(12)

0x0E0000000D0000000A0000000400000001000000020000000300000005000000060000000700000008000000090000000B0000000C0000000E000000

 

 

**** End of log ****

Share this post


Link to post
Share on other sites

Please download aswMBR.exe and save it to your desktop.

 

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

 

Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
     
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To > Compressed (zipped) file. Attach that zipped file in your next reply as well.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0