Jump to content


Photo

Cannot connect to internet after Antivir deleted infected files


  • This topic is locked This topic is locked
78 replies to this topic

#1 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 29 February 2012 - 07:30 PM

I had some trojans in a Windows XP (SP3) machine. So I ran antivir from a CD linux boot and instruct it to repair and if it was not possible, to delete the infected files.
As result, I have now a system that cannot connect to internet. In fact, the problem appears to be that the DHCP client service cannot start.

The trojan manifested in redirecting to another website the google search results.
In addition I had other trojans / rootkits.

Do you think I have any chance to get Internet connectivity back?
Thank you, your help is greatly appreciated.

#2 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 29 February 2012 - 07:45 PM

I've put back the files afd.sys and netbt.sys from the sp3 installation


Edit: Please read the Instructions and post the requested logs. We need the information in order to help you.

Edited by cnm, 29 February 2012 - 08:27 PM.


#3 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 01 March 2012 - 01:25 PM

All right,

Here are the logs as requested. Please be aware that some other files has been cleaned / removed by Antivir.


Malwarebytes Anti-Malware (Versión de Prueba) 1.60.1.1000
www.malwarebytes.org

Versión de la Base de Datos: v2012.01.13.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Jose :: NOMBRE-D4REFSK8 [administrador]

Protección: Habilitado

29/02/2012 23:22:36
mbam-log-2012-02-29 (23-22-36).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 187503
Tiempo transcurrido: 9 minuto(s), 27 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run| (Exploit.Drop) -> datos: C:\DOCUME~1\Jose\CONFIG~1\Temp\wpbt0.dll -> En cuarentena y eliminado con éxito.

Elementos de Datos del Registro Detectados: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Malo: (0) Bueno: (1) -> En cuarentena y reparado con éxito.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Malo: (0) Bueno: (1) -> En cuarentena y reparado con éxito.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Malo: (0) Bueno: (1) -> En cuarentena y reparado con éxito.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Malo: (0) Bueno: (1) -> En cuarentena y reparado con éxito.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Malo: (0) Bueno: (1) -> En cuarentena y reparado con éxito.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Malo: (0) Bueno: (1) -> En cuarentena y reparado con éxito.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 1
C:\Documents and Settings\Jose\Configuración local\Temp\wpbt0.dll (Exploit.Drop) -> En cuarentena y eliminado con éxito.

fin)




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29
Run by Jose at 19:14:38 on 2012-03-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.2039.1266 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
C:\Archivos de programa\Microsoft\BingBar\BBSvc.EXE
C:\Archivos de programa\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe
C:\Archivos de programa\EeePC\ACPI\AsAcpiSvr.exe
C:\Archivos de programa\EeePC\ACPI\AsEPCMon.exe
C:\Archivos de programa\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Archivos de programa\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\ASUS\Eee Docking\Eee Docking.exe
C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Jose\Local Settings\Apps\F.lux\flux.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\ARCHIV~1\MI3AA1~1\rapimgr.exe
C:\Archivos de programa\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Archivos de programa\Verbindungsassistent\wtgservice.exe
C:\WINDOWS\system32\igfxext.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe
svchost.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eeepc.asus.com/global
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\archivos de programa\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\archivos de programa\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archivos de programa\spybot - search & destroy\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\archivos de programa\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\archivos de programa\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\archivos de programa\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\archivos de programa\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Eee Docking] c:\archivos de programa\asus\eee docking\Eee Docking.exe
uRun: [Google Update] "c:\documents and settings\jose\configuración local\datos de programa\google\update\GoogleUpdate.exe" /c
uRun: [H/PC Connection Agent] "c:\archivos de programa\microsoft activesync\wcescomm.exe"
uRun: [F.lux] "c:\documents and settings\jose\local settings\apps\f.lux\flux.exe" /noshow
uRun: [SpybotSD TeaTimer] c:\archivos de programa\spybot - search & destroy\TeaTimer.exe
mRun: [AsusACPIServer] c:\archivos de programa\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\archivos de programa\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\archivos de programa\eeepc\acpi\AsTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\archivos de programa\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\archivos de programa\synaptics\syntp\SynAsusAcpi.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\archivos de programa\archivos comunes\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\archivos de programa\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avgnt] "c:\archivos de programa\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\archivos de programa\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\superh~1.lnk - c:\archivos de programa\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\micros~1.lnk - c:\archivos de programa\microsoft office\office10\OSA.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~4\office10\EXCEL.EXE/3000
IE: Enviar a &Bluetooth - c:\archivos de programa\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Enviar a Bluetooth - c:\archivos de programa\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\archivos de programa\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\archivos de programa\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\archiv~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\archiv~1\mi3aa1~1\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\archivos de programa\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archivos de programa\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A51D1B7-6B54-47EE-B541-63D032C92A52} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{9A51D1B7-6B54-47EE-B541-63D032C92A52} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archiv~1\archiv~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, OjsiyrEmhang.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jose\datos de programa\mozilla\firefox\profiles\a2umw4m8.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\archivos de programa\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\documents and settings\jose\datos de programa\mozilla\firefox\profiles\a2umw4m8.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\archivos de programa\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\archivos de programa\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\archivos de programa\google\picasa3\npPicasa3.dll
FF - plugin: c:\archivos de programa\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\archivos de programa\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\archivos de programa\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\archivos de programa\mozilla firefox 4.0 beta 11\plugins\npdeployJava1.dll
FF - plugin: c:\archivos de programa\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\documents and settings\jose\configuraciã³n local\datos de programa\google\update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-29 36000]
R2 AntiVirSchedulerService;Avira Programador;c:\archivos de programa\avira\antivir desktop\sched.exe [2012-1-29 86224]
R2 AntiVirService;Avira Realtime Protection;c:\archivos de programa\avira\antivir desktop\avguard.exe [2012-1-29 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-29 74640]
R2 BBSvc;Bing Bar Update Service;c:\archivos de programa\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\archivos de programa\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 DeviceManager;DeviceManager;c:\archivos de programa\archivos comunes\devicehelper\devicemanager.exe -start --> c:\archivos de programa\archivos comunes\devicehelper\DeviceManager.exe -start [?]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-22 55152]
R2 MBAMService;MBAMService;c:\archivos de programa\malwarebytes' anti-malware\mbamservice.exe [2012-2-29 652360]
R2 WTGService;WTGService;c:\archivos de programa\verbindungsassistent\WTGService.exe [2011-1-18 330696]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-5-20 38912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-29 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-1 40776]
S2 aw_host;CdaD10BA;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 ccevtmgr;McciCMService;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 CTMFLT;Aeaudio;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 CTMMOUNT;Rawwan;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 CTMSHD;OdysseyIM3;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 gupdate;Google Update Service (gupdate);c:\archivos de programa\google\update\GoogleUpdate.exe [2010-9-10 136176]
S2 iksysflt;MRENDIS5;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 mclogmanagerservice;Aswmon2;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 mksvirmonsvc;Psdistributionagent;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 MpFilter;SRS_SSCFilter;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 navapel;Symtdi;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 navapsvc;K750bus;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 ofcpfwsvc;Pclepci;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 savrtpel;Bcserver;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 TeamViewer;Wencrservice;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S2 veteboot;Vaiomediaplatform-integratedserver-http;c:\windows\system32\svchost.exe -k netsvcs [2009-5-22 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-22 1684736]
S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [2011-1-18 100224]
S3 fsssvc;Windows Live Protección Infantil;c:\archivos de programa\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\google\update\GoogleUpdate.exe [2010-9-10 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-1-18 103040]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2009-12-17 103552]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-5-22 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-4-1 39040]
.
=============== Created Last 30 ================
.
2012-03-01 18:03:36 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-01 00:14:06 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-03-01 00:14:06 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-01 00:12:45 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-02-29 23:42:36 -------- d-----w- c:\windows\ServicePackFiles
2012-02-29 23:40:56 19569 ----a-w- c:\windows\000001_.tmp
2012-02-29 23:40:43 -------- d-----w- c:\windows\EHome
2012-02-29 23:27:56 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-02-29 23:27:50 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-02-29 23:27:49 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-02-29 23:27:43 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-02-29 23:27:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-02-29 23:27:29 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-02-29 23:27:22 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-02-29 23:27:20 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-02-29 23:27:15 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-02-29 23:27:14 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-02-29 23:26:47 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-02-29 23:26:44 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-02-29 23:26:38 35402 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-02-29 23:26:24 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2012-02-29 23:26:15 54272 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-02-29 23:26:09 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-02-29 23:26:00 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2012-02-29 23:24:55 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2012-02-29 23:24:49 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2012-02-29 23:24:42 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2012-02-29 23:24:41 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2012-02-29 23:24:40 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
2012-02-29 23:24:36 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2012-02-29 23:24:29 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2012-02-29 23:24:23 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2012-02-29 23:24:17 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2012-02-29 23:24:11 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2012-02-29 23:24:05 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2012-02-29 23:22:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2012-02-29 23:22:52 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2012-02-29 23:22:47 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2012-02-29 23:22:41 212480 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2012-02-29 23:22:35 216576 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2012-02-29 23:22:29 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2012-02-29 23:22:27 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2012-02-29 23:22:21 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2012-02-29 23:22:12 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2012-02-29 23:22:06 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2012-02-29 23:22:00 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2012-02-29 23:21:55 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2012-02-29 23:21:49 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2012-02-29 23:21:43 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2012-02-29 23:21:37 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2012-02-29 23:21:31 43008 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2012-02-29 23:21:30 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2012-02-29 23:21:24 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2012-02-29 23:21:17 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2012-02-29 23:21:11 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2012-02-29 23:21:05 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2012-02-29 23:19:58 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2012-02-29 23:19:48 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2012-02-29 23:19:43 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2012-02-29 23:19:37 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2012-02-29 23:19:32 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2012-02-29 23:19:27 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2012-02-29 23:19:21 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2012-02-29 23:19:16 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2012-02-29 23:19:11 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2012-02-29 23:19:06 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2012-02-29 23:19:00 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2012-02-29 23:18:55 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2012-02-29 23:18:48 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2012-02-29 23:18:42 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2012-02-29 23:18:37 286848 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2012-02-29 23:18:31 17024 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2012-02-29 23:18:22 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-02-29 23:18:17 99840 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2012-02-29 23:18:08 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2012-02-29 23:18:00 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-02-29 23:17:55 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2012-02-29 23:17:49 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2012-02-29 23:17:43 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2012-02-29 23:17:38 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2012-02-29 23:17:32 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-02-29 23:17:27 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2012-02-29 23:17:22 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2012-02-29 23:17:21 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-02-29 23:17:21 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2012-02-29 23:17:15 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2012-02-29 23:17:03 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-02-29 23:15:59 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2012-02-29 23:14:50 161696 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-02-29 23:14:45 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-02-29 23:14:40 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-02-29 23:14:35 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-02-29 23:14:30 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-02-29 23:14:21 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-02-29 23:14:16 18176 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-02-29 23:14:10 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-02-29 23:14:08 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-02-29 23:14:03 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-02-29 23:13:57 17536 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2012-02-29 23:13:52 16768 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2012-02-29 23:13:46 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2012-02-29 23:13:41 24064 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-02-29 23:13:39 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-02-29 23:13:34 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2012-02-29 23:13:27 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-02-29 23:13:22 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2012-02-29 23:13:17 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2012-02-29 23:13:12 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-02-29 23:13:07 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2012-02-29 23:13:02 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2012-02-29 23:11:56 10240 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2012-02-29 23:11:50 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2012-02-29 23:11:47 79360 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2012-02-29 23:11:42 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2012-02-29 23:11:39 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2012-02-29 23:11:34 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-02-29 23:11:29 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2012-02-29 23:11:18 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2012-02-29 23:11:11 715370 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2012-02-29 23:11:06 899754 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2012-02-29 23:11:01 41984 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2012-02-29 23:10:56 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2012-02-29 23:10:47 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2012-02-29 23:10:42 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2012-02-29 23:10:37 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2012-02-29 23:10:32 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2012-02-29 23:10:27 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2012-02-29 23:10:25 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2012-02-29 23:10:18 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2012-02-29 23:10:14 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-02-29 23:10:09 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2012-02-29 23:10:07 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2012-02-29 23:10:02 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-02-29 23:08:55 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-02-29 23:07:56 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-02-29 23:07:52 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2012-02-29 23:07:47 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2012-02-29 23:07:42 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2012-02-29 23:07:37 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2012-02-29 23:07:32 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-02-29 23:07:27 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2012-02-29 23:07:23 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-02-29 23:07:18 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-02-29 23:07:13 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2012-02-29 23:07:08 54826 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-02-29 23:07:03 44201 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2012-02-29 23:05:55 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-02-29 23:05:49 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-02-29 23:05:48 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-02-29 23:05:39 67166 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-02-29 23:05:32 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-02-29 23:05:27 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-02-29 23:05:23 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2012-02-29 23:05:14 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2012-02-29 23:05:10 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-02-29 23:05:05 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2012-02-29 23:05:01 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2012-02-29 23:03:56 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-02-29 23:03:49 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-02-29 23:03:38 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-29 23:03:36 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-02-29 23:03:35 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-02-29 23:03:01 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-02-29 23:02:56 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-02-29 23:02:53 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-02-29 23:02:42 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-02-29 23:02:39 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-02-29 23:02:32 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-02-29 23:02:22 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-02-29 23:02:14 320512 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-02-29 23:02:09 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2012-02-29 23:02:07 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-02-29 23:02:03 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-02-29 23:00:59 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-02-29 23:00:52 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-02-29 23:00:48 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-02-29 23:00:44 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-02-29 23:00:39 16128 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-02-29 23:00:36 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-02-29 23:00:32 26922 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-02-29 23:00:27 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-02-29 23:00:20 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-02-29 23:00:19 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2012-02-29 23:00:17 254464 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-02-29 23:00:15 49152 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-02-29 23:00:01 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-02-29 22:59:57 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-02-29 22:59:42 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-02-29 22:59:38 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2012-02-29 22:59:34 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-02-29 22:59:30 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-02-29 22:59:22 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2012-02-29 22:59:18 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2012-02-29 22:59:16 29184 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2012-02-29 22:59:12 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2012-02-29 22:59:12 152576 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2012-02-29 22:59:11 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2012-02-29 22:59:01 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2012-02-29 22:57:59 62976 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2012-02-29 22:56:57 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-02-29 22:55:58 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2012-02-29 22:54:59 19200 -c--a-w- c:\windows\system32\dllcache\hidir.sys
2012-02-29 22:53:58 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2012-02-29 22:52:59 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
2012-02-29 22:51:57 144896 -c--a-w- c:\windows\system32\dllcache\epcfw2k.sys
2012-02-29 22:50:55 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2012-02-29 22:49:59 102484 -c--a-w- c:\windows\system32\dllcache\digiinf.dll
2012-02-29 22:48:59 28160 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2012-02-29 22:47:59 45696 -c--a-w- c:\windows\system32\dllcache\cirrus.sys
2012-02-29 22:46:47 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-02-29 22:45:59 11359 -c--a-w- c:\windows\system32\dllcache\atv02nt5.dll
2012-02-29 22:44:59 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2012-02-29 22:43:44 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-02-29 22:21:49 -------- d-----w- c:\documents and settings\jose\datos de programa\Malwarebytes
2012-02-29 22:21:40 -------- d-----w- c:\documents and settings\all users\datos de programa\Malwarebytes
2012-02-29 22:21:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 22:21:37 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2012-02-29 08:52:19 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-29 08:49:53 26112 ----a-w- c:\windows\system32\OjsiyrEmhang.dll
2012-02-19 14:20:02 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-19 14:20:02 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-06 21:02:14 -------- d-----w- C:\Jts
.
==================== Find3M ====================
.
2012-01-12 17:20:19 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:07:55 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:07:55 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:07:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:07:54 17408 ----a-w- c:\windows\system32\corpol.dll
2011-12-16 08:50:35 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-16 08:50:34 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
============= FINISH: 19:16:31,59 ===============



Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Avira Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
CCleaner
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````


Thank you in advance!

#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 01 March 2012 - 01:47 PM

Hello alfileres.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 01 March 2012 - 04:23 PM

Thank you cnm for your quick reply.


Here is the FSS log:

Farbar Service Scanner Version: 01-03-2012
Ran by Jose (administrator) on 01-03-2012 at 22:21:39
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open NetBt registry key. The service key does not exist.
Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

C:\WINDOWS\system32\ipnathlp.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

C:\WINDOWS\system32\netman.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\srsvc.dll
[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

C:\WINDOWS\system32\Drivers\sr.sys
[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

C:\WINDOWS\system32\wscsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\wuauserv.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

C:\WINDOWS\system32\qmgr.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

C:\WINDOWS\system32\es.dll
[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

C:\WINDOWS\system32\cryptsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

C:\WINDOWS\system32\svchost.exe
[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

C:\WINDOWS\system32\rpcss.dll
[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

C:\WINDOWS\system32\services.exe
[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9


Extra List:
=======
fssfltr(8) Gpc(6) IPSec(4) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

#6 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 01 March 2012 - 05:16 PM

Goodness! If all thoise files were bad we would have a lot of work to do. However I have looked up the MD5 for several of them and they appear to be correct. For instance, 2E6D76CAB5A402AF257A963916FE05E7 is the correct MD5 for dnsrslvr.dll. So that is a bit mysterious of FSS.

These two scans will not require internet access. Please download to your other PC and transfer them to the Desktop of the affected PC, then run and post the logs.

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.


Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • In the 'Custom Scans/Fixes' window at the bottom, please copy and paste the contents of this codebox:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    dnsrslvr.dll
    ipnathlp.dll
    netman.dll
    WMIsvc.dll
    srsvc.dll
    sr.sys
    wscsvc.dll
    WMIsvc.dll
    wuauserv.dll
    qmgr.dll
    es.dll
    cryptsvc.dll
    svchost.exe
    rpcss.dll
    services.exe
    /md5stop
    %systemroot%\*. /mp /s
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and post with your additional two replies.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#7 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 01 March 2012 - 05:56 PM

Hi again!

Maybe some files are correct because I re-installed the SP3 in the hope that this will fix the problem ...
Here are the logs

23:22:41.0921 3268 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
23:22:42.0125 3268 ============================================================
23:22:42.0125 3268 Current date / time: 2012/03/01 23:22:42.0125
23:22:42.0125 3268 SystemInfo:
23:22:42.0125 3268
23:22:42.0125 3268 OS Version: 5.1.2600 ServicePack: 3.0
23:22:42.0125 3268 Product type: Workstation
23:22:42.0125 3268 ComputerName: NOMBRE-D4REFSK8
23:22:42.0125 3268 UserName: Jose
23:22:42.0125 3268 Windows directory: C:\WINDOWS
23:22:42.0125 3268 System windows directory: C:\WINDOWS
23:22:42.0125 3268 Processor architecture: Intel x86
23:22:42.0125 3268 Number of processors: 2
23:22:42.0125 3268 Page size: 0x1000
23:22:42.0125 3268 Boot type: Normal boot
23:22:42.0125 3268 ============================================================
23:22:43.0500 3268 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:22:43.0500 3268 Drive \Device\Harddisk1\DR5 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:22:43.0500 3268 \Device\Harddisk0\DR0:
23:22:43.0500 3268 MBR used
23:22:43.0500 3268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x901F5C0
23:22:43.0500 3268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x901F5FF, BlocksNum 0x901B73E
23:22:43.0500 3268 \Device\Harddisk1\DR5:
23:22:43.0500 3268 MBR used
23:22:43.0500 3268 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xC, StartLBA 0x478, BlocksNum 0x777B88
23:22:43.0625 3268 Initialize success
23:22:43.0625 3268 ============================================================
23:22:53.0281 3508 ============================================================
23:22:53.0281 3508 Scan started
23:22:53.0281 3508 Mode: Manual;
23:22:53.0281 3508 ============================================================
23:22:53.0593 3508 Abiosdsk - ok
23:22:53.0625 3508 abp480n5 - ok
23:22:53.0671 3508 ACPI (cf2a07e1751a2d612d7e13aa431ab057) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:22:53.0687 3508 ACPI - ok
23:22:53.0718 3508 ACPIEC (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:22:53.0734 3508 ACPIEC - ok
23:22:53.0750 3508 adpu160m - ok
23:22:53.0812 3508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:22:53.0812 3508 aec - ok
23:22:53.0843 3508 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
23:22:53.0843 3508 AFD - ok
23:22:53.0859 3508 Aha154x - ok
23:22:53.0890 3508 aic78u2 - ok
23:22:53.0906 3508 aic78xx - ok
23:22:53.0937 3508 AliIde - ok
23:22:54.0031 3508 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
23:22:54.0265 3508 Ambfilt - ok
23:22:54.0281 3508 amsint - ok
23:22:54.0406 3508 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys
23:22:54.0468 3508 AR5416 - ok
23:22:54.0515 3508 asc - ok
23:22:54.0546 3508 asc3350p - ok
23:22:54.0578 3508 asc3550 - ok
23:22:54.0687 3508 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
23:22:54.0687 3508 AsusACPI - ok
23:22:54.0734 3508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:22:54.0750 3508 AsyncMac - ok
23:22:54.0812 3508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:22:54.0843 3508 atapi - ok
23:22:54.0859 3508 Atdisk - ok
23:22:54.0937 3508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:22:54.0953 3508 Atmarpc - ok
23:22:55.0000 3508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:22:55.0000 3508 audstub - ok
23:22:55.0062 3508 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:22:55.0062 3508 avgntflt - ok
23:22:55.0093 3508 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:22:55.0093 3508 avipbb - ok
23:22:55.0140 3508 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
23:22:55.0140 3508 avkmgr - ok
23:22:55.0218 3508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:22:55.0218 3508 Beep - ok
23:22:55.0265 3508 btaudio - ok
23:22:55.0296 3508 BTDriver - ok
23:22:55.0343 3508 BTWDNDIS - ok
23:22:55.0375 3508 btwhid - ok
23:22:55.0406 3508 BTWUSB - ok
23:22:55.0484 3508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:22:55.0500 3508 cbidf2k - ok
23:22:55.0609 3508 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:22:55.0625 3508 CCDECODE - ok
23:22:55.0703 3508 cd20xrnt - ok
23:22:55.0750 3508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:22:55.0750 3508 Cdaudio - ok
23:22:55.0796 3508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:22:55.0812 3508 Cdfs - ok
23:22:55.0859 3508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:22:55.0859 3508 Cdrom - ok
23:22:55.0890 3508 Changer - ok
23:22:55.0984 3508 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:22:56.0000 3508 CmBatt - ok
23:22:56.0015 3508 CmdIde - ok
23:22:56.0062 3508 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:22:56.0093 3508 Compbatt - ok
23:22:56.0125 3508 Cpqarray - ok
23:22:56.0250 3508 dac2w2k - ok
23:22:56.0265 3508 dac960nt - ok
23:22:56.0359 3508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:22:56.0375 3508 Disk - ok
23:22:56.0468 3508 dmboot (c252a99c0a78b39faa2e2d1d048b1050) C:\WINDOWS\system32\drivers\dmboot.sys
23:22:56.0546 3508 dmboot - ok
23:22:56.0609 3508 dmio (33b4d4039cd2cb25351a7bf13b2988d9) C:\WINDOWS\system32\drivers\dmio.sys
23:22:56.0640 3508 dmio - ok
23:22:56.0687 3508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:22:56.0703 3508 dmload - ok
23:22:56.0750 3508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:22:56.0750 3508 DMusic - ok
23:22:56.0843 3508 dpti2o - ok
23:22:56.0906 3508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:22:56.0906 3508 drmkaud - ok
23:22:57.0093 3508 ewsercd (e66710639a292f6341d63b01ee8e8037) C:\WINDOWS\system32\DRIVERS\ewsercd.sys
23:22:57.0109 3508 ewsercd - ok
23:22:57.0171 3508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:22:57.0203 3508 Fastfat - ok
23:22:57.0250 3508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:22:57.0250 3508 Fdc - ok
23:22:57.0281 3508 Fips (e5e61f2c07344e91dbfb7eafde549ab4) C:\WINDOWS\system32\drivers\Fips.sys
23:22:57.0281 3508 Fips - ok
23:22:57.0312 3508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:22:57.0312 3508 Flpydisk - ok
23:22:57.0359 3508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:22:57.0390 3508 FltMgr - ok
23:22:57.0437 3508 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:22:57.0437 3508 fssfltr - ok
23:22:57.0484 3508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:22:57.0484 3508 Fs_Rec - ok
23:22:57.0531 3508 Ftdisk (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:22:57.0546 3508 Ftdisk - ok
23:22:57.0625 3508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:22:57.0625 3508 Gpc - ok
23:22:57.0781 3508 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:22:57.0781 3508 HDAudBus - ok
23:22:57.0843 3508 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:22:57.0859 3508 HidUsb - ok
23:22:57.0890 3508 hpn - ok
23:22:58.0218 3508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:22:58.0234 3508 HTTP - ok
23:22:58.0296 3508 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
23:22:58.0312 3508 hwdatacard - ok
23:22:58.0375 3508 hwusbfake (1d4d6d24256f61e6b08a3cf8184a78b8) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
23:22:58.0406 3508 hwusbfake - ok
23:22:58.0437 3508 i2omgmt - ok
23:22:58.0468 3508 i2omp - ok
23:22:58.0578 3508 i8042prt (4a2490a66e8271901e89dd5fb79748ae) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:22:58.0578 3508 i8042prt - ok
23:22:58.0937 3508 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:22:59.0203 3508 ialm - ok
23:22:59.0296 3508 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
23:22:59.0296 3508 iaStor - ok
23:22:59.0406 3508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:22:59.0406 3508 Imapi - ok
23:22:59.0453 3508 ini910u - ok
23:22:59.0687 3508 IntcAzAudAddService (9037c8bd3e896d7f2803a171fdeaeef4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:22:59.0765 3508 IntcAzAudAddService - ok
23:22:59.0796 3508 IntelIde - ok
23:22:59.0875 3508 intelppm (49a060498c09db18c3ea9939789005ab) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:22:59.0890 3508 intelppm - ok
23:22:59.0984 3508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:23:00.0031 3508 Ip6Fw - ok
23:23:00.0093 3508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:23:00.0093 3508 IpFilterDriver - ok
23:23:00.0125 3508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:23:00.0140 3508 IpInIp - ok
23:23:00.0203 3508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:23:00.0203 3508 IpNat - ok
23:23:00.0250 3508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:23:00.0250 3508 IPSec - ok
23:23:00.0312 3508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:23:00.0328 3508 IRENUM - ok
23:23:00.0390 3508 isapnp (0f3d281b0410fe5d482aada37d20524b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:23:00.0406 3508 isapnp - ok
23:23:00.0484 3508 Kbdclass (188ddd286bc0daea6984858c6a4d7bbf) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:23:00.0484 3508 Kbdclass - ok
23:23:00.0531 3508 kbdhid (72efebecf76eb1dccc5ba9ea746d90e8) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:23:00.0546 3508 kbdhid - ok
23:23:00.0609 3508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:23:00.0625 3508 kmixer - ok
23:23:00.0687 3508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:23:00.0703 3508 KSecDD - ok
23:23:00.0812 3508 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
23:23:00.0828 3508 L1c - ok
23:23:00.0890 3508 lbrtfdc - ok
23:23:01.0046 3508 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
23:23:01.0046 3508 MBAMProtector - ok
23:23:01.0156 3508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:23:01.0156 3508 mnmdd - ok
23:23:01.0218 3508 Modem (9024556e739b8469d2b8f5f0e4c9bc9f) C:\WINDOWS\system32\drivers\Modem.sys
23:23:01.0234 3508 Modem - ok
23:23:01.0343 3508 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
23:23:01.0515 3508 Monfilt - ok
23:23:01.0609 3508 Mouclass (6fd36b4994a2363659a65c9f970cfdb7) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:23:01.0609 3508 Mouclass - ok
23:23:01.0671 3508 mouhid (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:23:01.0671 3508 mouhid - ok
23:23:01.0734 3508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:23:01.0750 3508 MountMgr - ok
23:23:01.0781 3508 mraid35x - ok
23:23:01.0843 3508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:23:01.0843 3508 MRxDAV - ok
23:23:02.0046 3508 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:23:02.0109 3508 MRxSmb - ok
23:23:02.0265 3508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:23:02.0265 3508 Msfs - ok
23:23:02.0328 3508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:23:02.0328 3508 MSKSSRV - ok
23:23:02.0375 3508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:23:02.0375 3508 MSPCLOCK - ok
23:23:02.0421 3508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:23:02.0437 3508 MSPQM - ok
23:23:02.0500 3508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:23:02.0500 3508 mssmbios - ok
23:23:02.0546 3508 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:23:02.0546 3508 MSTEE - ok
23:23:02.0625 3508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:23:02.0640 3508 Mup - ok
23:23:02.0734 3508 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:23:02.0750 3508 NABTSFEC - ok
23:23:02.0828 3508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:23:02.0859 3508 NDIS - ok
23:23:02.0906 3508 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:23:02.0921 3508 NdisIP - ok
23:23:02.0953 3508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:23:02.0953 3508 NdisTapi - ok
23:23:03.0015 3508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:23:03.0015 3508 Ndisuio - ok
23:23:03.0046 3508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:23:03.0046 3508 NdisWan - ok
23:23:03.0078 3508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:23:03.0078 3508 NDProxy - ok
23:23:03.0093 3508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:23:03.0093 3508 NetBIOS - ok
23:23:03.0187 3508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:23:03.0187 3508 Npfs - ok
23:23:03.0265 3508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:23:03.0328 3508 Ntfs - ok
23:23:03.0375 3508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:23:03.0375 3508 Null - ok
23:23:03.0453 3508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:23:03.0468 3508 NwlnkFlt - ok
23:23:03.0484 3508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:23:03.0500 3508 NwlnkFwd - ok
23:23:03.0593 3508 Parport (e7855cbd8bd1fda085a3f92cff7906e2) C:\WINDOWS\system32\drivers\Parport.sys
23:23:03.0609 3508 Parport - ok
23:23:03.0640 3508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:23:03.0640 3508 PartMgr - ok
23:23:03.0671 3508 ParVdm (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
23:23:03.0687 3508 ParVdm - ok
23:23:03.0718 3508 PCI (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\WINDOWS\system32\DRIVERS\pci.sys
23:23:03.0734 3508 PCI - ok
23:23:03.0750 3508 PCIDump - ok
23:23:03.0765 3508 PCIIde (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:23:03.0781 3508 PCIIde - ok
23:23:03.0812 3508 Pcmcia (f50c27cca56dc97b3a45e7f0059bd2ba) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:23:03.0828 3508 Pcmcia - ok
23:23:03.0843 3508 PDCOMP - ok
23:23:03.0875 3508 PDFRAME - ok
23:23:03.0906 3508 PDRELI - ok
23:23:03.0921 3508 PDRFRAME - ok
23:23:03.0937 3508 perc2 - ok
23:23:03.0953 3508 perc2hib - ok
23:23:04.0062 3508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:23:04.0062 3508 PptpMiniport - ok
23:23:04.0093 3508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:23:04.0093 3508 PSched - ok
23:23:04.0125 3508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:23:04.0125 3508 Ptilink - ok
23:23:04.0171 3508 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:23:04.0187 3508 PxHelp20 - ok
23:23:04.0218 3508 qcusbser (9ccf89372c5a04e97cd89b58ae697796) C:\WINDOWS\system32\DRIVERS\qcusbser.sys
23:23:04.0234 3508 qcusbser - ok
23:23:04.0250 3508 ql1080 - ok
23:23:04.0281 3508 Ql10wnt - ok
23:23:04.0296 3508 ql12160 - ok
23:23:04.0312 3508 ql1240 - ok
23:23:04.0343 3508 ql1280 - ok
23:23:04.0390 3508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:23:04.0390 3508 RasAcd - ok
23:23:04.0421 3508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:23:04.0421 3508 Rasl2tp - ok
23:23:04.0453 3508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:23:04.0453 3508 RasPppoe - ok
23:23:04.0468 3508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:23:04.0468 3508 Raspti - ok
23:23:04.0531 3508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:23:04.0531 3508 Rdbss - ok
23:23:04.0562 3508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:23:04.0562 3508 RDPCDD - ok
23:23:04.0640 3508 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:23:04.0671 3508 RDPWD - ok
23:23:04.0734 3508 redbook (20950948970a0ea329b4254052bcf093) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:23:04.0734 3508 redbook - ok
23:23:04.0984 3508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:23:05.0000 3508 Secdrv - ok
23:23:05.0031 3508 Serial (f41b42b92ae9c1191858c3f80cc24a9c) C:\WINDOWS\system32\drivers\Serial.sys
23:23:05.0046 3508 Serial - ok
23:23:05.0093 3508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:23:05.0093 3508 Sfloppy - ok
23:23:05.0125 3508 Simbad - ok
23:23:05.0171 3508 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:23:05.0171 3508 SLIP - ok
23:23:05.0218 3508 Sparrow - ok
23:23:05.0296 3508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:23:05.0296 3508 splitter - ok
23:23:05.0359 3508 sr (ccb3065c3ee63a4515fe84af9e78d1dd) C:\WINDOWS\system32\DRIVERS\sr.sys
23:23:05.0390 3508 sr - ok
23:23:05.0437 3508 SRS_PremiumSound_Service (0bd44aa4743a9dbd2c638d699a7fd438) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
23:23:05.0453 3508 SRS_PremiumSound_Service - ok
23:23:05.0500 3508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:23:05.0531 3508 Srv - ok
23:23:05.0609 3508 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:23:05.0609 3508 ssmdrv - ok
23:23:05.0656 3508 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:23:05.0671 3508 streamip - ok
23:23:05.0718 3508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:23:05.0718 3508 swenum - ok
23:23:05.0765 3508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:23:05.0765 3508 swmidi - ok
23:23:05.0796 3508 symc810 - ok
23:23:05.0812 3508 symc8xx - ok
23:23:05.0843 3508 sym_hi - ok
23:23:05.0859 3508 sym_u3 - ok
23:23:05.0890 3508 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:23:05.0890 3508 SynTP - ok
23:23:05.0921 3508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:23:05.0921 3508 sysaudio - ok
23:23:06.0000 3508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:23:06.0015 3508 Tcpip - ok
23:23:06.0046 3508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:23:06.0062 3508 TDPIPE - ok
23:23:06.0078 3508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:23:06.0093 3508 TDTCP - ok
23:23:06.0156 3508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:23:06.0156 3508 TermDD - ok
23:23:06.0203 3508 TosIde - ok
23:23:06.0312 3508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:23:06.0328 3508 Udfs - ok
23:23:06.0359 3508 ultra - ok
23:23:06.0406 3508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:23:06.0406 3508 Update - ok
23:23:06.0468 3508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:23:06.0468 3508 usbccgp - ok
23:23:06.0515 3508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:23:06.0531 3508 usbehci - ok
23:23:06.0562 3508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:23:06.0562 3508 usbhub - ok
23:23:06.0578 3508 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:23:06.0593 3508 usbstor - ok
23:23:06.0640 3508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:23:06.0640 3508 usbuhci - ok
23:23:06.0687 3508 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:23:06.0687 3508 usbvideo - ok
23:23:06.0734 3508 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:23:06.0734 3508 usb_rndisx - ok
23:23:06.0796 3508 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys
23:23:06.0812 3508 uvclf - ok
23:23:06.0843 3508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:23:06.0843 3508 VgaSave - ok
23:23:06.0859 3508 ViaIde - ok
23:23:06.0921 3508 VolSnap (c41ffdc191e6c832e2e53c967eae0a16) C:\WINDOWS\system32\drivers\VolSnap.sys
23:23:06.0937 3508 VolSnap - ok
23:23:07.0062 3508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:23:07.0062 3508 Wanarp - ok
23:23:07.0140 3508 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:23:07.0140 3508 Wdf01000 - ok
23:23:07.0171 3508 WDICA - ok
23:23:07.0218 3508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:23:07.0218 3508 wdmaud - ok
23:23:07.0406 3508 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:23:07.0406 3508 WS2IFSL - ok
23:23:07.0453 3508 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:23:07.0468 3508 WSTCODEC - ok
23:23:07.0515 3508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:23:07.0531 3508 WudfPf - ok
23:23:07.0546 3508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:23:07.0562 3508 WudfRd - ok
23:23:07.0671 3508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:23:07.0906 3508 \Device\Harddisk0\DR0 - ok
23:23:07.0921 3508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR5
23:23:16.0000 3508 \Device\Harddisk1\DR5 - ok
23:23:16.0125 3508 Boot (0x1200) (1cac8553b2f8c12871a8a453dfee50e0) \Device\Harddisk0\DR0\Partition0
23:23:16.0125 3508 \Device\Harddisk0\DR0\Partition0 - ok
23:23:16.0140 3508 Boot (0x1200) (23d9801df2bad941df900c69868db793) \Device\Harddisk0\DR0\Partition1
23:23:16.0156 3508 \Device\Harddisk0\DR0\Partition1 - ok
23:23:16.0156 3508 Boot (0x1200) (3d04f5251c7666dc73736f0d5e0747e9) \Device\Harddisk1\DR5\Partition0
23:23:16.0156 3508 \Device\Harddisk1\DR5\Partition0 - ok
23:23:16.0156 3508 ============================================================
23:23:16.0156 3508 Scan finished
23:23:16.0156 3508 ============================================================
23:23:16.0187 2736 Detected object count: 0
23:23:16.0187 2736 Actual detected object count: 0
23:23:34.0640 2928 Deinitialize success


OTL logfile created on: 01/03/2012 23:28:52 - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,42% Memory free
3,33 Gb Paging File | 2,81 Gb Available in Paging File | 84,54% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 72,06 Gb Total Space | 11,47 Gb Free Space | 15,92% Space Free | Partition Type: NTFS
Drive D: | 72,05 Gb Total Space | 71,56 Gb Free Space | 99,31% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 2,72 Gb Free Space | 73,06% Space Free | Partition Type: FAT32

Computer Name: NOMBRE-D4REFSK8 | User Name: Jose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Archivos de programa\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Archivos de programa\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Archivos de programa\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Archivos de programa\Verbindungsassistent\WTGService.exe ()
PRC - C:\Documents and Settings\Jose\Local Settings\Apps\F.lux\flux.exe ()
PRC - C:\Archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe ()
PRC - C:\Archivos de programa\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Archivos de programa\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Archivos de programa\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Archivos de programa\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Archivos de programa\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Archivos de programa\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Archivos de programa\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Archivos de programa\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Archivos de programa\Verbindungsassistent\WTGService.exe ()
MOD - C:\Archivos de programa\WinRAR\RarExt.dll ()
MOD - C:\Documents and Settings\Jose\Local Settings\Apps\F.lux\flux.exe ()
MOD - C:\Archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe ()
MOD - C:\Archivos de programa\ASUS\Eee Docking\Eee Docking.exe ()


========== Win32 Services (SafeList) ==========

SRV - (ZSMC303) -- File not found
SRV - (zpmysql) -- File not found
SRV - (xnacc) -- File not found
SRV - (XFX_program) -- File not found
SRV - (WscNetDr) -- File not found
SRV - (wpsscannersvc) -- File not found
SRV - (WMIService) -- File not found
SRV - (WmFilter) -- File not found
SRV - (WISTechVIDCAP) -- File not found
SRV - (winss) -- File not found
SRV - (winpowerrmi) -- File not found
SRV - (winachcf) -- File not found
SRV - (websensedcagent) -- File not found
SRV - (webfilter) -- File not found
SRV - (wdm_au8820) -- File not found
SRV - (wcontrol) -- File not found
SRV - (Wbutton) -- File not found
SRV - (wanminiportservice) -- File not found
SRV - (wandrv) -- File not found
SRV - (wampmysqld) -- File not found
SRV - (WacomVKHid) -- File not found
SRV - (wacomkey) -- File not found
SRV - (w810obex) -- File not found
SRV - (W700mgmt) -- File not found
SRV - (w550mgmt) -- File not found
SRV - (w550mdm) -- File not found
SRV - (w39n51) -- File not found
SRV - (w200mdfl) -- File not found
SRV - (vxsvc) -- File not found
SRV - (vwd) -- File not found
SRV - (vulfnths) -- File not found
SRV - (vpcbus) -- File not found
SRV - (vnxservice) -- File not found
SRV - (vmparport) -- File not found
SRV - (vmount2) -- File not found
SRV - (viaudio) -- File not found
SRV - (veteboot) -- File not found
SRV - (vaiomediaplatform-photoserver-appserver) -- File not found
SRV - (useraccess7) -- File not found
SRV - (useraccess) -- File not found
SRV - (usbcm) -- File not found
SRV - (USBCamera) -- File not found
SRV - (USB28xxOEM) -- File not found
SRV - (upsentry_smart) -- File not found
SRV - (unlockerdriver5) -- File not found
SRV - (UimBus) -- File not found
SRV - (UCTblHid) -- File not found
SRV - (U81xbus) -- File not found
SRV - (tvald) -- File not found
SRV - (tsmservice) -- File not found
SRV - (tsmapip) -- File not found
SRV - (trayman) -- File not found
SRV - (transactional) -- File not found
SRV - (tossmbnt) -- File not found
SRV - (tosrfec) -- File not found
SRV - (toshidpt) -- File not found
SRV - (tos_sps32) -- File not found
SRV - (tmesbs32) -- File not found
SRV - (timounter) -- File not found
SRV - (tgsrvc_smartagent) -- File not found
SRV - (TeamViewer) -- File not found
SRV - (tdrpman174) -- File not found
SRV - (tbhsd) -- File not found
SRV - (sysmgmthp) -- File not found
SRV - (sysaidagent) -- File not found
SRV - (symwsc) -- File not found
SRV - (svcwrsssdk) -- File not found
SRV - (SunkFilt39) -- File not found
SRV - (stirusb) -- File not found
SRV - (ssm_mdfl) -- File not found
SRV - (srvdpi) -- File not found
SRV - (SrvcSSIOMngr) -- File not found
SRV - (sr_watchdog) -- File not found
SRV - (sqlagent$sony_mediamgr) -- File not found
SRV - (spupdsvc) -- File not found
SRV - (spsslm) -- File not found
SRV - (SPFDRV) -- File not found
SRV - (spcstb) -- File not found
SRV - (sonypvs1) -- File not found
SRV - (SNTIE) -- File not found
SRV - (snpstd2) -- File not found
SRV - (snmptrapdservice) -- File not found
SRV - (snapman) -- File not found
SRV - (slee_503_service) -- File not found
SRV - (siswlsvc) -- File not found
SRV - (SiSGbeXP) -- File not found
SRV - (sglfb) -- File not found
SRV - (sfcure01) -- File not found
SRV - (sentinelprotectionserver) -- File not found
SRV - (se58unic) -- File not found
SRV - (se58mdfl) -- File not found
SRV - (SE2Eobex) -- File not found
SRV - (SE2Emgmt) -- File not found
SRV - (SE2Bobex) -- File not found
SRV - (sbhooksvc) -- File not found
SRV - (savrtpel) -- File not found
SRV - (SaiClass) -- File not found
SRV - (s7otranx) -- File not found
SRV - (s217mdm) -- File not found
SRV - (RR2Vbi) -- File not found
SRV - (roxliveshare) -- File not found
SRV - (rnadirectory) -- File not found
SRV - (rnadiagnosticsservice) -- File not found
SRV - (riomsc) -- File not found
SRV - (retrowdsvc) -- File not found
SRV - (relational) -- File not found
SRV - (rchost) -- File not found
SRV - (raidmsvr) -- File not found
SRV - (quickbooksdb) -- File not found
SRV - (ql2100) -- File not found
SRV - (qconsvc) -- File not found
SRV - (PSSdk21) -- File not found
SRV - (ps2) -- File not found
SRV - (prevxagent) -- File not found
SRV - (PNRPSvc) -- File not found
SRV - (Pnp680r) -- File not found
SRV - (pnkbstrb) -- File not found
SRV - (PGPdisk) -- File not found
SRV - (pfmodnt) -- File not found
SRV - (pdlnctdl) -- File not found
SRV - (PDExchange) -- File not found
SRV - (pccsmcfd) -- File not found
SRV - (parallel) -- File not found
SRV - (p2pgasvc) -- File not found
SRV - (P16X) -- File not found
SRV - (orbpvr) -- File not found
SRV - (oracleorahomepagingserver) -- File not found
SRV - (oraclemtsrecoveryservice) -- File not found
SRV - (omniusb) -- File not found
SRV - (ofcpfwsvc) -- File not found
SRV - (NwSapAgent) -- File not found
SRV - (NWHOST) -- File not found
SRV - (nwcworkstation) -- File not found
SRV - (nvport) -- File not found
SRV - (nvax) -- File not found
SRV - (nvata) -- File not found
SRV - (NTACCESS) -- File not found
SRV - (NsTrcNT) -- File not found
SRV - (nsm1bus) -- File not found
SRV - (npptnt2) -- File not found
SRV - (npkcusb) -- File not found
SRV - (nmwcdc) -- File not found
SRV - (nipsvc) -- File not found
SRV - (NIPALK) -- File not found
SRV - (nimdbgk) -- File not found
SRV - (nimcrpcsu) -- File not found
SRV - (netwg311) -- File not found
SRV - (NetwareWorkstation) -- File not found
SRV - (netw4x32) -- File not found
SRV - (navapsvc) -- File not found
SRV - (navapel) -- File not found
SRV - (nalntservice) -- File not found
SRV - (n558) -- File not found
SRV - (mxnic) -- File not found
SRV - (mwsejcap) -- File not found
SRV - (mwsarcpkt) -- File not found
SRV - (MTsensor) -- File not found
SRV - (MSTAPE) -- File not found
SRV - (msmframework) -- File not found
SRV - (msdv) -- File not found
SRV - (MRESP50) -- File not found
SRV - (MpFilter) -- File not found
SRV - (MobilityService) -- File not found
SRV - (mmc_2K) -- File not found
SRV - (mksvirmonsvc) -- File not found
SRV - (MKEMUSB) -- File not found
SRV - (mhn) -- File not found
SRV - (mgabg) -- File not found
SRV - (merakpop3) -- File not found
SRV - (mcmscsvc) -- File not found
SRV - (mclogmanagerservice) -- File not found
SRV - (mbackmonitor) -- File not found
SRV - (MA8032U) -- File not found
SRV - (lxcccustomerconnect) -- File not found
SRV - (lwwlicenseservice) -- File not found
SRV - (lvupdtio) -- File not found
SRV - (lvmvdrv) -- File not found
SRV - (ltmodem5) -- File not found
SRV - (lirsgt) -- File not found
SRV - (LHidUsbK) -- File not found
SRV - (LHidFilt) -- File not found
SRV - (L8042mou) -- File not found
SRV - (L6POD) -- File not found
SRV - (kraidsvc) -- File not found
SRV - (k750bus) -- File not found
SRV - (jukebox3) -- File not found
SRV - (JiaoCap) -- File not found
SRV - (jconfigd) -- File not found
SRV - (ISAMSvc) -- File not found
SRV - (ireike) -- File not found
SRV - (irda) -- File not found
SRV - (iolodmv) -- File not found
SRV - (inort) -- File not found
SRV - (incdrm) -- File not found
SRV - (imonnt) -- File not found
SRV - (iksysflt) -- File not found
SRV - (igfx) -- File not found
SRV - (ifp800) -- File not found
SRV - (icepack) -- File not found
SRV - (ICAM3NT5) -- File not found
SRV - (ibmfilter) -- File not found
SRV - (IBM_LLC2) -- File not found
SRV - (hpzius12) -- File not found
SRV - (HPSLPSVC) -- File not found
SRV - (HpqRemHid) -- File not found
SRV - (HpqKbFiltr) -- File not found
SRV - (Hotkey) -- File not found
SRV - (hap17v2k) -- File not found
SRV - (HabuFltr) -- File not found
SRV - (gv3) -- File not found
SRV - (GTSCSER) -- File not found
SRV - (GTF32BUS) -- File not found
SRV - (GT680x) -- File not found
SRV - (ghaio) -- File not found
SRV - (genregistrar) -- File not found
SRV - (GBDevice) -- File not found
SRV - (FTSER2K) -- File not found
SRV - (ftsata2) -- File not found
SRV - (filechecker) -- File not found
SRV - (fcprintservice) -- File not found
SRV - (fasttrackinstallerservice) -- File not found
SRV - (eskerlicensecontrol) -- File not found
SRV - (epson_pm_rpcv4_01) -- File not found
SRV - (enxpsvc) -- File not found
SRV - (entertainment) -- File not found
SRV - (enodpl) -- File not found
SRV - (ELmon) -- File not found
SRV - (ELhid) -- File not found
SRV - (elbydelay) -- File not found
SRV - (EKECioCtl) -- File not found
SRV - (eelsservice) -- File not found
SRV - (dsunidrv) -- File not found
SRV - (DritekPortIO) -- File not found
SRV - (dot4scan) -- File not found
SRV - (dnetc) -- File not found
SRV - (dlcq_device) -- File not found
SRV - (dlcg_device) -- File not found
SRV - (digitizer) -- File not found
SRV - (DgiVecp) -- File not found
SRV - (ddxgb) -- File not found
SRV - (DCamUSBSQTECH) -- File not found
SRV - (cxusb) -- File not found
SRV - (CX23880) -- File not found
SRV - (cwafadminmonitor) -- File not found
SRV - (cvslock) -- File not found
SRV - (ctxcpuusync) -- File not found
SRV - (CTMSHD) -- File not found
SRV - (CTMMOUNT) -- File not found
SRV - (CTMFLT) -- File not found
SRV - (CTHWIUT.DLL) -- File not found
SRV - (crcdisk) -- File not found
SRV - (cq_mem) -- File not found
SRV - (com0com) -- File not found
SRV - (co_mon) -- File not found
SRV - (cmudau) -- File not found
SRV - (cmuda) -- File not found
SRV - (cics.region2) -- File not found
SRV - (cdudf_xp) -- File not found
SRV - (cdrbsdrv) -- File not found
SRV - (cdr4_xp) -- File not found
SRV - (cdmservice) -- File not found
SRV - (c-dillasrv) -- File not found
SRV - (CcmExec) -- File not found
SRV - (ccevtmgr) -- File not found
SRV - (caccprovsp) -- File not found
SRV - (btkrnl) -- File not found
SRV - (bthserv) -- File not found
SRV - (bthport) -- File not found
SRV - (bt3cusb) -- File not found
SRV - (BootScreen) -- File not found
SRV - (bobo) -- File not found
SRV - (bltrust) -- File not found
SRV - (bhmonitorservice) -- File not found
SRV - (bdftdif) -- File not found
SRV - (bcftdi) -- File not found
SRV - (backupexecrpcservice) -- File not found
SRV - (axskbus) -- File not found
SRV - (aw_host) -- File not found
SRV - (autostore) -- File not found
SRV - (AtlsAud) -- File not found
SRV - (ATKGFNEXSrv) -- File not found
SRV - (ATKFUSService) -- File not found
SRV - (atinevxx) -- File not found
SRV - (ATIBTCAP) -- File not found
SRV - (askernel) -- File not found
SRV - (ashampoodefragservice) -- File not found
SRV - (armoucfltr) -- File not found
SRV - (aracpi) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (apache2) -- File not found
SRV - (aliadwdm) -- File not found
SRV - (afs2k) -- File not found
SRV - (AEADIFilters) -- File not found
SRV - (adsexpb) -- File not found
SRV - (AdfuUd) -- File not found
SRV - (aavmker4) -- File not found
SRV - (a8djusb) -- File not found
SRV - (A88xTuner) -- File not found
SRV - (a016mdm) -- File not found
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (BBSvc) -- C:\Archivos de programa\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Archivos de programa\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WTGService) -- C:\Archivos de programa\Verbindungsassistent\WTGService.exe ()
SRV - (DeviceManager) -- C:\Archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe ()
SRV - (MDM) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (ewsercd) -- C:\WINDOWS\system32\drivers\ewsercd.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (qcusbser) -- C:\WINDOWS\system32\drivers\qcusbser.sys (TCT International Mobile Ltd)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {520E21C6-4C1F-48C6-BB0B-33B41FF09524}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{520E21C6-4C1F-48C6-BB0B-33B41FF09524}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.3.53363
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Archivos de programa\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Archivos de programa\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Archivos de programa\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Archivos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jose\Configuración local\Datos de programa\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/19 12:01:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Archivos de programa\Google\Google Gears\Firefox\ [2010/09/10 22:42:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Archivos de programa\DivX\DivX Plus Web Player\firefox\html5video [2011/03/22 22:21:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Archivos de programa\DivX\DivX Plus Web Player\firefox\wpa [2011/03/22 22:21:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ff [2009/12/28 14:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox 4.0 Beta 11\components [2012/02/26 18:24:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox 4.0 Beta 11\plugins [2011/08/17 06:21:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2011/05/01 22:13:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/07/16 23:10:43 | 000,000,000 | ---D | M]

[2009/12/16 22:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Extensions
[2009/12/16 22:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/02/28 20:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Firefox\Profiles\a2umw4m8.default\extensions
[2012/01/29 10:24:26 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Firefox\Profiles\a2umw4m8.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/01/09 11:21:06 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Firefox\Profiles\a2umw4m8.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012/02/28 20:29:39 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Firefox\Profiles\a2umw4m8.default\extensions\donottrackplus@abine.com
[2011/12/18 09:25:41 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Jose\Datos de programa\Mozilla\Firefox\Profiles\a2umw4m8.default\extensions\piclens@cooliris.com
[2011/10/28 16:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2011/05/01 22:13:23 | 000,000,000 | ---D | M] (Default) -- C:\Archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/28 14:17:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/12/28 16:05:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/05/04 20:54:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/08 21:21:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/10 23:02:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/28 00:00:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/16 20:42:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSE\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\A2UMW4M8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/05/01 22:13:12 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\compone

#8 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 01 March 2012 - 08:50 PM

These instructions are by sUBs at http://www.techsuppo...rum.com/forums/
I don't know whether they apply to XP, but please give it a try.

1. Locate the file - C:\Windows\inf\Nettcpip.inf
  • It's important that you first make a copy of the file. Place the copy on your Desktop.
  • Once you have done that, use Notepad open the original file for editing.

Posted Image


2. Locate the [MS_TCPIP.PrimaryInstall] section.

3. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0×80.


Posted Image


4. Save the file, and then exit Notepad.


Posted Image


5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.


Posted Image Posted Image


6. On the General tab, click Install, select Protocol, and then click Add.


Posted Image


7. In the Select Network Protocols window, click Have Disk.


Posted Image



8. In the Copy manufacturer’s files from: text box, type c:\windows\inf, and then click OK.


Posted Image



9. Select Internet Protocol (TCP/IP), and then click OK.


Posted Image


Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.

10. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.


11. It is important that you restart the computer to complete the uninstall.



------------


Step #2 - Reinstall of TCP/IP


Posted Image



Take the nettcpip.inf which you have earlier copied to Desktop. Move it back to the directory C:\Windows\INF\ overwriting the existing copy. The file shall now look exactly like the sample above.


Redo sub-steps 4-11 to re-install TCP/IP[/QUOTE]

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#9 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 02 March 2012 - 04:28 PM

We're getting closer but it still does not work.
It's improved since I can connect via internet if I know the ip address. However, the dns still does not work.

Do you have a suggestion there?
Thank you in advance.

#10 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 02 March 2012 - 06:34 PM

Please run Farbar Service Scanner again and post new log. Sounds like DNS problem, offhand.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#11 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 03 March 2012 - 05:14 AM

Hi, this is the output from FSS

Farbar Service Scanner Version: 01-03-2012
Ran by Jose (administrator) on 03-03-2012 at 11:09:48
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

C:\WINDOWS\system32\ipnathlp.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

C:\WINDOWS\system32\netman.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\srsvc.dll
[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

C:\WINDOWS\system32\Drivers\sr.sys
[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

C:\WINDOWS\system32\wscsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\wuauserv.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

C:\WINDOWS\system32\qmgr.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

C:\WINDOWS\system32\es.dll
[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

C:\WINDOWS\system32\cryptsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

C:\WINDOWS\system32\svchost.exe
[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

C:\WINDOWS\system32\rpcss.dll
[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

C:\WINDOWS\system32\services.exe
[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9


Extra List:
=======
fssfltr(8) Gpc(6) IPSec(13) NetBT(14) PSched(7) Tcpip(12)
0x0E0000000D0000000A0000000400000001000000020000000300000005000000060000000700000008000000090000000B0000000C0000000E000000


**** End of log ****


Thank you!

#12 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 03 March 2012 - 12:33 PM

Do Start > Run and enter 'cmd.exe'.
At the command prompt enter:
ipconfig /flushdns

Did that help?

If not, please reboot into 'Safe Mode with Networking'. (Hit the F8 key several times while booting to get the boot menu). Does the DNS still not work?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#13 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 03 March 2012 - 12:46 PM

Do Start > Run and enter 'cmd.exe'.
At the command prompt enter:

ipconfig /flushdns

Did that help?

If not, please reboot into 'Safe Mode with Networking'. (Hit the F8 key several times while booting to get the boot menu). Does the DNS still not work?



#14 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 03 March 2012 - 12:49 PM

It did not work. In addition, I cannot restart in safe mode with network as I get a blue screen and immediately after I get the start menu again.
Any ideas?

#15 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 03 March 2012 - 02:54 PM

Bring up OTL (don't run it just yet).

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:DFC5A2B2
[C:\WINDOWS\$NtUninstallKB26159$]
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Close other windows.
Then click the red 'Run Fix' button (not the Run Scan).

Post the log OTL.TXT in your reply.


After that:

Download the Kaspersky Virus Removal Tool installer and transfer to affected PC. You'll need to give Kaspersky your email address.

Download the latest version of Kaspersky Virus Removal Tool
  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.
    Posted Image
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved into another reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#16 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 03 March 2012 - 05:14 PM

OTL is taking forever. it says "killing process. DO NOT INTERRUPT..." for more than 30 mins.
It this normal? How long should it take?

Thank you

#17 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 03 March 2012 - 05:35 PM

It may not be able to remove that mount point. Wait maybe 5 minutes more, then kill it and proceed to try the Kaspersky AntiVirus tool.


After that:
Your inability to boot to Safe Mode plus that mount point make me think you might have ZeroAccess. It would be nice if we could run ComboFix but it would probably want an internet connection. However after the Kaspersky please download and transfer it, then run it. If it says LIMITED FUNCTIONALITY that's all right:

Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#18 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 04 March 2012 - 01:58 PM

Hi again,

I did not manage to run OTL.
Regarding the Kaspersky Virus Removal Tool, there is not such a thing as detected section in the log or a first part. I've search for the 'detected' word in the log and I'm posting now the results here:
04/03/2012 11:56:24 Detected: http://www.securelis...dvisories/43269 C:\archivos de programa\Adobe\Reader 8.0\Reader\RdLang32.ESP
04/03/2012 11:50:15 Detected: http://www.securelis...dvisories/48009 C:\Archivos de programa\Java\jre6\bin\java.exe
04/03/2012 11:21:56 Detected: http://www.securelis...dvisories/48033 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
04/03/2012 9:49:44 Detected: Exploit.Java.CVE-2011-3544.jt C:\Documents and Settings\Jose\Datos de programa\Sun\Java\Deployment\cache\6.0\6\6f5830c6-50b8f5a6/Photo.class
04/03/2012 9:37:58 Detected: Trojan.Win32.Yakes.qap C:\Documents and Settings\Jose\Configuración local\Datos de programa\7ca7e577\X
04/03/2012 9:34:49 Detected: Backdoor.Win32.Agent.cfwq C:\Documents and Settings\Jose\Configuración local\Archivos temporales de Internet\Content.IE5\K40LWTOE\10[1].exe
04/03/2012 9:22:24 Detected: http://www.securelis...dvisories/48089 C:\Archivos de programa\Mozilla Firefox\firefox.exe
04/03/2012 9:03:23 Detected: http://www.securelis...dvisories/43269 C:\Archivos de programa\Adobe\Reader 8.0\Reader\AcroRd32.dll
04/03/2012 9:14:32 Detected: http://www.securelis...dvisories/48009 C:\Archivos de programa\Java\jre6\bin\java.exe


Regarding ComboFix ... It said that the PC is infected with Rootkit.ZeroAccess in the tcp/ip stack. It also complained that it could not install the Recovery Console as no internet connection was available. Here is the log:

ComboFix 12-03-03.02 - Jose 04/03/2012 19:20:35.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.2039.1589 [GMT 1:00]
Running from: c:\documents and settings\Jose\Escritorio\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Datos de programa\TEMP
c:\windows\$NtUninstallKB26159$
c:\windows\$NtUninstallKB26159$\2091378039\@
c:\windows\$NtUninstallKB26159$\2091378039\L\uzmqoagj
c:\windows\$NtUninstallKB26159$\2091378039\loader.tlb
c:\windows\$NtUninstallKB26159$\2091378039\U\@00000001
c:\windows\$NtUninstallKB26159$\2091378039\U\@000000c0
c:\windows\$NtUninstallKB26159$\2091378039\U\@000000cb
c:\windows\$NtUninstallKB26159$\2091378039\U\@000000cf
c:\windows\$NtUninstallKB26159$\2091378039\U\@80000000
c:\windows\$NtUninstallKB26159$\2091378039\U\@800000c0
c:\windows\$NtUninstallKB26159$\2091378039\U\@800000cb
c:\windows\$NtUninstallKB26159$\2091378039\U\@800000cf
c:\windows\$NtUninstallKB26159$\3483856644
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent
.
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-02-29 23:46 . 2008-04-14 06:48 870784 ------w- c:\windows\system32\ati3d1ag.dll
2012-02-29 23:42 . 2008-04-14 06:48 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2012-02-29 23:40 . 2006-12-28 23:31 19569 ----a-w- c:\windows\000001_.tmp
2012-02-29 23:40 . 2012-02-29 23:40 -------- d-----w- c:\windows\EHome
2012-02-29 23:20 . 2001-08-17 20:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-02-29 23:20 . 2001-08-17 19:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2012-02-29 23:19 . 2001-08-22 21:14 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2012-02-29 23:19 . 2001-08-17 21:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2012-02-29 23:19 . 2001-08-17 21:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2012-02-29 23:19 . 2001-08-17 21:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2012-02-29 23:19 . 2001-08-17 21:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2012-02-29 23:19 . 2001-08-22 21:15 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2012-02-29 23:19 . 2001-08-17 20:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2012-02-29 23:19 . 2001-08-17 21:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2012-02-29 23:19 . 2001-08-22 21:15 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2012-02-29 23:19 . 2001-08-22 21:15 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2012-02-29 23:19 . 2001-08-22 21:15 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2012-02-29 23:18 . 2001-08-22 21:15 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2012-02-29 23:18 . 2001-08-22 21:15 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2012-02-29 23:18 . 2001-08-22 21:15 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2012-02-29 23:18 . 2001-08-22 20:28 286848 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2012-02-29 23:18 . 2001-08-22 20:27 17024 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2012-02-29 23:18 . 2001-08-17 19:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-02-29 23:18 . 2001-08-22 21:15 99840 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2012-02-29 23:18 . 2001-08-22 21:15 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2012-02-29 23:18 . 2001-08-17 20:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-02-29 23:17 . 2001-08-22 21:15 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2012-02-29 23:17 . 2001-08-17 21:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2012-02-29 23:17 . 2001-08-17 20:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2012-02-29 23:17 . 2001-08-17 19:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2012-02-29 23:17 . 2001-08-22 21:15 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-02-29 23:17 . 2001-08-17 19:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2012-02-29 23:17 . 2001-08-17 20:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2012-02-29 23:17 . 2008-04-14 12:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2012-02-29 23:17 . 2008-04-13 23:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-02-29 23:17 . 2001-08-17 20:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2012-02-29 23:17 . 2001-08-17 19:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-02-29 23:15 . 2008-04-13 21:05 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2012-02-29 23:14 . 2001-08-22 20:49 161696 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-02-29 23:14 . 2001-07-21 21:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-02-29 23:14 . 2001-08-17 19:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-02-29 23:14 . 2001-08-22 21:14 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-02-29 23:14 . 2001-08-17 19:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-02-29 23:14 . 2001-08-22 20:49 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-02-29 23:14 . 2001-08-22 20:49 18176 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-02-29 23:14 . 2001-08-17 20:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-02-29 23:14 . 2008-04-13 23:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-02-29 23:14 . 2001-08-17 20:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-02-29 23:13 . 2001-08-22 20:49 17536 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2012-02-29 23:13 . 2001-08-22 20:48 16768 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2012-02-29 23:13 . 2001-08-17 20:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2012-02-29 23:13 . 2001-08-22 20:48 24064 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-02-29 23:13 . 2008-04-13 23:10 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-02-29 23:13 . 2001-08-22 21:15 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2012-02-29 23:13 . 2001-08-17 19:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-02-29 23:13 . 2001-08-22 21:14 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2012-02-29 23:13 . 2001-08-17 19:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2012-02-29 23:13 . 2001-08-22 21:14 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-02-29 23:13 . 2001-08-17 19:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2012-02-29 23:13 . 2001-08-22 21:14 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2012-02-29 23:11 . 2001-08-22 21:15 10240 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2012-02-29 23:11 . 2001-08-17 19:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2012-02-29 23:11 . 2008-04-14 06:22 79360 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2012-02-29 23:11 . 2001-08-17 19:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2012-02-29 23:11 . 2008-04-13 23:16 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2012-02-29 23:11 . 2001-08-22 21:15 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-02-29 23:11 . 2008-04-13 22:53 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2012-02-29 23:11 . 2001-08-17 20:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2012-02-29 23:11 . 2001-08-22 20:46 715370 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2012-02-29 23:11 . 2001-08-22 20:46 899754 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2012-02-29 23:11 . 2001-08-22 21:15 41984 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2012-02-29 23:10 . 2001-08-17 20:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2012-02-29 23:10 . 2001-08-17 20:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2012-02-29 23:10 . 2001-08-17 20:52 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2012-02-29 23:10 . 2001-08-17 20:52 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2012-02-29 23:10 . 2001-08-17 20:52 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2012-02-29 23:10 . 2001-08-17 20:52 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2012-02-29 23:10 . 2008-04-13 23:10 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2012-02-29 23:10 . 2001-08-17 20:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2012-02-29 23:10 . 2001-08-17 20:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-02-29 23:10 . 2001-08-17 20:28 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2012-02-29 23:10 . 2008-04-14 06:48 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2012-02-29 23:10 . 2001-08-22 21:15 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-02-29 23:08 . 2008-04-14 06:47 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-02-29 23:07 . 2001-08-22 21:15 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-02-29 23:07 . 2001-08-17 21:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2012-02-29 23:07 . 2001-08-22 21:15 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2012-02-29 23:07 . 2001-08-22 21:15 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2012-02-29 23:07 . 2001-08-17 21:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2012-02-29 23:07 . 2001-08-22 21:15 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-02-29 23:07 . 2001-08-17 21:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2012-02-29 23:07 . 2001-08-17 21:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-02-29 23:07 . 2001-08-17 21:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-02-29 23:07 . 2001-08-17 21:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2012-02-29 23:07 . 2001-08-22 20:43 54826 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-02-29 23:07 . 2001-08-22 20:43 44201 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2012-02-29 23:05 . 2001-08-17 19:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-02-29 23:05 . 2001-08-17 19:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-02-29 23:05 . 2008-04-14 06:25 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-02-29 23:05 . 2001-08-22 20:39 67166 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-02-29 23:05 . 2001-08-17 19:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-02-29 23:05 . 2001-08-22 21:14 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-02-29 23:05 . 2001-08-17 20:49 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2012-02-29 23:05 . 2001-08-22 21:14 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2012-02-29 23:05 . 2001-08-17 19:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-02-29 23:05 . 2001-08-17 19:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2012-02-29 23:05 . 2001-08-22 21:14 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2012-02-29 23:03 . 2008-04-13 23:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-02-29 23:03 . 2001-08-17 20:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-02-29 23:03 . 2001-08-17 21:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-29 23:03 . 2008-04-13 23:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-02-29 23:03 . 2008-04-14 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-02-29 23:03 . 2001-08-17 21:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-02-29 23:02 . 2001-08-17 20:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-02-29 23:02 . 2008-04-13 23:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-02-29 23:02 . 2001-08-17 20:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-02-29 23:02 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-02-29 23:02 . 2001-08-17 20:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-02-29 23:02 . 2001-08-17 20:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-02-29 23:02 . 2001-08-22 20:33 320512 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-02-29 23:02 . 2001-08-22 21:14 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2012-02-29 23:02 . 2008-04-13 23:11 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-02-29 23:02 . 2001-08-22 21:15 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-02-29 23:00 . 2001-08-17 20:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-02-29 23:00 . 2001-08-17 19:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 16:34 . 2012-01-29 15:58 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-12 17:20 . 2009-05-22 04:48 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:07 . 2009-05-22 04:48 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:07 . 2009-05-22 04:48 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:07 . 2009-05-22 04:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:07 . 2009-05-22 04:48 17408 ----a-w- c:\windows\system32\corpol.dll
2011-12-16 08:50 . 2012-01-29 15:58 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-16 08:50 . 2012-01-29 15:58 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\archivos de programa\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
"H/PC Connection Agent"="c:\archivos de programa\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"F.lux"="c:\documents and settings\Jose\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"SpybotSD TeaTimer"="c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusACPIServer"="c:\archivos de programa\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\archivos de programa\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\archivos de programa\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"SynTPEnh"="c:\archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\archivos de programa\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\archivos de programa\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]
"Malwarebytes' Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Jose\Menú Inicio\Programas\Inicio\
_uninst_65942103.lnk - c:\documents and settings\Jose\Configuración local\Temp\_uninst_65942103.bat [N/A]
.
c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\
SuperHybridEngine.lnk - c:\archivos de programa\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-22 376832]
Microsoft Office.lnk - c:\archivos de programa\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, OjsiyrEmhang.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\archivos de programa\Microsoft ActiveSync\rapimgr.exe"= c:\archivos de programa\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\archivos de programa\Microsoft ActiveSync\wcescomm.exe"= c:\archivos de programa\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\archivos de programa\Microsoft ActiveSync\WCESMgr.exe"= c:\archivos de programa\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"d:\\eclipse\\eclipse.exe"=
"c:\\Archivos de programa\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Archivos de programa\\DivX\\DivX Update\\DivXUpdate.exe"=
"c:\\Documents and Settings\\Jose\\Local Settings\\Apps\\F.lux\\flux.exe"=
"c:\\Archivos de programa\\Avira\\AntiVir Desktop\\ipmgui.exe"=
"c:\\Archivos de programa\\Mozilla Firefox 4.0 Beta 11\\firefox.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\java.exe"=
"c:\\Archivos de programa\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"=
"c:\\Archivos de programa\\Avira\\AntiVir Desktop\\avnotify.exe"=
"c:\\Documents and Settings\\Jose\\Configuración local\\Datos de programa\\Google\\Update\\GoogleUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [29/01/2012 16:58 36000]
R2 AntiVirSchedulerService;Avira Programador;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [29/01/2012 16:58 86224]
R2 BBSvc;Bing Bar Update Service;c:\archivos de programa\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
R2 BBUpdate;BBUpdate;c:\archivos de programa\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 DeviceManager;DeviceManager;c:\archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe -start --> c:\archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe -start [?]
R2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [29/02/2012 23:21 652360]
R2 WTGService;WTGService;c:\archivos de programa\Verbindungsassistent\WTGService.exe [18/01/2011 22:48 330696]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20/05/2009 6:08 38912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/02/2012 23:21 20464]
S2 gupdate;Google Update Service (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [10/09/2010 22:42 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/05/2009 5:20 1684736]
S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [18/01/2011 22:48 100224]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\Google\Update\GoogleUpdate.exe [10/09/2010 22:42 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [18/01/2011 22:48 103040]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [17/12/2009 14:36 103552]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [22/05/2009 5:58 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01/04/2009 3:41 39040]
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
spcstb
tbhsd
prevxagent
MTsensor
SunkFilt39
s217mdm
CX23880
mhn
vnxservice
aavmker4
riomsc
mgabg
ghaio
EKECioCtl
TeamViewer
winachcf
symwsc
sentinelprotectionserver
sysmgmthp
lvmvdrv
tosrfec
A88xTuner
BootScreen
GT680x
atinevxx
adsexpb
ELhid
ATIBTCAP
pccsmcfd
armoucfltr
inort
siswlsvc
mxnic
toshidpt
cq_mem
NsTrcNT
srvdpi
FTSER2K
lvupdtio
nalntservice
SPFDRV
cvslock
afs2k
vaiomediaplatform-photoserver-appserver
Pnp680r
filechecker
MobilityService
ibmfilter
veteboot
elbydelay
navapsvc
cmudau
Wbutton
dnetc
AEADIFilters
btkrnl
ql2100
iolodmv
sglfb
bt3cusb
webfilter
w550mdm
bhmonitorservice
tsmservice
tgsrvc_smartagent
aracpi
P16X
nimcrpcsu
NWHOST
netw4x32
dlcg_device
jconfigd
igfx
WmFilter
mwsarcpkt
tos_sps32
se58mdfl
digitizer
slee_503_service
se58unic
ashampoodefragservice
WISTechVIDCAP
trayman
U81xbus
incdrm
crcdisk
W700mgmt
vwd
vxsvc
mcmscsvc
ftsata2
aliadwdm
CTHWIUT.DLL
dsunidrv
bcftdi
IBM_LLC2
ATKFUSService
oraclemtsrecoveryservice
ELmon
msmframework
HpqKbFiltr
lxcccustomerconnect
cdrbsdrv
sr_watchdog
snmptrapdservice
aw_host
cdudf_xp
enxpsvc
NetwareWorkstation
cmuda
SiSGbeXP
tdrpman174
sqlagent$sony_mediamgr
transactional
PGPdisk
ctxcpuusync
tmesbs32
lirsgt
Hotkey
NTACCESS
hpzius12
HPSLPSVC
SE2Bobex
com0com
k750bus
co_mon
ccevtmgr
ICAM3NT5
w810obex
askernel
hap17v2k
cics.region2
wacomkey
PNRPSvc
nvax
retrowdsvc
kraidsvc
spsslm
w200mdfl
viaudio
p2pgasvc
netwg311
MSTAPE
ofcpfwsvc
dot4scan
wpsscannersvc
winpowerrmi
jukebox3
nimdbgk
vulfnths
mwsejcap
HabuFltr
CTMSHD
nwcworkstation
ATKGFNEXSrv
w550mgmt
bltrust
NwSapAgent
wanminiportservice
SNTIE
iksysflt
ps2
ISAMSvc
MpFilter
UCTblHid
unlockerdriver5
xnacc
a016mdm
USBCamera
nvata
c-dillasrv
CcmExec
tossmbnt
useraccess
sfcure01
backupexecrpcservice
enodpl
sbhooksvc
AtlsAud
XFX_program
sonypvs1
eskerlicensecontrol
ddxgb
mclogmanagerservice
vpcbus
JiaoCap
ltmodem5
qconsvc
caccprovsp
relational
mmc_2K
fcprintservice
upsentry_smart
spupdsvc
LHidFilt
L6POD
WscNetDr
pfmodnt
pnkbstrb
wampmysqld
USB28xxOEM
WMIService
genregistrar
apache2
raidmsvr
omniusb
PSSdk21
tvald
rchost
bdftdif
SE2Emgmt
imonnt
stirusb
SE2Eobex
ifp800
roxliveshare
oracleorahomepagingserver
WacomVKHid
orbpvr
msdv
winss
sysaidagent
wcontrol
npptnt2
savrtpel
DgiVecp
DCamUSBSQTECH
icepack
navapel
wandrv
MA8032U
UimBus
cdmservice
autostore
timounter
gv3
lwwlicenseservice
RR2Vbi
tsmapip
mbackmonitor
GTSCSER
DritekPortIO
CTMMOUNT
GBDevice
irda
ireike
a8djusb
websensedcagent
nmwcdc
bthserv
ssm_mdfl
fasttrackinstallerservice
L8042mou
merakpop3
usbcm
AdfuUd
rnadirectory
vmparport
nvport
cxusb
zpmysql
MRESP50
rnadiagnosticsservice
wdm_au8820
NIPALK
mksvirmonsvc
w39n51
GTF32BUS
axskbus
entertainment
n558
MKEMUSB
cwafadminmonitor
epson_pm_rpcv4_01
cdr4_xp
quickbooksdb
pdlnctdl
CTMFLT
eelsservice
snpstd2
useraccess7
PDExchange
vmount2
bobo
HpqRemHid
parallel
SaiClass
s7otranx
svcwrsssdk
bthport
npkcusb
nipsvc
nsm1bus
LHidUsbK
ZSMC303
dlcq_device
snapman
SrvcSSIOMngr
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-09-10 21:42]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-09-10 21:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Enviar a &Bluetooth - c:\archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar a Bluetooth - c:\archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Jose\Datos de programa\Mozilla\Firefox\Profiles\a2umw4m8.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-PAwhgCLyHSr - c:\documents and settings\All Users\Datos de programa\PAwhgCLyHSr.exe
MSConfigStartUp-SRS Premium Sound - c:\archivos de programa\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\Jose\CONFIG~1\Temp\RGI5.tmp
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2868)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Avira\AntiVir Desktop\avguard.exe
c:\archivos de programa\Archivos comunes\DeviceHelper\DeviceManager.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\archivos de programa\Avira\AntiVir Desktop\avshadow.exe
c:\archiv~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Completion time: 2012-03-04 19:44:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-04 18:44
.
Pre-Run: 16.073.777.152 bytes libres
Post-Run: 16.703.442.944 bytes libres
.
- - End Of File - - E832589DA1028D65385E5B99CB690B7D


Thank you in advance for your kind help

#19 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 04 March 2012 - 02:55 PM

Yes, I suspected ZeroAccess.

Did Kaspersky Virus Removal Tool remove those things it detected?

What is your status now? Please let me know.
- Still no DNS?
- Still can't boot Safe Mode with Networking?


Please be patient while I consult others as to how best to proceed.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#20 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 04 March 2012 - 03:19 PM

Status summary:
- The Kaspersky Virus Removal Tool remove all those things and the status light was yellow at the end of the process (it was red after detection prior deletion).
- DNS still does not work
- Regarding Safe Mode with Networking ... it now works! however, DNS still does not work in safe mode with networking.

Thank you for all your help so far. I wait for your instructions.

#21 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 04 March 2012 - 04:22 PM

That's good news. Let's see if we can fix the DNS now.

First make a System Restore Point. How to set a system restore point in Windows XP. Label it "Bad DNS" so you don't inadvertently use it.

Transfer ERUNT to the Desktop of the sick PC and run it.
Back up your Registry with ERUNT.

Transfer WinSockFix 1.1.0.13 to sick PC Desktop and run it.
WinSockFix 1.1.0.13. CAUTION: click on one of the blue 'Softpedia Mirror' links and don't be misled by the big DOWNLOAD button which is for something else.
Run it, reboot, and please let me know if it worked. If not, other methods are available.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#22 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 04 March 2012 - 04:44 PM

Thank you but still it does not work. Let's try with the next!

#23 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 04 March 2012 - 06:20 PM

Just wanting to make sure this isn't merely a browser problem.

Please do Start > Run, enter 'cmd.exe'.
At the prompt enter
ping www.google.com
Do you get error "Ping request could not find host"?

Edit:
Also please enter
ipconfig > ipconfig.txt
Post the contents of ipconfig.txt in your reply; then you can delete it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#24 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 05 March 2012 - 12:39 PM

yes, ping could not find host

here is the ipconfig output:


Configuración IP de Windows





Adaptador Ethernet Conexión de área local :



Estado de los medios. . . .: medios desconectados



Adaptador Ethernet Conexiones de red inalámbricas :



Sufijo de conexión específica DNS : localdomain

Dirección IP. . . . . . . . . . . : 192.168.1.6

Máscara de subred . . . . . . . . : 255.255.255.0

Puerta de enlace predeterminada : 192.168.1.1

#25 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 05 March 2012 - 12:52 PM

That is a very sparse looking ipconfig output. I expected more text. Perhaps XP needs /all.
Please enter this at command prompt:
ipconfig /all > ipconfig.txt
and post the new ipconfig.txt.

Please get a new copy of Farbar Service Scanner
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#26 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 05 March 2012 - 01:45 PM

Here is the output:
It puzzles me that it says that DHCP is not enabled but I've checked the service (DHCP Client) and it is started.


Configuración IP de Windows



Nombre del host . . . . . . . . . : nombre-d4refsk8

Sufijo DNS principal . . . . . . :

Tipo de nodo . . . . . . . . . . : desconocido

Enrutamiento habilitado. . . . . .: No

Proxy WINS habilitado. . . . . : No

Lista de búsqueda de sufijo DNS: localdomain



Adaptador Ethernet Conexión de área local :



Estado de los medios. . . .: medios desconectados

Descripción. . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller

Dirección física. . . . . . . . . : 90-E6-BA-0A-56-B9



Adaptador Ethernet Conexiones de red inalámbricas :



Sufijo de conexión específica DNS : localdomain

Descripción. . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter

Dirección física. . . . . . . . . : 00-25-D3-5A-B8-24

DHCP habilitado. . . . . . . . . : No

Autoconfiguración habilitada. . . : Sí

Dirección IP. . . . . . . . . . . : 192.168.1.6

Máscara de subred . . . . . . . . : 255.255.255.0

Puerta de enlace predeterminada : 192.168.1.1

Servidor DHCP . . . . . . . . . . : 192.168.1.1

Servidores DNS . . . . . . . . . .: 192.168.1.1

Concesión obtenida . . . . . . . : lunes, 05 de marzo de 2012 19:41:00

Concesión expira . . . . . . . . .: lunes, 12 de marzo de 2012 19:41:00




This is the FSS output:
Farbar Service Scanner Version: 01-03-2012
Ran by Jose (administrator) on 05-03-2012 at 19:41:53
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

C:\WINDOWS\system32\ipnathlp.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

C:\WINDOWS\system32\netman.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\srsvc.dll
[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

C:\WINDOWS\system32\Drivers\sr.sys
[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

C:\WINDOWS\system32\wscsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\wuauserv.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

C:\WINDOWS\system32\qmgr.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

C:\WINDOWS\system32\es.dll
[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

C:\WINDOWS\system32\cryptsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

C:\WINDOWS\system32\svchost.exe
[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

C:\WINDOWS\system32\rpcss.dll
[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

C:\WINDOWS\system32\services.exe
[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9


Extra List:
=======
fssfltr(8) Gpc(6) IPSec(13) NetBT(14) PSched(7) Tcpip(12)
0x0E0000000D0000000A0000000400000001000000020000000300000005000000060000000700000008000000090000000B0000000C0000000E000000


**** End of log ****


Thank you!

#27 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 05 March 2012 - 03:05 PM

More consultation in progress. Thanks for your patience.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#28 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 05 March 2012 - 03:55 PM

Thank you for consulting. I'm happy to be taken care of so well.

#29 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 05 March 2012 - 06:34 PM

Bring up OTL (don't run it just yet).
Set all of the eight sections at the top (Processes, Modules, etc) to 'None'.

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Reg
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Close other windows.
Then click the red 'Run Fix' button (not the Run Scan).
It will reboot.

Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
  • On the General tab, click Install a popup window opens.
  • Select Protocol from the list and then click Add.
  • A new window opens, click Have Disk....
  • In the browse... box type c:\windows\inf
  • Click OK.
  • Select Internet Protocol (TCP/IP), and then click OK.
  • Restart and check the connection.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#30 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 05 March 2012 - 06:42 PM

Bring up OTL (don't run it just yet).
Set all of the eight sections at the top (Processes, Modules, etc) to 'None'.

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Reg
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Close other windows.
Then click the red 'Run Fix' button (not the Run Scan).
After running, it will reboot.

Then after reboot:
Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
  • On the General tab, click Install a popup window opens.
  • Select Protocol from the list and then click Add.
  • A new window opens, click Have Disk....
  • In the browse... box type c:\windows\inf
  • Click OK.
  • Select Internet Protocol (TCP/IP), and then click OK.
  • Restart and check the connection.

Finally, please run Farbar Service Scanner again and post its log.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#31 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 06 March 2012 - 01:26 AM

OTL seems to be frozen. It just says 'Killing processes. DO NOT INTERRUPT ...' for ever.

#32 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 06 March 2012 - 09:29 AM

shall I try to run your last procedure in safe mode?

#33 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 06 March 2012 - 11:19 AM

Lets try removing the two Registry keys a different way.
Copy this text to Notepad (the blank line is necessary):
REGEDIT4

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2]
Save As 'WinsockOut.reg' with file type set to All types (*.*)
Then right-click the 'WinsockOut.reg' and select 'Merge'.

If any problem with that, try it in Safe Mode.

Then reboot, and do this:
Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
  • On the General tab, click Install a popup window opens.
  • Select Protocol from the list and then click Add.
  • A new window opens, click Have Disk....
  • In the browse... box type c:\windows\inf
  • Click OK.
  • Select Internet Protocol (TCP/IP), and then click OK.
  • Restart and check the connection.

Finally, please run Farbar Service Scanner again and post its log.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#34 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 06 March 2012 - 01:42 PM

everything went fine, in the sense that i could run everything. However Internet still does not work.

here is the log
Farbar Service Scanner Version: 01-03-2012
Ran by Jose (administrator) on 06-03-2012 at 19:27:44
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

C:\WINDOWS\system32\ipnathlp.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

C:\WINDOWS\system32\netman.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\srsvc.dll
[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

C:\WINDOWS\system32\Drivers\sr.sys
[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

C:\WINDOWS\system32\wscsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\wuauserv.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

C:\WINDOWS\system32\qmgr.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

C:\WINDOWS\system32\es.dll
[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

C:\WINDOWS\system32\cryptsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

C:\WINDOWS\system32\svchost.exe
[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

C:\WINDOWS\system32\rpcss.dll
[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

C:\WINDOWS\system32\services.exe
[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9


Extra List:
=======
fssfltr(8) Gpc(6) IPSec(13) NetBT(14) PSched(7) Tcpip(12)
0x0E0000000D0000000A0000000400000001000000020000000300000005000000060000000700000008000000090000000B0000000C0000000E000000


**** End of log ****

Any ideas?
Thank you!

#35 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 06 March 2012 - 01:55 PM

Go Start > Run
In the box type 'regedit' and press enter
A window will open with a tree structure
Open the tree by pressing the little arrows unitl you reach this Key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IpSec]
Right click the key and select 'Export'
Save it to your desktop
Right click the reg file on the desktop and select Edit
Copy and paste the data to your next reply

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#36 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 06 March 2012 - 02:46 PM

it looks like the lpSec key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services does not exists!
I've looked for 'lpSec' in all keys (in the My PC root) and it could not find it.

#37 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 06 March 2012 - 03:22 PM

Please go to http://www.smartestc...y-network-keys/
Download XP.zip
Open the .zip file and right-click the 'ipsec.reg'.
Select 'Open' or 'Merge' and click 'Yes'.

Now the Key will be there. Please open regedit again and export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IpSec as above.

Please post the data.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#38 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 06 March 2012 - 06:00 PM

done! Here is the export


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000005
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,70,00,73,00,65,00,63,00,2e,\
00,73,00,79,00,73,00,00,00
"DisplayName"="IPSEC driver"
"Group"="PNP_TDI"
"Description"="IPSEC driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Enum]
"0"="Root\\LEGACY_IPSEC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

#39 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 06 March 2012 - 06:03 PM

Good. Now please run Farbar again and post the new log, so I can tell what in that Key needs to be changed.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#40 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 06 March 2012 - 06:10 PM

here is the output from FSS
Farbar Service Scanner Version: 01-03-2012
Ran by Jose (administrator) on 07-03-2012 at 00:09:04
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

C:\WINDOWS\system32\ipnathlp.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

C:\WINDOWS\system32\netman.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\srsvc.dll
[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

C:\WINDOWS\system32\Drivers\sr.sys
[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

C:\WINDOWS\system32\wscsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\wuauserv.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

C:\WINDOWS\system32\qmgr.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

C:\WINDOWS\system32\es.dll
[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

C:\WINDOWS\system32\cryptsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

C:\WINDOWS\system32\svchost.exe
[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

C:\WINDOWS\system32\rpcss.dll
[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

C:\WINDOWS\system32\services.exe
[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9


Extra List:
=======
fssfltr(8) Gpc(6) IPSec(5) NetBT(14) PSched(7) Tcpip(12)
0x0E0000000D0000000A0000000400000001000000020000000300000005000000060000000700000008000000090000000B0000000C0000000E000000


**** End of log ****


Thank you!

#41 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 06 March 2012 - 07:19 PM

Please copy this into Notepad and save as 'IpSec4.reg'
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"Tag"=dword:00000004
Right-click 'IpSec4.reg' and select 'Merge'. Click Yes.
After reboot please see if you have DNS.
Then run Farbar yet again and post the log.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#42 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 07 March 2012 - 12:24 PM

Hi cnm,
I followed your procedure regarding IpSec4.req but DNS still does not work.
Here is the FSS log
Farbar Service Scanner Version: 01-03-2012
Ran by Jose (administrator) on 07-03-2012 at 18:19:40
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

C:\WINDOWS\system32\ipnathlp.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

C:\WINDOWS\system32\netman.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\srsvc.dll
[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

C:\WINDOWS\system32\Drivers\sr.sys
[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

C:\WINDOWS\system32\wscsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\wuauserv.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

C:\WINDOWS\system32\qmgr.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

C:\WINDOWS\system32\es.dll
[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

C:\WINDOWS\system32\cryptsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

C:\WINDOWS\system32\svchost.exe
[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

C:\WINDOWS\system32\rpcss.dll
[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

C:\WINDOWS\system32\services.exe
[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9


Extra List:
=======
fssfltr(8) Gpc(6) IPSec(4) NetBT(14) PSched(7) Tcpip(12)
0x0E0000000D0000000A0000000400000001000000020000000300000005000000060000000700000008000000090000000B0000000C0000000E000000


**** End of log ****

Thank you!

#43 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 07 March 2012 - 12:43 PM

I need to get further consultation on this. Thanks for your patience!

In the meantime please open the XP.zip you downloaded from http://www.smartestc...y-network-keys/
Right-click on each of the included .reg files and select 'Open' or 'Merge'. You may get error on the ones that have name starting with 'Legacy_'. That's OK, just do all the others including ipsec.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#44 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 07 March 2012 - 12:58 PM

ok, I just did.
I also rebooted and tried DNS just in case (as you may imagine it did not worked).

I wait for your instructions.
Thank you!

#45 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 07 March 2012 - 01:05 PM

Consultation under way. :)
:ugh:

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#46 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 07 March 2012 - 01:12 PM

Try this - not much hope though -

Start > Run, 'cmd.exe'
Enter each of these commands one at a time:
netsh winsock reset 
netsh int ip reset c:\resetlog.txt

Please copy resetlog.txt into your next reply to confirm that all went well.
Did that help?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#47 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 07 March 2012 - 01:23 PM

it did not improved much.
here is the log:
reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
old REG_MULTI_SZ =
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1}\NetbiosOptions
added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562}\NetbiosOptions
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A51D1B7-6B54-47EE-B541-63D032C92A52}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A51D1B7-6B54-47EE-B541-63D032C92A52}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9A51D1B7-6B54-47EE-B541-63D032C92A52}\IpAutoconfigurationSeed
reset Linkage\Bind for ms_netbt. bad value was:
REG_MULTI_SZ =
\Device\Tcpip_{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7}
\Device\Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1}
\Device\Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562}

reset Linkage\Route for ms_netbt. bad value was:
REG_MULTI_SZ =
"Tcpip" "{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7}"
"Tcpip" "NdisWanIp"

reset Linkage\Export for ms_netbt. bad value was:
REG_MULTI_SZ =
\Device\NetBT_Tcpip_{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7}
\Device\NetBT_Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1}
\Device\NetBT_Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562}

reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for USB\VID_0BB4&PID_0B30\3FBF5000-7351-0801-3561-580216701000. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for PCI\VEN_1969&DEV_1062&SUBSYS_838A1043&REV_C0\4&37028E5F&0&00E3. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for PCI\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\4&23C6FC68&0&00E1. bad value was:
REG_MULTI_SZ =
PSched

<completed>

#48 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 07 March 2012 - 01:26 PM

After reboot, check if DNS is working.

Then run Farbar again and post its log.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#49 alfileres

alfileres

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 07 March 2012 - 01:39 PM

no luck.
here is fss log:

Farbar Service Scanner Version: 01-03-2012
Ran by Jose (administrator) on 07-03-2012 at 19:36:11
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0126976 ____A (Microsoft Corporation) 2DDFB3A5679FA02366686ECB1AF622F0

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2009-05-22 05:48] - [2009-04-20 18:18] - 0045568 ____A (Microsoft Corporation) 2E6D76CAB5A402AF257A963916FE05E7

C:\WINDOWS\system32\ipnathlp.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0332288 ____A (Microsoft Corporation) 4A4EF3EE166FAD4A04B1D767AD986329

C:\WINDOWS\system32\netman.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0198144 ____A (Microsoft Corporation) A48884C9359EE9F1FC8F3F0D93FB1D95

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\srsvc.dll
[2009-05-22 03:58] - [2008-04-14 13:00] - 0171520 ____A (Microsoft Corporation) 0F30EEC6013FCF76693405EC4A7DF899

C:\WINDOWS\system32\Drivers\sr.sys
[2009-05-22 03:58] - [2008-04-14 13:00] - 0073472 ____A (Microsoft Corporation) CCB3065C3EE63A4515FE84AF9E78D1DD

C:\WINDOWS\system32\wscsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0080896 ____A (Microsoft Corporation) 8CD684FD248DFE208C2F8F5052838A81

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-22 03:57] - [2008-04-14 13:00] - 0145408 ____A (Microsoft Corporation) A5FC75CAB140CF6A78E16C3681001872

C:\WINDOWS\system32\wuauserv.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0006656 ____A (Microsoft Corporation) 0B8FC4D0F9D6964713E81AD558B50A71

C:\WINDOWS\system32\qmgr.dll
[2009-05-22 03:59] - [2008-04-14 13:00] - 0409088 ____A (Microsoft Corporation) 8EE9639C01B92490E09638CAA1B16C3C

C:\WINDOWS\system32\es.dll
[2009-05-22 05:48] - [2008-07-07 21:27] - 0253952 ____A (Microsoft Corporation) A225DD0D0489BD580781D19524A10B19

C:\WINDOWS\system32\cryptsvc.dll
[2009-05-22 05:48] - [2008-04-14 13:00] - 0062464 ____A (Microsoft Corporation) E423C9C1946C656E0E4840210A0A8681

C:\WINDOWS\system32\svchost.exe
[2009-05-22 05:48] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) 4F2340F0BD5B6365C38E74DD391919A8

C:\WINDOWS\system32\rpcss.dll
[2009-05-22 05:48] - [2009-02-09 11:52] - 0401408 ____A (Microsoft Corporation) 97869C55F562B777987100EA30AD8108

C:\WINDOWS\system32\services.exe
[2009-05-22 05:48] - [2009-02-09 12:23] - 0111104 ____A (Microsoft Corporation) 953DF7327510DF0DE048B8E80E504EF9


Extra List:
=======
fssfltr(8) Gpc(6) IPSec(5) NetBT(6) PSched(7) Tcpip(12)
0x0E0000000D0000000A0000000400000001000000020000000300000005000000060000000700000008000000090000000B0000000C0000000E000000


**** End of log ****

#50 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,037 posts

Posted 07 March 2012 - 04:44 PM

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To > Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button