Inactive 5-step V/S/M preliminary removal instructions - DDS not ending

[Broni]

That looks good.

How is computer doing anyway?

Please post new aswMBR log.

 

[juako]

The computer works, but keypad is not recognized (I have to plug an usb mouse) and the network interface does not work (neither LAN nor WLAN). So I do not really know if it is working properly.

I post the output of the aswMBR (note that I could not update from Internet, since network is not available)

aswMBR

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 23:11:08
-----------------------------
23:11:08.888 OS Version: Windows 5.1.2600 Service Pack 2
23:11:08.888 Number of processors: 1 586 0x905
23:11:08.888 ComputerName: TOSHIBA UserName: Paula
23:11:12.954 Initialize success
23:11:27.745 AVAST engine download error: 0
23:11:39.912 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:11:39.912 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3
23:11:39.932 Disk 0 MBR read successfully
23:11:39.932 Disk 0 MBR scan
23:11:39.932 Disk 0 unknown MBR code
23:11:39.932 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
23:11:39.932 Disk 0 scanning sectors +117210240
23:11:40.193 Disk 0 scanning C:\WINDOWS\system32\drivers
23:11:47.653 File: C:\WINDOWS\system32\drivers\ipsec.sys **SUSPICIOUS**
23:11:52.781 Disk 0 trace - called modules:
23:11:52.801 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xba364fc0]<<
23:11:52.801 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b44ab8]
23:11:52.811 3 CLASSPNP.SYS[f765805b] -> nt!IofCallDriver -> [0x89896a50]
23:11:53.131 \Driver\00000559[0x898a35f0] -> IRP_MJ_CREATE -> 0xba364fc0
23:11:53.131 Scan finished successfully
23:13:04.043 Disk 0 MBR has been saved successfully to "C:\Nueva carpeta\MBR.dat"
23:13:04.083 The log file has been saved successfully to "C:\Nueva carpeta\aswMBR.txt"

 

[juako]

Broni,
I am afraid I will leave home for a week. If you don´t mind, we could recover contact after that. I am sorry for the inconvenience.
Regards

 

[Broni]

Not a problem

When you have a chance...

1. Reinstall touchpad driver.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Re-run OTL.
Use the following settings:

• Click the NONE button
• Under Custom Scans/Fixes paste:

/md5start
ipsec.sys
/md5stop

• Finally hit Run Scan and wait for the log to open.
• Please post the content of the log into your next reply.

 

[Broni]

Still with me?

 

[juako]

Yes, of course, but out of home for more days than expected.
If possible, I will send the output of previous commands

 

[juako]

Ok, current outputs:

1) Reinstalled touchpad driver and worked fine.
2) Output from FSS:

FSS.TXT

Farbar Service Scanner Version: 01-03-2012
Ran by Paula (administrator) on 09-04-2012 at 22:43:20
Running from "C:\Nueva carpeta"
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2003-10-13 18:20] - [2006-05-19 15:18] - 0111616 ____A (Microsoft Corporation) 713EC3E7C42751BC10E727B07CD45FA6

C:\WINDOWS\system32\Drivers\afd.sys
[2003-10-13 18:20] - [2008-08-14 11:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 08:14] - [2004-08-04 08:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2003-10-13 18:20] - [2008-06-20 12:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2012-03-27 07:37] - [2004-08-04 08:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2003-10-13 18:20] - [2008-02-20 07:35] - 0045568 ____A (Microsoft Corporation) CBBA368D1C7E76EBC7C929D332E5F409

C:\WINDOWS\system32\ipnathlp.dll
[2004-12-22 20:40] - [2004-08-20 00:42] - 0332288 ____A (Microsoft Corporation) 0DC5698BE9BBFE9673EB80A0D65D17E5

C:\WINDOWS\system32\netman.dll
[2003-10-13 18:20] - [2005-08-22 20:34] - 0197632 ____A (Microsoft Corporation) 7BDB3A1B78A33455F3704AA12B9A0FE1

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2003-10-13 09:29] - [2004-08-20 00:42] - 0145408 ____A (Microsoft Corporation) 3E8DF5E4F0E6419801FF5F568CC8C531

C:\WINDOWS\system32\srsvc.dll
[2003-10-13 09:31] - [2004-08-20 00:42] - 0171008 ____A (Microsoft Corporation) C791D16BF25264738B14873436293BD0

C:\WINDOWS\system32\Drivers\sr.sys
[2003-10-13 09:31] - [2004-08-20 00:33] - 0073600 ____A (Microsoft Corporation) 3C151D50CF3AE1683C6E3EC201B2AD3D

C:\WINDOWS\system32\wscsvc.dll
[2004-08-20 00:42] - [2004-08-20 00:42] - 0081408 ____N (Microsoft Corporation) FA7335C49F09D764CD6E507B946CD8D1

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2003-10-13 09:29] - [2004-08-20 00:42] - 0145408 ____A (Microsoft Corporation) 3E8DF5E4F0E6419801FF5F568CC8C531

C:\WINDOWS\system32\wuauserv.dll
[2003-10-13 09:29] - [2004-08-20 00:42] - 0006656 ____A (Microsoft Corporation) EEDA22E0C570C7204724C3A30A0B1A40

C:\WINDOWS\system32\qmgr.dll
[2003-10-13 09:31] - [2004-08-20 00:42] - 0382464 ____A (Microsoft Corporation) 02451268DC47E4DC228210DA0E3C3274

C:\WINDOWS\system32\es.dll
[2004-12-22 20:41] - [2008-07-07 22:31] - 0253952 ____A (Microsoft Corporation) 5BB73A064A19A5A3531A1EC6339F5082

C:\WINDOWS\system32\cryptsvc.dll
[2003-10-13 18:20] - [2004-08-20 00:41] - 0060416 ____A (Microsoft Corporation) 149CFFBF77CC1306FC535557CF513B91

C:\WINDOWS\system32\svchost.exe
[2003-10-13 18:20] - [2004-08-20 00:43] - 0014336 ____A (Microsoft Corporation) FA03E1FC17F38FBDBA81470D08B3E416

C:\WINDOWS\system32\rpcss.dll
[2004-12-22 20:41] - [2009-02-09 12:20] - 0399360 ____A (Microsoft Corporation) 7A828726797A542BE390C054563E60BA

C:\WINDOWS\system32\services.exe
[2003-10-13 18:20] - [2009-02-09 12:08] - 0111104 ____A (Microsoft Corporation) 35A8E2160C1481D08FB97666C2127FE2


Extra List:
=======
Gpc(6) IPSec(4) irda(8) MDC8021X(10) NetBT(5) PSched(7) s24trans(9) Tcpip(3)
0x0A0000000400000001000000020000000300000005000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****


3) Output from OTL:

OTL.txt

OTL logfile created on: 09/04/2012 22:45:11 - Run 4
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Nueva carpeta
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 83,33% Memory free
2,60 Gb Paging File | 2,44 Gb Available in Paging File | 93,89% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 55,89 Gb Total Space | 19,88 Gb Free Space | 35,57% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA | User Name: Paula | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: IPSEC.SYS >
[2002/09/10 22:00:00 | 000,057,984 | ---- | M] (Microsoft Corporation) MD5=1C4802409CFD4A7051F458B744CFCAA5 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2008/04/13 21:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\ipsec.sys
[2004/08/04 08:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2004/08/04 08:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2004/08/04 08:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\drivers\ipsec.sys

< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\WINDOWS\system32\drivers\ipsec.sys|C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys /replace
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

Post new FSS log as well.

 

[juako]

OTL OUTPUT:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\WINDOWS\system32\drivers\ipsec.sys successfully replaced with C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Paula
->Temp folder emptied: 1594 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Propietario

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 3868 bytes

Total Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrador

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Paula
->Java cache emptied: 0 bytes

User: Propietario

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: Administrador

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Paula
->Flash cache emptied: 0 bytes

User: Propietario

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 04102012_001310

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


FSS LOG:

Farbar Service Scanner Version: 01-03-2012
Ran by Paula (administrator) on 10-04-2012 at 00:18:33
Running from "C:\Nueva carpeta"
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2003-10-13 18:20] - [2006-05-19 15:18] - 0111616 ____A (Microsoft Corporation) 713EC3E7C42751BC10E727B07CD45FA6

C:\WINDOWS\system32\Drivers\afd.sys
[2003-10-13 18:20] - [2008-08-14 11:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 08:14] - [2004-08-04 08:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2003-10-13 18:20] - [2008-06-20 12:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 08:14] - [2004-08-04 08:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2003-10-13 18:20] - [2008-02-20 07:35] - 0045568 ____A (Microsoft Corporation) CBBA368D1C7E76EBC7C929D332E5F409

C:\WINDOWS\system32\ipnathlp.dll
[2004-12-22 20:40] - [2004-08-20 00:42] - 0332288 ____A (Microsoft Corporation) 0DC5698BE9BBFE9673EB80A0D65D17E5

C:\WINDOWS\system32\netman.dll
[2003-10-13 18:20] - [2005-08-22 20:34] - 0197632 ____A (Microsoft Corporation) 7BDB3A1B78A33455F3704AA12B9A0FE1

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2003-10-13 09:29] - [2004-08-20 00:42] - 0145408 ____A (Microsoft Corporation) 3E8DF5E4F0E6419801FF5F568CC8C531

C:\WINDOWS\system32\srsvc.dll
[2003-10-13 09:31] - [2004-08-20 00:42] - 0171008 ____A (Microsoft Corporation) C791D16BF25264738B14873436293BD0

C:\WINDOWS\system32\Drivers\sr.sys
[2003-10-13 09:31] - [2004-08-20 00:33] - 0073600 ____A (Microsoft Corporation) 3C151D50CF3AE1683C6E3EC201B2AD3D

C:\WINDOWS\system32\wscsvc.dll
[2004-08-20 00:42] - [2004-08-20 00:42] - 0081408 ____N (Microsoft Corporation) FA7335C49F09D764CD6E507B946CD8D1

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2003-10-13 09:29] - [2004-08-20 00:42] - 0145408 ____A (Microsoft Corporation) 3E8DF5E4F0E6419801FF5F568CC8C531

C:\WINDOWS\system32\wuauserv.dll
[2003-10-13 09:29] - [2004-08-20 00:42] - 0006656 ____A (Microsoft Corporation) EEDA22E0C570C7204724C3A30A0B1A40

C:\WINDOWS\system32\qmgr.dll
[2003-10-13 09:31] - [2004-08-20 00:42] - 0382464 ____A (Microsoft Corporation) 02451268DC47E4DC228210DA0E3C3274

C:\WINDOWS\system32\es.dll
[2004-12-22 20:41] - [2008-07-07 22:31] - 0253952 ____A (Microsoft Corporation) 5BB73A064A19A5A3531A1EC6339F5082

C:\WINDOWS\system32\cryptsvc.dll
[2003-10-13 18:20] - [2004-08-20 00:41] - 0060416 ____A (Microsoft Corporation) 149CFFBF77CC1306FC535557CF513B91

C:\WINDOWS\system32\svchost.exe
[2003-10-13 18:20] - [2004-08-20 00:43] - 0014336 ____A (Microsoft Corporation) FA03E1FC17F38FBDBA81470D08B3E416

C:\WINDOWS\system32\rpcss.dll
[2004-12-22 20:41] - [2009-02-09 12:20] - 0399360 ____A (Microsoft Corporation) 7A828726797A542BE390C054563E60BA

C:\WINDOWS\system32\services.exe
[2003-10-13 18:20] - [2009-02-09 12:08] - 0111104 ____A (Microsoft Corporation) 35A8E2160C1481D08FB97666C2127FE2


Extra List:
=======
Gpc(6) IPSec(4) irda(8) MDC8021X(10) NetBT(5) PSched(7) s24trans(9) Tcpip(3)
0x0A0000000400000001000000020000000300000005000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

 

[juako]

It seems that the replacement did not work. I just re-run OTL with the md5start / md5stop command, and the output is the same as before (this seems not dangerous, that´s why I re-run it again)

OTL logfile created on: 10/04/2012 0:24:55 - Run 5
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Nueva carpeta
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 83,67% Memory free
2,60 Gb Paging File | 2,44 Gb Available in Paging File | 93,71% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 55,89 Gb Total Space | 19,88 Gb Free Space | 35,57% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA | User Name: Paula | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: IPSEC.SYS >
[2002/09/10 22:00:00 | 000,057,984 | ---- | M] (Microsoft Corporation) MD5=1C4802409CFD4A7051F458B744CFCAA5 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2008/04/13 21:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\ipsec.sys
[2004/08/04 08:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2004/08/04 08:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2004/08/04 08:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\drivers\ipsec.sys

< End of report >

 

[Broni]

It's strange as FSS shows different MD5 number for that file than OTL.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\system32\drivers\ipsec.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

 

[juako]

This is the output from virustotal:

SHA256:
5a6c11317def14b8c34a8c669eb75f7a8d46f05090c43d3dff602cfa13cc504e

File name:
ipsec.sys

Detection ratio:
0 / 42

Analysis date:
2012-04-10 20:53:08 UTC ( 1 minute ago )

Reputation (-100;100): 0

Antivirus Result Update

AhnLab-V3 - 20120410
AntiVir - 20120410
Antiy-AVL - 20120410
Avast - 20120410
AVG - 20120410
BitDefender - 20120410
ByteHero - 20120407
CAT-QuickHeal - 20120410
ClamAV - 20120410
Commtouch - 20120410
Comodo - 20120410
DrWeb - 20120410
Emsisoft - 20120410
eSafe - 20120408
eTrust-Vet - 20120410
F-Prot - 20120410
F-Secure - 20120410
Fortinet - 20120410
GData - 20120410
Ikarus - 20120410
Jiangmin - 20120410
K7AntiVirus - 20120410
Kaspersky - 20120410
McAfee - 20120410
McAfee-GW-Edition - 20120410
Microsoft - 20120410
NOD32 - 20120410
Norman - 20120410
nProtect - 20120410
Panda - 20120410
PCTools - 20120410
Rising - 20120410
Sophos - 20120410
SUPERAntiSpyware - 20120402
Symantec - 20120410
TheHacker - 20120410
TrendMicro -20120410
TrendMicro-HouseCall - 20120410
VBA32 - 20120410
VIPRE - 20120410
ViRobot -20120410
VirusBuster - 20120410

 

[juako]

... in the tag of "additional information":

ssdeep
1536:VyJhQBUdcFrTxXfxR0mGy3dk9duRMsq6nm:U6lFfxRjGnsq6nm


TrID
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)


ExifTool
UninitializedDataSize....: 0
InitializedDataSize......: 7040
ImageVersion.............: 5.1
ProductName..............: Microsoft Windows Operating System
FileVersionNumber........: 5.1.2600.2180
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
FileDescription..........: IPSec Driver
CharacterSet.............: Unicode
LinkerVersion............: 7.1
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Native
FileVersion..............: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
TimeStamp................: 2004:08:04 08:14:27+02:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: ipsec.sys
ProductVersion...........: 5.1.2600.2180
SubsystemVersion.........: 5.1
OSVersion................: 5.1
OriginalFilename.........: ipsec.sys
LegalCopyright...........: Microsoft Corporation. All rights reserved.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Microsoft Corporation
CodeSize.................: 66944
FileSubtype..............: 6
ProductVersionNumber.....: 5.1.2600.2180
EntryPoint...............: 0x10885
ObjectFileType...........: Driver


Sigcheck
publisher................: Microsoft Corporation
product..................: Microsoft_ Windows_ Operating System
internal name............: ipsec.sys
copyright................: (c) Microsoft Corporation. All rights reserved.
original name............: ipsec.sys
file version.............: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
description..............: IPSec Driver

Portable Executable structural information
Compilation timedatestamp.....: 2004-08-04 06:14:27
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x00010885

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 768 62366 62464 6.56 a8129632e6596c2e3284f410e619883f
.rdata 63232 348 384 3.33 a3b00e07e4508cbc415521a71272a1f2
.data 63616 2468 2560 0.77 b1d679b023fcfa065ffa4e6574522bd3
PAGE 66176 1469 1536 5.98 d2b85d1c455845723892827bf1e09ccd
INIT 67712 2848 2944 6.02 0e7946041f9a278227e64f0722f9d3e4
.rsrc 70656 992 1024 3.34 251d5aae0d07f2d208aca0c7df48e4a5
.reloc 71680 2948 3072 6.63 f2ecdfbea38d065b96d073bf86662630

PE Imports....................:

HAL.dll
KfAcquireSpinLock, KfLowerIrql, KfReleaseSpinLock

NDIS.SYS
NdisInitializeTimer, NdisSetTimer, NdisCancelTimer, NdisWriteEventLogEntry

ntoskrnl.exe
KeWaitForSingleObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, IoGetDeviceObjectPointer, IofCompleteRequest, KeQuerySystemTime, RtlExtendedIntegerMultiply, ZwClose, MmIsThisAnNtAsSystem, ExInitializeNPagedLookasideList, IoDeleteDevice, IoDeleteSymbolicLink, KeDelayExecutionThread, IoAcquireCancelSpinLock, IoCreateSymbolicLink, IoCreateDevice, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, ObfDereferenceObject, RtlAnsiStringToUnicodeString, RtlIntegerToUnicodeString, IoReleaseCancelSpinLock, KeTickCount, KeBugCheckEx, wcslen, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, MmBuildMdlForNonPagedPool, MmSizeOfMdl, ExDeleteNPagedLookasideList, KeInitializeSpinLock, ExAllocatePoolWithTag, ExFreePoolWithTag, ZwQueryValueKey, RtlInitUnicodeString, ZwOpenKey, InterlockedPushEntrySList, ExQueueWorkItem, _allshl, MmMapLockedPagesSpecifyCache, ExInitializeResourceLite, ExDeleteResourceLite, ZwDeviceIoControlFile, ZwLoadDriver, ZwCreateFile, RtlSplay, RtlDelete, KeCancelTimer, _alldiv, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, KeQueryTimeIncrement, memmove, ExInterlockedAddLargeStatistic, InterlockedPopEntrySList



Symantec Reputation
Suspicious.Insight



First seen by VirusTotal
2009-02-22 05:45:16 UTC ( 3 years, 1 month ago )



Last seen by VirusTotal
2012-04-10 20:53:08 UTC ( 9 minutes ago )

 

[Broni]

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:

Make sure "DNS" tab looks like this:

Make sure "WINS" tab looks like this:

8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.


If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.


If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.

 

[juako]

before doing everything, let me tell you what happens.
I am working wiht a wireless connection. When I connect to the router, it never finishes "getting network address". It stands there for ever. Before doing some of the clearances you told me days ago, it did work, so it is not a problem of the router, password, etc. Another computer works ok, so it proves network is ok.

Everything is ok until

ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew

it says that "RPC server is not available". I checkd RPC service in services, but it seems to be up and running:

c:\windows\System32\svchost.exe -k rpcss

When doing the following command:

netsh int ip reset reset.log

... I get an error wirndow saying (translated from Spanish, maybe in English is different):

Entry point not found for procedure MigrateWinsockConfiguration in the dinamyc link library MSWSOCK.dll

Before following with the other options, I wanted you to know this.
If ok, i will do the other fixings.

 

[Broni]

Go on with other tries.

 

[juako]

WinSockFix did run but after reboot nothing changed, same problems.
Then I ran Dial-A-Fix:
- First of all, it said that it was not able to identify internet explorer version. In any case, I continued
- After a while, when "Registering iepeers.dll", it stoped and showed an error:

Error 127: c:\WINDOWS\system32\iesetup.dll is not registrable or the file is corrupted. your version of iesetup.dll is: 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file

click ok and then:

Error 127: c:\WINDOWS\system32\iesetup.dll is not DLLInstall-ableor the file is corrupted. your version of iesetup.dll is: 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file

click ok and then, when "Registering ils.dll":

Error 127: c:\WINDOWS\system32\imgutil.dll is not registrable or the file is corrupted. your version of imgutil.dll is: 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file

click ok and then, when "Registering inetcomm.dll":

Error 127: c:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. your version of inseng.dll is: 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file

click ok and then:

Error 127: c:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. your version of inseng.dll is: 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file

click ok and then, when "Registering mscoree.dll":

Error 127: c:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. your version of mshtml.dll is: 8.00.6001.18928. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file

click ok and then:

Error 127: c:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. your version of mshtml.dll is: 8.00.6001.18928. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file

click ok and then, when "Registering msr2c.dll":

Error 127: c:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. your version of msrating.dll is: 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file

click ok and then, when "Registering ntmssvc.dll":

Error 127: c:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. your version of occache.dll is: 8.00.6001.18923. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file

click ok and then:

Error 127: c:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. your version of occache.dll is: 8.00.6001.18923. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file

click ok and then, when "Registering photowiz.dll":

Error 127: c:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. your version of pngfilt.dll is: 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file

click ok and then, when "Registering userenv.dll":

Error 127: c:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. your version of webcheck.dll is: 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file

click ok and then:

Error 127: c:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. your version of webcheck.dll is: 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file

Then finished with a status message of READY.
I clicked the HammerHead at bottom to go to the second DAF page.

Here, one at a time, I did the below as you said:

Reinstall BITS

It started and after a while it stoped saying that installation program could not copy file qmgr.dll It was trying to find it at c:\windows\ServicePackFiles\i386, and it is there!!
I retryed but same error.
I put windows installation disk, but suddenly noticed DVD did not detected any disk I put (nor this one either any other). So I copied QMGR.DL_ and QMGR.IN_ from Windows installation cd in another computer to a pen drive and put into infected computer and tryed again choosing that drive unit, but same error raised with same file
It did ask if I wanted to go on with the installation program without that file, said Yes.

Same happened again with file qmgrprxy..dl_ It did try to locate at same place (c:\windows\ServicePackFiles\i386), but this time it was not that file there, but the same with complete extension, qmgrprx.dll. However, this time it does not allow to select it, it just ignores any action when looking for a file and choosing it (no action is taken)
I copied that file in a pen drive from a cd, as before, and the same error, not being able to copy that file, raised.

Same happened with bitsprx2.dll (not tryied to copy from cd this time)
Same happened with bitsprx3.dll (not tryied to copy from cd this time)


Reinstall Windows Firewall

when run, it showed an error from netsh.exe saying (translated from Spanish, maybe in English is different):

Entry point not found for procedure MigrateWinsockConfiguration in the dinamyc link library MSWSOCK.dll

Press ok and finished.


Repair Permissions

It did analyze permissions differences (part 1/2) Log in c\windows\setupapi.log which is:

[2012/04/14 00:52:29 3680.1]
#-198 Línea de comando procesada: "C:\WINDOWS\system32\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 qmgr.inf
#-011 Instalando sección [DefaultInstall] desde "qmgr.inf".
#-175 SPFILENOTIFY_COPYERROR: Origen = "c:\windows\ServicePackFiles\i386\qmgr.dll", destino = "C:\WINDOWS\system32\qmgr.dll", indicadores = 0x00000000, Error = 0x000004b8.
#W178 SPFILENOTIFY_COPYERROR: ha devuelto 1 (es FILEOP_NEWPATH o se trata como tal) búfer_devolución="E:".
#-175 SPFILENOTIFY_COPYERROR: Origen = "E:\qmgr.dll", destino = "C:\WINDOWS\system32\qmgr.dll", indicadores = 0x00000000, Error = 0x000004b8.
#W178 SPFILENOTIFY_COPYERROR: ha devuelto 1 (es FILEOP_NEWPATH o se trata como tal) búfer_devolución="C:\WINDOWS\SYSTEM32".
#-175 SPFILENOTIFY_COPYERROR: Origen = "C:\WINDOWS\SYSTEM32\qmgr.dll", destino = "C:\WINDOWS\system32\qmgr.dll", indicadores = 0x00000000, Error = 0x000004b8.
#W178 SPFILENOTIFY_COPYERROR: ha devuelto 1 (es FILEOP_NEWPATH o se trata como tal) búfer_devolución="E:".
#-175 SPFILENOTIFY_COPYERROR: Origen = "E:\qmgr.dll", destino = "C:\WINDOWS\system32\qmgr.dll", indicadores = 0x00000000, Error = 0x000004b8.
#W177 SPFILENOTIFY_COPYERROR: ha devuelto FILEOP_SKIP.
#-175 SPFILENOTIFY_COPYERROR: Origen = "E:\qmgrprxy.dl_", destino = "C:\WINDOWS\system32\qmgrprxy.dll", indicadores = 0x00000000, Error = 0x000004b8.
#W177 SPFILENOTIFY_COPYERROR: ha devuelto FILEOP_SKIP.
#-175 SPFILENOTIFY_COPYERROR: Origen = "E:\bitsprx2.dll", destino = "C:\WINDOWS\system32\bitsprx2.dll", indicadores = 0x00000000, Error = 0x00000002.
#W178 SPFILENOTIFY_COPYERROR: ha devuelto 1 (es FILEOP_NEWPATH o se trata como tal) búfer_devolución="C:\WINDOWS\ServicePackFiles\i386".
#-175 SPFILENOTIFY_COPYERROR: Origen = "C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll", destino = "C:\WINDOWS\system32\bitsprx2.dll", indicadores = 0x00000000, Error = 0x000004b8.
#W177 SPFILENOTIFY_COPYERROR: ha devuelto FILEOP_SKIP.
#-175 SPFILENOTIFY_COPYERROR: Origen = "C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll", destino = "C:\WINDOWS\system32\bitsprx3.dll", indicadores = 0x00000000, Error = 0x000004b8.
#W177 SPFILENOTIFY_COPYERROR: ha devuelto FILEOP_SKIP.
[2012/04/14 01:24:55 3076.1]
#-198 Línea de comando procesada: "C:\WINDOWS\system32\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection Ndi-Steelhead 132 netrass.inf
#-011 Instalando sección [Ndi-Steelhead] desde "netrass.inf".
#E047 Estableciendo la clave/valor de Registro: no hay raíz especificada.
#E065 Error al analizar la sección AddReg [Ndi-Reg-Steelhead] en "C:\WINDOWS\INF\netrass.inf". Error 1010: La clave del Registro de configuraciones no es válida.
#E064 Error al analizar la sección de instalación [Ndi-Steelhead] en "C:\WINDOWS\INF\netrass.inf". Error 1010: La clave del Registro de configuraciones no es válida.
#-035 Procesar servicio Agregar/borrar sección [Ndi-Steelhead.Services].
#-006 Estableciendo seguridad en la clave HKLM\System\CurrentControlSet\Services\RemoteAccess a "D(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GR;;;NS)(A;CI;GR;;;LS)(A;CI;GR;;;NO)"
#E033 Error 1208: Error extendido.

It did applying changes. Logs in c\windows\security\logs:

scecomp.log:

04/14/2012 00:52:32 Error=1208 Update File
C:\WINDOWS\system32\qmgr.dll
Security=D(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)
04/14/2012 00:52:48 Error=1208 Update File
C:\WINDOWS\system32\qmgr.dll
Security=D(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)
04/14/2012 00:58:31 Error=1208 Update File
C:\WINDOWS\system32\qmgr.dll
Security=D(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)
04/14/2012 01:08:27 Error=1208 Update File
C:\WINDOWS\system32\qmgr.dll
Security=D(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)
04/14/2012 01:13:11 Error=1208 Update File
C:\WINDOWS\system32\qmgr.dll
Security=D(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)
04/14/2012 01:13:28 Error=1208 Update File
C:\WINDOWS\system32\qmgr.dll
Security=D(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)
04/14/2012 01:13:35 Error=1208 Update File
C:\WINDOWS\system32\qmgr.dll
Security=D(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)
04/14/2012 01:16:29 Error=1208 Update File
C:\WINDOWS\system32\qmgrprxy.dll
Security=D(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)
04/14/2012 01:18:12 Error=1208 Update File
C:\WINDOWS\system32\qmgrprxy.dll
Security=D(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)
04/14/2012 01:21:57 Error=1208 Update File
C:\WINDOWS\system32\qmgrprxy.dll
Security=D(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)
04/14/2012 01:23:07 Error=1208 Update File
C:\WINDOWS\system32\bitsprx2.dll
Security=D(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)
04/14/2012 01:23:16 Error=1208 Update File
C:\WINDOWS\system32\bitsprx3.dll
Security=D(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)
04/14/2012 01:23:46 Error=1208 Update File
C:\WINDOWS\system32\bitsprx3.dll
Security=D(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)
04/14/2012 01:24:56 Error=1208 Update Key
MACHINE\System\CurrentControlSet\Services\RemoteAccess
Security=D(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GR;;;NS)(A;CI;GR;;;LS)(A;CI;GR;;;NO)

secanalyze.log
too big to post it here (>1,7 MB)

secrepair.log
Too big (22K)

Reset networking

when run, it showed an error from netsh.exe saying (translated from Spanish, maybe in English is different):

Entry point not found for procedure MigrateWinsockConfiguration in the dinamyc link library MSWSOCK.dll

Press ok several times to the same message and finished, saying it would leave a log in C:\DAF-interface-resetlog.txt, but that file does no exists there.

And the program finished.

Full log from Dial-a-fix:

0:00:03 | Dial-a-fix was unable to determine your version of Internet Explorer
Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 2
IE version: 8.0.6001.18702
MPC: 55686-OEM
CPU: Intel(R) Pentium(R) M processor 1700MHz (~1700MHz)
BIOS: 06/06/2005
Memory (approx): 2046MB
Uptime: 0 hour(s)
Current directory: C:\Nueva carpeta\dialafix\Dial-a-fix-v0.60.0.24
---

14/04/2012 0:00:03 -- Dial-a-fix : [v0.60.0.24] -- started
0:00:03 | Policy scan started
0:00:03 | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
0:00:50 | Deleting C:\Documents and Settings\Paula\Configuración local\Temp...
0:00:50 | C:\Documents and Settings\Paula\Configuración local\Temp could not be completely emptied, please reboot and try again
0:00:50 | Deleting C:\WINDOWS\temp...
0:00:50 | C:\WINDOWS\temp could not be completely emptied, please reboot and try again
0:00:50 | Deleting C:\DOCUME~1\Paula\CONFIG~1\Temp...
0:00:50 | Re-created directory C:\DOCUME~1\Paula\CONFIG~1\Temp
--- MSI ---
0:01:04 | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
0:01:10 | Unregistered: C:\WINDOWS\system32\msxml.dll
0:01:10 | Registered: C:\WINDOWS\system32\msxml.dll
0:01:10 | Unregistered: C:\WINDOWS\system32\msxml2.dll
0:01:10 | Registered: C:\WINDOWS\system32\msxml2.dll
0:01:11 | Unregistered: C:\WINDOWS\system32\msxml3.dll
0:01:12 | Registered: C:\WINDOWS\system32\msxml3.dll
0:01:12 | Unregistered: C:\WINDOWS\system32\msxml4.dll
0:01:12 | Registered: C:\WINDOWS\system32\msxml4.dll
0:01:12 | Unregistered: C:\WINDOWS\system32\qmgr.dll
0:01:13 | Registered: C:\WINDOWS\system32\qmgr.dll
0:01:13 | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
0:01:13 | Registered: C:\WINDOWS\system32\qmgrprxy.dll
0:01:13 | Unregistered: C:\WINDOWS\system32\muweb.dll
0:01:13 | Registered: C:\WINDOWS\system32\muweb.dll
0:01:13 | Unregistered: C:\WINDOWS\system32\winhttp.dll
0:01:13 | Registered: C:\WINDOWS\system32\winhttp.dll
0:01:13 | Registered: C:\WINDOWS\system32\wuapi.dll
0:01:13 | Unregistered: C:\WINDOWS\system32\wuaueng.dll
0:01:15 | Registered: C:\WINDOWS\system32\wuaueng.dll
0:01:15 | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
0:01:15 | Registered: C:\WINDOWS\system32\wuaueng1.dll
0:01:15 | Unregistered: C:\WINDOWS\system32\wucltui.dll
0:01:15 | Registered: C:\WINDOWS\system32\wucltui.dll
0:01:15 | Unregistered: C:\WINDOWS\system32\wups.dll
0:01:15 | Registered: C:\WINDOWS\system32\wups.dll
0:01:15 | Unregistered: C:\WINDOWS\system32\wups2.dll
0:01:15 | Registered: C:\WINDOWS\system32\wups2.dll
0:01:15 | Unregistered: C:\WINDOWS\system32\wuweb.dll
0:01:15 | Registered: C:\WINDOWS\system32\wuweb.dll
0:01:15 | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
0:01:24 | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
0:01:29 | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
0:01:29 | Registered: C:\WINDOWS\system32\cryptdlg.dll
0:01:29 | Unregistered: C:\WINDOWS\system32\cryptui.dll
0:01:29 | Registered: C:\WINDOWS\system32\cryptui.dll
0:01:29 | Unregistered: C:\WINDOWS\system32\cryptext.dll
0:01:29 | Registered: C:\WINDOWS\system32\cryptext.dll
0:01:29 | Unregistered: C:\WINDOWS\system32\dssenh.dll
0:01:29 | Registered: C:\WINDOWS\system32\dssenh.dll
0:01:29 | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
0:01:29 | Registered: C:\WINDOWS\system32\gpkcsp.dll
0:01:29 | Unregistered: C:\WINDOWS\system32\initpki.dll
0:02:52 | Registered: C:\WINDOWS\system32\initpki.dll
0:02:52 | Unregistered: C:\WINDOWS\system32\licdll.dll
0:02:52 | Registered: C:\WINDOWS\system32\licdll.dll
0:02:52 | Unregistered: C:\WINDOWS\system32\mssign32.dll
0:02:52 | Registered: C:\WINDOWS\system32\mssign32.dll
0:02:52 | Unregistered: C:\WINDOWS\system32\mssip32.dll
0:02:52 | Registered: C:\WINDOWS\system32\mssip32.dll
0:02:53 | Unregistered: C:\WINDOWS\system32\scardssp.dll
0:02:53 | Registered: C:\WINDOWS\system32\scardssp.dll
0:02:53 | Unregistered: C:\WINDOWS\system32\sccbase.dll
0:02:53 | Registered: C:\WINDOWS\system32\sccbase.dll
0:02:53 | Unregistered: C:\WINDOWS\system32\scecli.dll
0:02:53 | Registered: C:\WINDOWS\system32\scecli.dll
0:02:53 | Unregistered: C:\WINDOWS\system32\softpub.dll
0:02:53 | Registered: C:\WINDOWS\system32\softpub.dll
0:02:53 | Unregistered: C:\WINDOWS\system32\slbcsp.dll
0:02:53 | Registered: C:\WINDOWS\system32\slbcsp.dll
0:02:54 | Unregistered: C:\WINDOWS\system32\regwizc.dll
0:02:54 | Registered: C:\WINDOWS\system32\regwizc.dll
0:02:54 | Unregistered: C:\WINDOWS\system32\rsaenh.dll
0:02:54 | Registered: C:\WINDOWS\system32\rsaenh.dll
0:02:54 | Unregistered: C:\WINDOWS\system32\winhttp.dll
0:02:54 | Registered: C:\WINDOWS\system32\winhttp.dll
0:02:54 | Unregistered: C:\WINDOWS\system32\wintrust.dll
0:02:54 | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
0:02:55 | Registered: C:\WINDOWS\system32\acelpdec.ax
0:02:55 | Registered: C:\WINDOWS\system32\actxprxy.dll
0:02:55 | Registered: C:\WINDOWS\system32\asctrls.ocx
0:02:55 | Registered: C:\WINDOWS\system32\daxctle.ocx
0:02:55 | Registered: C:\WINDOWS\system32\hhctrl.ocx
0:02:55 | Registered: C:\WINDOWS\system32\l3codecx.ax
0:02:55 | Registered: C:\WINDOWS\system32\licmgr10.dll
0:02:55 | Registered: C:\WINDOWS\system32\mpg4ds32.ax
0:02:58 | Registered: C:\WINDOWS\system32\msdxm.ocx
0:02:58 | Registered: C:\WINDOWS\system32\proctexe.ocx
0:02:58 | Registered: C:\WINDOWS\system32\tdc.ocx
0:02:58 | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
0:02:58 | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
0:02:59 | DllInstalled: C:\WINDOWS\system32\appwiz.cpl
0:02:59 | Registered: C:\WINDOWS\system32\appwiz.cpl
0:02:59 | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
0:02:59 | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
0:02:59 | Registered: C:\WINDOWS\system32\quartz.dll
0:03:00 | Registered: C:\WINDOWS\system32\danim.dll
0:03:00 | Registered: C:\WINDOWS\system32\dmscript.dll
0:03:00 | Registered: C:\WINDOWS\system32\dmstyle.dll
0:03:00 | Registered: C:\WINDOWS\system32\dxmasf.dll
0:03:00 | Registered: C:\WINDOWS\system32\dxtmsft.dll
0:03:00 | Registered: C:\WINDOWS\system32\dxtrans.dll
0:03:00 | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
0:03:00 | Registered: C:\WINDOWS\system32\atl.dll
0:03:00 | Registered: C:\WINDOWS\system32\corpol.dll
0:03:00 | Registered: C:\WINDOWS\system32\jscript.dll
0:03:00 | Registered: C:\WINDOWS\system32\dispex.dll
0:03:00 | Registered: C:\WINDOWS\system32\scrrun.dll
0:03:00 | Registered: C:\WINDOWS\system32\scrobj.dll
0:03:01 | Registered: C:\WINDOWS\system32\vbscript.dll
0:03:01 | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
0:03:01 | Registered: C:\WINDOWS\system32\activeds.dll
0:03:01 | Registered: C:\WINDOWS\system32\audiodev.dll
0:03:01 | DllInstalled: C:\WINDOWS\system32\browseui.dll
0:03:01 | Registered: C:\WINDOWS\system32\browseui.dll
0:03:01 | Registered: C:\WINDOWS\system32\browsewm.dll
0:03:01 | Registered: C:\WINDOWS\system32\cabview.dll
0:03:02 | Registered: C:\WINDOWS\system32\cdfview.dll
0:03:02 | Registered: C:\WINDOWS\system32\clbcatex.dll
0:03:02 | Registered: C:\WINDOWS\system32\clbcatq.dll
0:03:02 | Registered: C:\WINDOWS\system32\comcat.dll
0:03:02 | Registered: C:\WINDOWS\system32\cscui.dll
0:03:02 | Registered: C:\WINDOWS\system32\credui.dll
0:03:02 | Registered: C:\WINDOWS\system32\datime.dll
0:03:02 | Registered: C:\WINDOWS\system32\devmgr.dll
0:03:02 | Registered: C:\WINDOWS\system32\dfsshlex.dll
0:03:02 | Registered: C:\WINDOWS\system32\dmdlgs.dll
0:03:02 | Registered: C:\WINDOWS\system32\dmdskmgr.dll
0:03:02 | Registered: C:\WINDOWS\system32\dmloader.dll
0:03:02 | Registered: C:\WINDOWS\system32\dmocx.dll
0:03:02 | Registered: C:\WINDOWS\system32\dmview.ocx
0:03:02 | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
0:03:02 | Registered: C:\WINDOWS\system32\dsuiext.dll
0:03:02 | DllInstalled: C:\WINDOWS\system32\dsquery.dll
0:03:02 | Registered: C:\WINDOWS\system32\dsquery.dll
0:03:03 | Registered: C:\WINDOWS\system32\dskquoui.dll
0:03:03 | Registered: C:\WINDOWS\system32\els.dll
0:03:03 | Registered: C:\WINDOWS\system32\es.dll
0:03:03 | Registered: C:\WINDOWS\system32\fontext.dll
0:03:03 | Registered: C:\WINDOWS\system32\hlink.dll
0:03:04 | Registered: C:\WINDOWS\system32\hnetcfg.dll
0:03:04 | Registered: C:\WINDOWS\system32\iedkcs32.dll
0:03:04 | Registered: C:\WINDOWS\system32\iepeers.dll
0:03:04 | Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
0:30:38 | Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
0:32:43 | Registered: C:\WINDOWS\system32\ils.dll
0:32:43 | Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
0:35:05 | Registered: C:\WINDOWS\system32\inetcfg.dll
0:35:05 | Registered: C:\WINDOWS\system32\inetcomm.dll
0:35:05 | Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
0:36:59 | Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
0:38:04 | Registered: C:\WINDOWS\system32\laprxy.dll
0:38:04 | Registered: C:\WINDOWS\system32\lmrt.dll
0:38:04 | Registered: C:\WINDOWS\system32\mlang.dll
0:38:05 | Registered: C:\WINDOWS\system32\mmcndmgr.dll
0:38:05 | Registered: C:\WINDOWS\system32\mmcshext.dll
0:38:05 | Registered: C:\WINDOWS\system32\mscoree.dll
0:38:05 | Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.18928
0:40:00 | Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18928
0:40:48 | Registered: C:\WINDOWS\system32\mshtmled.dll
0:40:48 | Registered: C:\WINDOWS\system32\msieftp.dll
0:40:48 | Registered: C:\WINDOWS\system32\msoeacct.dll
0:40:48 | Registered: C:\WINDOWS\system32\msr2c.dll
0:40:48 | Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
0:43:18 | DllInstalled: C:\WINDOWS\system32\mydocs.dll
0:43:18 | Registered: C:\WINDOWS\system32\mydocs.dll
0:43:18 | Registered: C:\WINDOWS\system32\mstime.dll
0:43:18 | Registered: C:\WINDOWS\system32\netcfgx.dll
0:43:18 | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
0:43:18 | Registered: C:\WINDOWS\system32\netplwiz.dll
0:43:18 | Registered: C:\WINDOWS\system32\netman.dll
0:43:18 | Registered: C:\WINDOWS\system32\netshell.dll
0:43:18 | Registered: C:\WINDOWS\system32\ntmsevt.dll
0:43:18 | Registered: C:\WINDOWS\system32\ntmsmgr.dll
0:43:19 | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
0:43:19 | Registered: C:\WINDOWS\system32\ntmssvc.dll
0:43:19 | Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.18923
0:44:48 | Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18923
0:45:39 | Registered: C:\WINDOWS\system32\ole32.dll
0:45:39 | Registered: C:\WINDOWS\system32\oleaut32.dll
0:45:39 | Registered: C:\WINDOWS\system32\oleacc.dll
0:45:39 | Registered: C:\WINDOWS\system32\olepro32.dll
0:45:39 | DllInstalled: C:\WINDOWS\system32\photowiz.dll
0:45:39 | Registered: C:\WINDOWS\system32\photowiz.dll
0:45:39 | Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
0:46:44 | Registered: C:\WINDOWS\system32\remotepg.dll
0:46:44 | Registered: C:\WINDOWS\system32\rpcrt4.dll
0:46:44 | Registered: C:\WINDOWS\system32\rshx32.dll
0:46:44 | Registered: C:\WINDOWS\system32\sendmail.dll
0:46:44 | Registered: C:\WINDOWS\system32\slayerxp.dll
0:46:46 | DllInstalled: C:\WINDOWS\system32\shdocvw.dll
0:46:46 | Registered: C:\WINDOWS\system32\shdocvw.dll
0:46:46 | Registered: C:\WINDOWS\system32\shell32.dll
0:46:49 | DllInstalled: C:\WINDOWS\system32\shell32.dll
0:46:49 | Registered: C:\WINDOWS\system32\shmedia.dll
0:46:49 | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
0:46:50 | Registered: C:\WINDOWS\system32\shimgvw.dll
0:46:50 | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
0:46:50 | Registered: C:\WINDOWS\system32\shsvcs.dll
0:46:50 | Registered: C:\WINDOWS\system32\srclient.dll
0:46:50 | Unregistered: C:\WINDOWS\system32\stobject.dll
0:46:50 | Registered: C:\WINDOWS\system32\stobject.dll
0:46:51 | DllInstalled: C:\WINDOWS\system32\themeui.dll
0:46:51 | Registered: C:\WINDOWS\system32\themeui.dll
0:46:51 | Registered: C:\WINDOWS\system32\twext.dll
0:46:52 | DllInstalled: C:\WINDOWS\system32\urlmon.dll
0:46:52 | Registered: C:\WINDOWS\system32\urlmon.dll
0:46:52 | Registered: C:\WINDOWS\system32\userenv.dll
0:46:52 | Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
0:48:22 | Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
0:49:01 | Registered: C:\WINDOWS\system32\webvw.dll
0:49:01 | Registered: C:\WINDOWS\system32\winhttp.dll
0:49:01 | DllInstalled: C:\WINDOWS\system32\wininet.dll
0:49:01 | Registered: C:\WINDOWS\system32\zipfldr.dll
0:49:01 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msdadc.dll
0:49:01 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msdaenum.dll
0:49:01 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msdaer.dll
0:49:01 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msdaipp.dll
0:49:01 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msdaora.dll
0:49:01 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msdaosp.dll
0:49:02 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msdaps.dll
0:49:02 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msdasc.dll
0:49:02 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msdasql.dll
0:49:02 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msdatt.dll
0:49:02 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msdaurl.dll
0:49:02 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msdmeng.dll
0:49:02 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msdmine.dll
0:49:03 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msmdcb80.dll
0:49:03 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msmdgd80.dll
0:49:04 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msolap80.dll
0:49:04 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msolui80.dll
0:49:04 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\msxactps.dll
0:49:04 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\oledb32.dll
0:49:04 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\oledb32r.dll
0:49:04 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\sqloledb.dll
0:49:04 | Registered: C:\Archivos de programa\Archivos comunes\system\Ole DB\sqlxmlx.dll
--- Reinstall Windows Firewall ---
--- Repair permissions ---
--- Network interface reset ---

 

[Broni]

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
• Report FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Devices (do NOT change any settings)
• List Users, Partitions and Memory size

Click Go and post the result.

 

[juako]

After computer reset, it seems to connect to network, but ie does not connect to any url, ipconfig shows an error saying "request not compatible" and after "additional information: hostname not found".

I ran the commands:

netsh int ip reset reset.log
output file reset.log:

reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
old REG_MULTI_SZ =
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{1749DEFD-51A2-4256-9799-461378B7CD16}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{1749DEFD-51A2-4256-9799-461378B7CD16}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{2E835C21-7FA3-459B-819A-5D6A2224BE41}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{2E835C21-7FA3-459B-819A-5D6A2224BE41}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{419A0822-CA48-42E4-B0DE-8A9E17947D05}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{419A0822-CA48-42E4-B0DE-8A9E17947D05}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{9E32FD5C-E4B0-4839-A074-899CAD35089D}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{9E32FD5C-E4B0-4839-A074-899CAD35089D}\NetbiosOptions
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{09A4A5A7-FC01-4C9E-8E94-F381F2B1E778}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{09A4A5A7-FC01-4C9E-8E94-F381F2B1E778}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{09A4A5A7-FC01-4C9E-8E94-F381F2B1E778}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{09A4A5A7-FC01-4C9E-8E94-F381F2B1E778}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{09A4A5A7-FC01-4C9E-8E94-F381F2B1E778}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2E835C21-7FA3-459B-819A-5D6A2224BE41}\NameServer
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40B182AB-F389-476B-8A78-A378EE293901}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40B182AB-F389-476B-8A78-A378EE293901}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40B182AB-F389-476B-8A78-A378EE293901}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40B182AB-F389-476B-8A78-A378EE293901}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40B182AB-F389-476B-8A78-A378EE293901}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40B182AB-F389-476B-8A78-A378EE293901}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40B182AB-F389-476B-8A78-A378EE293901}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{419A0822-CA48-42E4-B0DE-8A9E17947D05}\NameServer
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56AACEB6-456D-4B3F-B04F-CC50DC87329F}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56AACEB6-456D-4B3F-B04F-CC50DC87329F}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56AACEB6-456D-4B3F-B04F-CC50DC87329F}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56AACEB6-456D-4B3F-B04F-CC50DC87329F}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56AACEB6-456D-4B3F-B04F-CC50DC87329F}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpWindowSize
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
reset Linkage\Bind for ms_netbt. bad value was:
REG_MULTI_SZ =
\Device\Tcpip_{40B182AB-F389-476B-8A78-A378EE293901}
\Device\Tcpip_{56AACEB6-456D-4B3F-B04F-CC50DC87329F}
\Device\Tcpip_{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}
\Device\Tcpip_{09A4A5A7-FC01-4C9E-8E94-F381F2B1E778}
\Device\Tcpip_{1749DEFD-51A2-4256-9799-461378B7CD16}
\Device\Tcpip_{2E835C21-7FA3-459B-819A-5D6A2224BE41}
\Device\Tcpip_{9E32FD5C-E4B0-4839-A074-899CAD35089D}
\Device\Tcpip_{419A0822-CA48-42E4-B0DE-8A9E17947D05}

reset Linkage\Route for ms_netbt. bad value was:
REG_MULTI_SZ =
"Tcpip" "{40B182AB-F389-476B-8A78-A378EE293901}"
"Tcpip" "{56AACEB6-456D-4B3F-B04F-CC50DC87329F}"
"Tcpip" "{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}"
"Tcpip" "{09A4A5A7-FC01-4C9E-8E94-F381F2B1E778}"
"Tcpip" "NdisWanIp"

reset Linkage\Export for ms_netbt. bad value was:
REG_MULTI_SZ =
\Device\NetBT_Tcpip_{40B182AB-F389-476B-8A78-A378EE293901}
\Device\NetBT_Tcpip_{56AACEB6-456D-4B3F-B04F-CC50DC87329F}
\Device\NetBT_Tcpip_{133FA5E4-7B7B-486E-A4F7-361C7D6D6924}
\Device\NetBT_Tcpip_{09A4A5A7-FC01-4C9E-8E94-F381F2B1E778}
\Device\NetBT_Tcpip_{1749DEFD-51A2-4256-9799-461378B7CD16}
\Device\NetBT_Tcpip_{2E835C21-7FA3-459B-819A-5D6A2224BE41}
\Device\NetBT_Tcpip_{9E32FD5C-E4B0-4839-A074-899CAD35089D}
\Device\NetBT_Tcpip_{419A0822-CA48-42E4-B0DE-8A9E17947D05}

reset Linkage\UpperBind for USB\VID_050D&PID_1102\00E04C000001. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for PCI\VEN_8086&DEV_103D&SUBSYS_00011179&REV_83\4&16793A72&0&40F0. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:
REG_MULTI_SZ =
PSched

<completed>

netsh winsock reset catalog
no output from this command,except requesting reboot

 

[juako]

Sorry, I did not notice you had posted

This is the output from MiniToolBox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Paula (administrator) on 14-04-2012 at 02:43:01
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Adaptador de red 1394 = Conexión 1394 (Connected)
Surf Wireless Micro USB Adapter = Conexiones de red inalámbricas 2 (Connected)
Intel(R) PRO/100 VE Network Connection = Conexión de área local (Media disconnected)


# ---------------------------------------------
# Configuración de la interfaz IP
# ---------------------------------------------
pushd interface ip



popd
# Fin de la configuración de la interfaz IP




Configuración IP de Windows



Error interno: Solicitud no compatible.



Póngase en contacto con los servicios de soporte técnico de Microsoft para

obtener ayuda.



Información adicional: no se puede encontrar el nombre de host.

Servidor: UnKnown
Address: 127.0.0.1

La solicitud de ping no pudo encontrar el host google.com. Compruebe el nombre y vuelva a intentarlo.

Servidor: UnKnown
Address: 127.0.0.1

La solicitud de ping no pudo encontrar el host yahoo.com. Compruebe el nombre y vuelva a intentarlo.

Servidor: UnKnown
Address: 127.0.0.1

La solicitud de ping no pudo encontrar el host bleepingcomputer.com. Compruebe el nombre y vuelva a intentarlo.

No se puede encontrar el controlador IP, c¢digo de error 2,

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Windows\System32\nwprovau.dll [144384] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [248320] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/14/2012 02:37:48 AM) (Source: PerfNet) (User: )
Description: No se puede abrir el servicio Redirector. No se devolverán datos de
rendimiento del redirector. El código de error devuelto está en los datos DWORD 0.

Error: (04/14/2012 02:37:29 AM) (Source: RaySat_3dsmax9_32 Server) (User: )
Description: (1649) bind: Una operación socket encontró una red inactiva. (0x2742)

Error: (04/14/2012 02:37:27 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (04/14/2012 02:15:32 AM) (Source: PerfNet) (User: )
Description: No se puede abrir el servicio Redirector. No se devolverán datos de
rendimiento del redirector. El código de error devuelto está en los datos DWORD 0.

Error: (04/14/2012 02:15:12 AM) (Source: RaySat_3dsmax9_32 Server) (User: )
Description: (1649) bind: Una operación socket encontró una red inactiva. (0x2742)

Error: (04/14/2012 02:15:09 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (04/13/2012 11:32:56 PM) (Source: PerfNet) (User: )
Description: No se puede abrir el servicio Redirector. No se devolverán datos de
rendimiento del redirector. El código de error devuelto está en los datos DWORD 0.

Error: (04/13/2012 10:45:20 PM) (Source: PerfNet) (User: )
Description: No se puede abrir el servicio Redirector. No se devolverán datos de
rendimiento del redirector. El código de error devuelto está en los datos DWORD 0.

Error: (04/10/2012 10:48:29 PM) (Source: PerfNet) (User: )
Description: No se puede abrir el servicio Redirector. No se devolverán datos de
rendimiento del redirector. El código de error devuelto está en los datos DWORD 0.

Error: (04/10/2012 00:14:52 AM) (Source: PerfNet) (User: )
Description: No se puede abrir el servicio Redirector. No se devolverán datos de
rendimiento del redirector. El código de error devuelto está en los datos DWORD 0.


System errors:
=============
Error: (04/14/2012 02:43:05 AM) (Source: Service Control Manager) (User: )
Description: El servicio NLA (Network Location Awareness) depende del servicio Controlador de protocolo TCP/IP, el cual no pudo iniciarse debido al siguiente error:
%%2

Error: (04/14/2012 02:43:05 AM) (Source: Service Control Manager) (User: )
Description: El servicio Controlador de protocolo TCP/IP no pudo iniciarse debido al siguiente error:
%%2

Error: (04/14/2012 02:43:05 AM) (Source: Service Control Manager) (User: )
Description: El servicio NLA (Network Location Awareness) depende del servicio Controlador de protocolo TCP/IP, el cual no pudo iniciarse debido al siguiente error:
%%2

Error: (04/14/2012 02:43:05 AM) (Source: Service Control Manager) (User: )
Description: El servicio Controlador de protocolo TCP/IP no pudo iniciarse debido al siguiente error:
%%2

Error: (04/14/2012 02:43:05 AM) (Source: Service Control Manager) (User: )
Description: El servicio NLA (Network Location Awareness) depende del servicio Controlador de protocolo TCP/IP, el cual no pudo iniciarse debido al siguiente error:
%%2

Error: (04/14/2012 02:43:05 AM) (Source: Service Control Manager) (User: )
Description: El servicio Controlador de protocolo TCP/IP no pudo iniciarse debido al siguiente error:
%%2

Error: (04/14/2012 02:43:04 AM) (Source: Service Control Manager) (User: )
Description: El servicio NLA (Network Location Awareness) depende del servicio Controlador de protocolo TCP/IP, el cual no pudo iniciarse debido al siguiente error:
%%2

Error: (04/14/2012 02:43:04 AM) (Source: Service Control Manager) (User: )
Description: El servicio Controlador de protocolo TCP/IP no pudo iniciarse debido al siguiente error:
%%2

Error: (04/14/2012 02:43:04 AM) (Source: Service Control Manager) (User: )
Description: El servicio NLA (Network Location Awareness) depende del servicio Controlador de protocolo TCP/IP, el cual no pudo iniciarse debido al siguiente error:
%%2

Error: (04/14/2012 02:43:04 AM) (Source: Service Control Manager) (User: )
Description: El servicio Controlador de protocolo TCP/IP no pudo iniciarse debido al siguiente error:
%%2


Microsoft Office Sessions:
=========================
Error: (04/14/2012 02:37:48 AM) (Source: PerfNet)(User: )
Description:

Error: (04/14/2012 02:37:29 AM) (Source: RaySat_3dsmax9_32 Server)(User: )
Description: (1649) bind: Una operación socket encontró una red inactiva. (0x2742)

Error: (04/14/2012 02:37:27 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (04/14/2012 02:15:32 AM) (Source: PerfNet)(User: )
Description:

Error: (04/14/2012 02:15:12 AM) (Source: RaySat_3dsmax9_32 Server)(User: )
Description: (1649) bind: Una operación socket encontró una red inactiva. (0x2742)

Error: (04/14/2012 02:15:09 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (04/13/2012 11:32:56 PM) (Source: PerfNet)(User: )
Description:

Error: (04/13/2012 10:45:20 PM) (Source: PerfNet)(User: )
Description:

Error: (04/10/2012 10:48:29 PM) (Source: PerfNet)(User: )
Description:

Error: (04/10/2012 00:14:52 AM) (Source: PerfNet)(User: )
Description:


========================= Devices: ================================

Name: MATSHITA DVD-RAM UJ-820S
Description: Unidad de CD-ROM
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Unidades de CD-ROM estándar)
Service: cdrom
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: NERO IMAGEDRIVE2 SCSI CdRom Device
Description: Unidad de CD-ROM
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Unidades de CD-ROM estándar)
Service: cdrom
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 2046.92 MB
Available physical RAM: 1628.3 MB
Total Pagefile: 2665.21 MB
Available Pagefile: 2426.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.59 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:55.89 GB) (Free:19.83 GB) NTFS
2 Drive e: () (Removable) (Total:1.83 GB) (Free:1.83 GB) FAT

========================= Users: ========================================

Cuentas de usuario de \\

Administrador Asistente de ayuda ASPNET
Invitado Paula SUPPORT_388945a0
El comando se ha ejecutado con uno o m*s errores.


**** End of log ****

 

[Broni]

Do you have Windows XP CD?

 

[juako]

Sorry for the delay
I really don´t have the original XP CD, even though I have a legal installation of Windows XP Home Edition, which came OEM on the computer. I did try selecting the requested files with other CDs from other computers which had XP but the Professional version instead of the Home Edition
Probable I would be possible to extract XP installation cd from a kind of backup partition, common on toshiba laptops, but I had not try so far. Do I need it?

 

[Broni]

I was thinking about running repair installation.
Could you borrow Windows XP CD from someone?

 

[juako]

I think I can have one xp home edition, but I don´t think it is SP2. do you think it would be ok?
if so, what should I do?

 

[Broni]

If tat CD doesn't have SP2 on it, you'll have to create new CD with SP2 slipstreamed into it.
Instructions: http://www.helpwithwindows.com/WindowsXP/winxp-sp2-bootcd.html

Then manual for repair installation: http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/