Problema con conexion a inet, no cacho q onda Opciones

[maticandia]

Saludos!

Posteo por aca porque me rendi luego de pasarme toda la noche buscandole solucion a un problema q tengo, les cuento:
Resulta que el otro dia instale una actualizacion al FF3 (la 3.0.8 para ser + especifico), ahora el problema es que luego de instalada esa version FF no me conecta a inet... a pesar de que si tengo acceso a inet... encontre raro esto y desinstale el FF, le quite complementos, borre cookies, archivos temporales... y aun asi sigo sin acceso a internet por mozilla... ahora ya habia tenido antes ciertos problemas de acceso a la red, sucede que me di cuenta cuando quise actualizar el bitdefender 2009 que me baje del foro y no pude, ya q me enviaba un error de conexion, a pesar de que tenia los permisos de firewall correspondientes, no le di mucha importancia porque aun podia actualizar manualmente. Pero luego me paso lo mismo con Flashget, SuperAntiSpyware PRO, Mozilla, Avira...
Ahora las unicas aplicaciones con las que puedo acceder a inet son IE7 y WLM9, y puta IE7 no me puede gustar... quiero mi mozilla de vuelta
el resumen cronologico de mis acciones las ultimas semanas es:
1. baje e instale bitdefender internet security 2009, antes tenia el norton is 2007 (venia con mi note y aprovechaba las actualizaciones gratuitas, hasta q acabaron los 90 dias y lo 'desinstale')
2. en teoria nunca pude desinstalar el NIS2007 porque esta integrado a la consola de recuperacion del note, asi que lo desactive del inicio, y le quite los servicios symantec que inician con el sistema
3. instale la actualizacion del FF3 y lo q ya dije... 0 internet
4. desinstale el bitdefender y le instale el avira... me 'pillo' 8 amenazas, la mayoria las q estaban en cuarentena por NIS2007
informe avira

Spoiler:

Start of the scan: lunes, 30 de marzo de 2009 15:05

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'HijackThis.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StkCSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpswp_clipbook.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'flashget.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ASLDRSrv.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
54 processes with 54 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '41' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\ProgramData\Symantec\Shared\QBackup\{0326AB23-0F27-4BF5-9706-CC6E84AD30D6}\{045ADD09-3F90-4CE5-8586-04DAF3A87CC7}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\ProgramData\Symantec\Shared\QBackup\{0326AB23-0F27-4BF5-9706-CC6E84AD30D6}\{045ADD09-3F90-4CE5-8586-04DAF3A87CC7}.qbd
[DETECTION] Is the TR/VB.atg.383 Trojan
[NOTE] The file was deleted!
C:\ProgramData\Symantec\Shared\QBackup\{1B7FD9CA-E787-4DF8-A695-9D9DE44A99C5}\{0260C9EF-0D0D-4F5D-BA1A-16BE3F936948}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\ProgramData\Symantec\Shared\QBackup\{1B7FD9CA-E787-4DF8-A695-9D9DE44A99C5}\{0260C9EF-0D0D-4F5D-BA1A-16BE3F936948}.qbd
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE] The file was deleted!
C:\ProgramData\Symantec\Shared\QBackup\{7EE371B6-6E44-47A7-BD21-A7AAA1C46812}\{C32CC427-688F-4557-A638-0A8BB13B0BA0}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\ProgramData\Symantec\Shared\QBackup\{7EE371B6-6E44-47A7-BD21-A7AAA1C46812}\{C32CC427-688F-4557-A638-0A8BB13B0BA0}.qbd
[DETECTION] Is the TR/Onlinegames.B.5 Trojan
[NOTE] The file was deleted!
C:\ProgramData\Symantec\Shared\QBackup\{85E07ECD-9FF5-4407-8BEF-3700075E427B}\{33B43E47-BA84-4B5C-86E0-59E221414BE0}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\ProgramData\Symantec\Shared\QBackup\{85E07ECD-9FF5-4407-8BEF-3700075E427B}\{33B43E47-BA84-4B5C-86E0-59E221414BE0}.qbd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\ProgramData\Symantec\Shared\QBackup\{A7B06A23-7E76-45A3-9350-A269F18387D1}\{2B391745-9BBA-4D46-8558-20E024D06767}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\ProgramData\Symantec\Shared\QBackup\{A7B06A23-7E76-45A3-9350-A269F18387D1}\{2B391745-9BBA-4D46-8558-20E024D06767}.qbd
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was deleted!
C:\ProgramData\Symantec\Shared\QBackup\{B7F29057-C2F7-4C00-8641-30C5C7E8318F}\{233E212C-7956-4640-8E82-A6ED6B14684A}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\ProgramData\Symantec\Shared\QBackup\{B7F29057-C2F7-4C00-8641-30C5C7E8318F}\{233E212C-7956-4640-8E82-A6ED6B14684A}.qbd
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE] The file was deleted!
C:\Users\usuario\Downloads\ERW2.4_final.rar
[0] Archive type: RAR
--> cadhexa.exe
[DETECTION] Is the TR/Agent.afmh Trojan
--> etherw\plugins\0.10.12\opsi.dll
[DETECTION] Is the TR/Dldr.17920.D Trojan
[NOTE] A backup was created as '4a2824af.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Users\usuario\Downloads\RSM 2.0\rsm.dll
[0] Archive type: RAR
--> Keygen.exe
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] A backup was created as '4a3e24e9.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!

5. le instale el superantispyware pro y me tiro que solo habian cookies sospechosas ningun malware
6. le hice un escaneo con el ccleaner y borre las cookies de explorador y todo eso
7. chato de webiar ya, le hice un log con el HijackThis! el log:

Spoiler:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:24, on 02-04-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Users\usuario\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Program Files\SUPERAntispyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.udec.cl:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\usuario\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: hideflag.exe
O8 - Extra context menu item: &Descargar con Fl&ashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Descargar todo con Flas&hGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - http://aspglobal.ahnlab.com/asp/cab/AhnASP_vista.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.super(Si bloquean la publicidad, el sitio NO tendrá recursos para mantenerse)er.com/activex/sabspx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

algo raro? lo unico q encontre raro es que el proceso explorer.exe tuviera la extension en mayusculas...
8. me fui a modo seguro con red y actualize el superanti... y analice mi pc, nada... trate de actualizar avira pero no se habia iniciado el 'scheduler' asi q no pude, en este modo me funcaban sin problemas IE7, FF3 y Chrome (lo baje pa ver si era problema de browswer) le corri 2 antivirus online Kaspersky y ESET, pero ninguno terminaba de analizar porq al llegar a la carpeta C:\Documents and settings\, no avanzaba nada, luego revise el log pa ver q onda y decia esto:

Spoiler:

Estadísticas:
Número de objeros analizados: 4124219 (!) no seran muchos archivos???
Virus encontrados: 0
Objetos infectados: 0 / 0
Objetos sospechosos: 0
Duración del análisis: 12:05:51 ====> toda la noche analizando

Bombre del objeto infectado / Nombre del virus / Última acción
C:\boot\BCD Object is locked saltado
C:\boot\BCD.LOG Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\NFix_2009-04-01_22-51-17.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\NFix_2009-04-01_22-51-17.log Object is locked

, el scanner se quedo pegado en esos directorios Application Data, q ha todo esto antes de q cancelara el analisis iban en alrededor de 150 lineas de directorios parecidas a la de arriba
9. puta despues le mande el kaspersky removal tool (algo asi), y nada...
10. vuelvo a windows en modo normal y continuo con el problema, no puedo usar mozilla, rapiduploader, chrome, actualizar mis herramientas de seguridad, solo puedo usar como ya dije IE7, WLM9 y Aimp2 (escuchar radios on-line)
11. ahora q me acuerdo hace unas semanas baje un pdf q se llamaba 10 trucos para acelerar Win Vista, y desactive ciertos servicios, no creo q haya sido eso, en ese sentido soy cuidadoso..

Alguna idea q no sea FORMATEAR y MANDAR TODO A LA CSM!!!
Saludos!