Inactive Can't start a DCOM server:{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

broni · 2010/04/17

Ignore Windows warning.

Delete Combofix file, download new one and try to run it again.

eddie2000 · 2010/04/17

Here it goes: a fresh combofix log:

ComboFix 10-04-17.02 - Administrador 17/04/2010 23:05:02.3.2 - x86 NETWORK
Running from: c:\documents and settings\Administrador\Escritorio\windowsbbs\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-18 00:06 . 2007-10-31 00:33 13824 ----a-w- c:\windows\system32\wscntfy.exe
2010-04-18 00:06 . 2008-04-14 08:42 59904 ----a-w- c:\windows\system32\regsvc.dll
2010-04-17 17:18 . 2010-04-17 17:18 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-04-17 17:18 . 2008-05-29 12:28 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-17 14:28 . 2010-04-17 14:28 0 ----a-w- c:\windows\nsreg.dat
2010-04-17 01:49 . 2010-04-17 01:50 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\DriverCure
2010-04-17 01:49 . 2010-04-17 01:49 -------- d-----w- c:\archivos de programa\Archivos comunes\ParetoLogic
2010-04-17 01:49 . 2010-04-17 16:05 -------- d-----w- c:\documents and settings\All Users\Datos de programa\DriverCure
2010-04-17 01:49 . 2010-04-17 01:49 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ParetoLogic
2010-04-17 01:49 . 2010-04-17 01:49 -------- d-----w- c:\archivos de programa\ParetoLogic
2010-04-16 20:02 . 2010-04-16 20:02 -------- d-----w- c:\windows\system32\xircom
2010-04-16 20:02 . 2010-04-16 20:02 -------- d-----w- c:\windows\system32\wbem\snmp
2010-04-16 20:02 . 2010-04-16 20:02 -------- d-----w- c:\windows\system32\oobe
2010-04-16 20:02 . 2010-04-16 20:02 -------- d-----w- c:\windows\srchasst
2010-04-16 20:02 . 2010-04-16 20:02 -------- d-----w- c:\windows\msagent
2010-04-16 20:02 . 2010-04-16 20:02 -------- d-----w- c:\archivos de programa\microsoft frontpage
2010-04-15 15:13 . 2010-04-15 15:13 -------- d-----w- c:\archivos de programa\Trend Micro
2010-04-14 17:30 . 2009-06-30 12:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-14 17:30 . 2010-04-14 17:30 -------- d-----w- c:\archivos de programa\Panda Security
2010-04-14 16:23 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-13 16:35 . 2010-04-13 16:35 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2010-04-13 16:35 . 2010-03-30 03:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-13 16:35 . 2010-04-13 16:35 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-04-13 16:35 . 2010-04-13 16:35 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-04-13 16:35 . 2010-03-30 03:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-13 15:59 . 2010-04-13 15:59 -------- d-----w- c:\documents and settings\All Users\Datos de programa\SpeedBit
2010-04-13 15:59 . 2010-04-13 16:01 -------- d-----w- c:\archivos de programa\DAP
2010-04-13 01:46 . 2010-04-13 01:46 -------- d-----w- c:\archivos de programa\GoodSync
2010-04-13 01:21 . 2010-04-16 22:13 -------- d-----w- C:\00 FAMILIA TRANSIT
2010-04-12 22:22 . 2010-04-12 22:22 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\WeatherWatcherLive
2010-04-12 21:03 . 2010-04-12 21:03 -------- d-----w- c:\archivos de programa\AskBarDis
2010-04-12 21:03 . 2004-05-27 05:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2010-04-12 21:03 . 2010-04-12 21:03 -------- d-----w- c:\archivos de programa\Weather Watcher Live
2010-04-12 16:24 . 2001-08-24 16:00 243712 ----a-w- c:\windows\system32\dllcache\netevent.dll
2010-04-10 22:35 . 2010-04-10 22:40 -------- d-----w- c:\archivos de programa\TurboNote
2010-04-10 22:01 . 2010-04-10 22:01 -------- d--h--w- c:\windows\PIF
2010-04-10 21:00 . 2008-01-07 17:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2010-04-10 20:59 . 2010-04-10 20:59 -------- d-----w- c:\archivos de programa\ESET
2010-04-10 20:46 . 2010-04-14 02:35 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\JungleDisk
2010-04-10 19:08 . 2010-04-10 19:08 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Windows Desktop Search
2010-04-10 18:44 . 2010-02-05 16:38 235576 ----a-w- c:\windows\system32\VSNetRdr.dll
2010-04-10 18:44 . 2010-02-05 16:38 137272 ----a-w- c:\windows\system32\VSMntNtf.dll
2010-04-10 18:44 . 2010-02-05 16:38 145504 ----a-w- c:\windows\system32\drivers\cbfs.sys
2010-04-10 18:24 . 2010-04-14 02:35 -------- d-----w- c:\archivos de programa\Jungle Disk Desktop
2010-04-07 20:25 . 2008-04-14 05:48 26624 ----a-w- c:\documents and settings\LocalService\Datos de programa\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-04-07 16:14 . 2008-04-13 20:26 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2010-04-07 16:14 . 2008-04-13 20:26 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2010-04-07 16:06 . 2010-04-07 16:06 -------- d-----w- c:\archivos de programa\Microsoft ActiveSync
2010-04-07 14:04 . 2010-04-07 14:04 -------- d-----w- c:\documents and settings\All Users\Datos de programa\LogMeIn
2010-04-07 13:59 . 2009-09-28 17:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-04-07 13:59 . 2009-09-28 17:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2010-04-07 13:59 . 2009-09-28 17:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-04-07 13:59 . 2008-08-11 10:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-04-07 13:59 . 2009-09-28 17:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2010-04-07 13:59 . 2010-04-07 13:59 -------- d-----w- c:\archivos de programa\LogMeIn
2010-04-07 09:25 . 2010-04-07 09:25 -------- d-----w- c:\archivos de programa\Microsoft Office Outlook Connector
2010-04-07 08:22 . 2010-04-07 08:22 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Windows Search
2010-04-07 07:17 . 2010-04-07 07:18 -------- d-----w- c:\archivos de programa\TreeSize Professional
2010-04-06 22:33 . 2010-04-17 23:42 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\GoodSync
2010-04-06 22:33 . 2010-04-06 22:33 -------- d-----w- c:\documents and settings\All Users\Datos de programa\GoodSync
2010-04-06 21:19 . 2010-04-07 09:04 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\DAEMON Tools
2010-04-06 19:43 . 2006-10-09 10:00 94208 ----a-w- c:\windows\Dream Aquarium.scr
2010-04-06 19:43 . 2010-04-07 08:44 -------- d-----w- c:\archivos de programa\Dream Aquarium
2010-04-06 19:42 . 2010-04-15 00:18 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Babylon
2010-04-06 19:42 . 2010-04-14 04:33 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Babylon
2010-04-06 19:42 . 2010-04-06 19:42 -------- d-----w- c:\archivos de programa\Recuva
2010-04-06 19:41 . 2010-04-06 19:41 -------- d-----w- c:\archivos de programa\TaskSwitchXP
2010-04-06 19:41 . 2010-04-06 19:41 -------- d-----w- c:\archivos de programa\DAEMON Tools Lite
2010-04-06 19:41 . 2010-04-06 19:41 -------- d-----w- c:\archivos de programa\Alcohol Soft
2010-04-06 19:41 . 2010-04-07 08:38 -------- d-----w- c:\archivos de programa\AIMP2
2010-04-06 14:21 . 2010-04-06 14:41 -------- d-----w- c:\archivos de programa\EPSON
2010-04-06 14:20 . 2004-11-25 04:07 79679 ----a-w- c:\windows\system32\E_FLMABL.DLL
2010-04-06 14:20 . 2003-05-21 00:27 64000 ----a-w- c:\windows\system32\E_FBCBABL.DLL
2010-04-06 14:20 . 2000-06-06 23:01 34304 ----a-w- c:\windows\system32\E_FBCHABL.DLL
2010-04-06 03:05 . 2010-04-06 03:05 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ESET
2010-04-05 19:06 . 2010-04-05 19:08 -------- d-----w- C:\010 JUGUETES
2010-04-05 18:59 . 2010-04-06 13:48 -------- d-----w- C:\203 OUTLOOK VARIOS
2010-04-05 16:23 . 2010-04-05 16:23 3584 ----a-r- c:\documents and settings\Administrador\Datos de programa\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-05 16:23 . 2010-04-05 16:23 -------- d-----w- c:\archivos de programa\Windows Installer Clean Up
2010-04-05 16:23 . 2010-04-07 09:23 -------- d-----w- c:\archivos de programa\MSECACHE
2010-04-05 16:13 . 2009-01-08 10:25 140048 ----a-w- c:\windows\system32\drivers\jdfs.sys
2010-04-05 14:17 . 2010-04-10 18:24 -------- d-----w- c:\documents and settings\All Users\Datos de programa\JungleDisk
2010-04-05 13:20 . 2010-04-05 13:22 -------- d-----w- c:\archivos de programa\jv16 PowerTools 2009
2010-04-05 12:39 . 2010-04-05 15:14 -------- d-----w- c:\archivos de programa\Babylon
2010-04-05 00:38 . 2010-04-05 00:38 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Auslogics
2010-04-05 00:38 . 2010-04-05 00:38 -------- d-----w- c:\archivos de programa\Auslogics
2010-04-05 00:22 . 2010-04-18 01:58 -------- d---a-w- c:\documents and settings\All Users\Datos de programa\TEMP
2010-04-05 00:08 . 2010-04-11 23:42 -------- d-----w- c:\archivos de programa\CCleaner
2010-04-04 21:02 . 2010-04-04 21:02 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-04 21:01 . 2010-04-04 21:01 -------- d-----w- c:\archivos de programa\Reference Assemblies
2010-04-04 19:45 . 2010-04-04 19:45 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache
2010-04-04 19:41 . 2010-04-04 19:41 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2010-04-04 06:53 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-04 06:53 . 2010-04-04 06:53 -------- d-----w- c:\windows\9e180f0592cf2d03432da6899645aa
2010-04-04 06:53 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-04 06:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-04 06:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-04 06:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-04 06:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-04 06:53 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-04 06:53 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-04 06:53 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-04 06:53 . 2010-04-04 10:35 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-04 06:50 . 2010-04-04 06:50 -------- d-----w- c:\windows\2c6f6f3dd2bfac87ec2790ee18
2010-04-04 06:50 . 2010-04-04 10:27 -------- d-----w- c:\windows\fc7f84f3ff80b6179d8e9f7a0b
2010-04-04 06:40 . 2010-04-04 06:40 592 ----a-w- c:\windows\chgkey.vbs
2010-04-04 06:27 . 2010-04-04 06:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-04 06:27 . 2010-04-04 06:27 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
2010-04-04 06:24 . 2010-02-25 09:46 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-04-04 06:24 . 2010-02-25 06:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-04 06:24 . 2010-02-25 06:16 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-04 06:24 . 2010-02-25 06:16 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-04 06:24 . 2010-02-25 06:16 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-04-04 06:24 . 2010-02-25 06:16 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-04 06:24 . 2010-04-14 12:53 -------- d-----w- c:\windows\ie8updates
2010-04-04 06:24 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-04 06:22 . 2010-04-04 06:23 -------- dc-h--w- c:\windows\ie8
2010-04-04 00:54 . 2009-05-12 13:12 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-04 00:54 . 2010-04-14 12:55 -------- d--h--w- c:\windows\$hf_mig$
2010-04-03 22:03 . 2010-04-11 13:49 -------- d-----w- c:\archivos de programa\Windows Desktop Search
2010-04-03 22:03 . 2010-04-04 21:57 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-04-03 22:03 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-04-03 22:03 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-04-03 22:03 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-04-03 21:40 . 2006-12-31 22:08 4456 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 17:18 . 2010-04-03 15:41 -------- d-----w- c:\archivos de programa\TuneUp Utilities 2008
2010-04-17 17:03 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP7791.tmp
2010-04-17 02:38 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP72fd.tmp
2010-04-16 13:21 . 2010-04-04 11:02 90112 ----a-w- c:\windows\DUMP5e4c.tmp
2010-04-16 02:30 . 2010-04-04 11:02 90112 ----a-w- c:\windows\DUMP6979.tmp
2010-04-16 02:11 . 2010-04-04 11:02 90112 ----a-w- c:\windows\DUMP6cd3.tmp
2010-04-15 21:16 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP77c0.tmp
2010-04-15 14:17 . 2001-08-24 16:00 98618 ----a-w- c:\windows\system32\perfc00A.dat
2010-04-15 14:17 . 2001-08-24 16:00 529298 ----a-w- c:\windows\system32\perfh00A.dat
2010-04-15 02:01 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP4390.tmp
2010-04-15 01:56 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6447.tmp
2010-04-14 22:01 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6419.tmp
2010-04-14 20:34 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6522.tmp
2010-04-14 18:59 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6fd1.tmp
2010-04-14 16:11 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP7251.tmp
2010-04-14 06:02 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6a81.tmp
2010-04-14 05:48 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6f44.tmp
2010-04-14 02:51 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6428.tmp
2010-04-13 15:15 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5ff2.tmp
2010-04-13 13:38 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5def.tmp
2010-04-13 13:19 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP597a.tmp
2010-04-13 13:11 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP59e8.tmp
2010-04-13 01:29 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5cb6.tmp
2010-04-12 22:23 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP667a.tmp
2010-04-12 21:20 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5861.tmp
2010-04-11 20:19 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5bdb.tmp
2010-04-11 19:51 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5cc6.tmp
2010-04-11 14:42 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP594b.tmp
2010-04-11 13:49 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP639c.tmp
2010-04-11 04:00 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6263.tmp
2010-04-11 01:38 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5bfa.tmp
2010-04-10 20:27 . 2010-04-03 15:42 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Winamp
2010-04-10 20:27 . 2010-04-03 15:42 -------- d-----w- c:\archivos de programa\Winamp
2010-04-10 20:27 . 2010-04-10 20:27 -------- d-----w- c:\archivos de programa\Winamp Detect
2010-04-10 17:53 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5a06.tmp
2010-04-10 17:39 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5af2.tmp
2010-04-10 14:44 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5302.tmp
2010-04-08 21:29 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5841.tmp
2010-04-08 05:35 . 2010-04-08 05:35 836 ----a-w- c:\archivos de programa\Auslogics Disk Defrag.lnk
2010-04-08 04:48 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5e0e.tmp
2010-04-07 20:16 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP73b9.tmp
2010-04-07 15:01 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6978.tmp
2010-04-07 14:04 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6d60.tmp
2010-04-07 14:01 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP6fe0.tmp
2010-04-06 22:54 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5b6e.tmp
2010-04-06 21:30 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5c58.tmp
2010-04-06 21:23 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP608e.tmp
2010-04-06 16:39 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5b20.tmp
2010-04-06 13:54 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP49bb.tmp
2010-04-05 20:48 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP4ab5.tmp
2010-04-05 20:47 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5227.tmp
2010-04-05 14:27 . 2010-04-03 15:41 -------- d-----w- c:\archivos de programa\Unlocker
2010-04-05 13:14 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5af1.tmp
2010-04-05 00:12 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP64d4.tmp
2010-04-04 15:36 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5d52.tmp
2010-04-04 13:46 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP468e.tmp
2010-04-04 12:13 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP5dee.tmp
2010-04-04 11:45 . 2010-04-04 11:02 98304 ----a-w- c:\windows\DUMP59e7.tmp
2010-04-04 11:00 . 2010-04-03 17:13 98304 ----a-w- c:\windows\DUMP5f56.tmp
2010-04-04 08:19 . 2010-04-03 15:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-04 06:40 . 2010-04-04 06:40 592 ----a-w- c:\windows\chgkey.vbs
2010-04-04 01:29 . 2010-04-03 17:13 98304 ----a-w- c:\windows\DUMP46ec.tmp
2010-04-03 20:49 . 2010-04-03 17:13 98304 ----a-w- c:\windows\DUMP4dc2.tmp
2010-04-03 16:30 . 2010-04-03 16:30 -------- d-----w- c:\archivos de programa\VIA
2010-04-03 16:28 . 2010-04-03 16:28 -------- d-----w- c:\archivos de programa\Realtek AC97
2010-04-03 15:41 . 2010-04-03 15:41 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\TuneUp Software
2010-04-03 15:41 . 2010-04-03 15:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\TuneUp Software
2010-04-03 15:41 . 2010-04-03 15:41 -------- d-----w- c:\archivos de programa\Archivos comunes\Wise Installation Wizard
2010-04-03 15:41 . 2010-04-03 15:41 -------- d-----w- c:\archivos de programa\Real Alternative
2010-04-03 15:41 . 2010-04-03 15:41 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple Computer
2010-04-03 15:41 . 2010-04-03 15:40 -------- d-----w- c:\archivos de programa\QT Lite
2010-04-03 15:39 . 2010-04-03 15:39 -------- d-----w- c:\archivos de programa\Nero
2010-04-03 15:39 . 2010-04-03 15:39 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Nero
2010-04-03 15:39 . 2010-04-03 15:39 -------- d-----w- c:\archivos de programa\Archivos comunes\Nero
2010-04-03 15:36 . 2010-04-03 15:36 -------- d-----w- c:\archivos de programa\K-Lite Codec Pack
2010-04-03 15:36 . 2010-04-03 15:36 -------- d-----w- c:\archivos de programa\Java
2010-04-03 15:36 . 2010-04-03 15:36 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
2010-04-03 15:35 . 2010-04-03 15:35 -------- d-----w- c:\archivos de programa\HashTab Shell Extension
2010-04-03 15:35 . 2010-04-03 15:35 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
2010-04-03 15:25 . 2010-04-03 15:25 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-03 15:23 . 2010-04-03 15:23 21900 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-03 15:22 . 2010-04-03 15:22 -------- d-----w- c:\archivos de programa\Windows Media Connect 2
2010-03-10 06:16 . 2008-04-14 05:48 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:16 . 2008-05-11 18:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-13 22:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2008-04-14 05:27 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2008-04-14 05:27 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:34 . 2008-04-14 05:48 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-13 22:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

------- Sigcheck -------

[-] 2008-04-14 . C6C729770D9C3A0AD4D2D28788E71684 . 1698816 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2007-10-31 . E9EEB38B858B637F4F8FA3401F325DC5 . 13824 . . [5.1.2600.3244] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 97D44EE3E44CDC7035E3CB2EF20BABDB . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[-] 2008-05-11 18:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-22 17:38 284040 ----a-w- c:\archivos de programa\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\archivos de programa\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98} "= "c:\archivos de programa\AskBarDis\bar\bin\askBar.dll" [2008-09-22 284040]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update "= "c:\documents and settings\Administrador\ConfiguraciÃ³n local\Datos de programa\Google\Update\GoogleUpdate.exe" [2010-04-04 136176]
"GoodSync "= "c:\archivos de programa\GoodSync\GoodSync.exe" [2010-04-10 4514232]
"DownloadAccelerator "= "c:\archivos de programa\DAP\DAP.EXE" [2010-04-13 2803200]
"DriverCure "= "c:\archivos de programa\ParetoLogic\DriverCure\DriverCure.exe" [2009-08-07 3993368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui "= "c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 30208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2 "= "shell32" [X]
"nltide_3 "= "advpack.dll" [2009-03-08 128512]

c:\documents and settings\Administrador\Men£ Inicio\Programas\Inicio\
Recorte de pantalla e Inicio r*pido de OneNote 2007.lnk - c:\archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
TurboNote.lnk - c:\archivos de programa\TurboNote\tbnote.exe [2010-4-10 757760]
Windows Search.lnk - c:\archivos de programa\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms "= 1 (0x1)
"NoSMMyPictures "= 1 (0x1)
"NoResolveTrack "= 1 (0x1)
"MaxRecentDocs "= 16 (0x10)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)
"NoSMHelp "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)
"NoSMMyPictures "= 1 (0x1)
"NoResolveTrack "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\archivos de programa\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost "=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^MenÃº Inicio^Programas^Inicio^Jungle Disk Desktop.lnk]
backup=c:\windows\pss\Jungle Disk Desktop.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2007-12-19 20:13 486856 ----a-w- c:\archivos de programa\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C87 Series]
2005-01-27 03:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIABL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
2004-05-05 12:54 262210 ------w- c:\archivos de programa\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-11-11 12:07 90112 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
2006-08-04 22:29 62976 ----a-w- c:\archivos de programa\TaskSwitchXP\TaskSwitchXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-08 02:33 53248 ----a-w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2005-03-11 16:33 147456 ----a-w- c:\windows\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc "=3 (0x3)
"TuneUp.Defrag "=3 (0x3)
"Microsoft Office Groove Audit Service "=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Archivos de programa\\ESET\\ESET NOD32 Antivirus\\egui.exe "=
"c:\\Documents and Settings\\Administrador\\ConfiguraciÃ³n local\\Datos de programa\\Google\\Chrome\\Application\\chrome.exe "=
"c:\\Archivos de programa\\TaskSwitchXP\\ConfigTsXP.exe "=
"c:\archivos de programa\Microsoft ActiveSync\rapimgr.exe "= c:\archivos de programa\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\archivos de programa\Microsoft ActiveSync\wcescomm.exe "= c:\archivos de programa\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\archivos de programa\Microsoft ActiveSync\WCESMgr.exe "= c:\archivos de programa\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Archivos de programa\\TurboNote\\tbnote.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-03 717296]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-05 145504]
R1 JDFS;JDFS;c:\windows\system32\drivers\jdfs.sys [2009-01-08 140048]
R2 ekrn;Eset Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\archivos de programa\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S0 VIBUS;VIBUS;c:\windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-17 c:\windows\Tasks\DriverCure.job
- c:\archivos de programa\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-04-17 c:\windows\Tasks\GoodSync - EDENOR.job
- c:\archivos de programa\GoodSync\gsync.exe [2010-04-10 21:14]

2010-04-18 c:\windows\Tasks\Mantenimiento con 1 clic.job
- c:\archivos de programa\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-21 12:18]

2010-04-17 c:\windows\Tasks\ParetoLogic Registration.job
- c:\archivos de programa\Archivos comunes\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-04-17 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\archivos de programa\Archivos comunes\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-04-17 c:\windows\Tasks\User_Feed_Synchronization-{2BCA8274-14D5-4384-BC56-DBA06075878A}.job
- c:\windows\system32\msfeedssync.exe [2008-05-11 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lanacion.com.ar
IE: &Clean Traces - c:\archivos de programa\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\archivos de programa\DAP\dapextie.htm
IE: Abrir en ventana &nueva - c:\documents and settings\All Users\Datos de programa\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
IE: Download &all with DAP - c:\archivos de programa\DAP\dapextie2.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\yg78bx7t.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-261478967-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,01,1d,1d,ed,6e,e4,49,b5,96,1e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,01,1d,1d,ed,6e,e4,49,b5,96,1e,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,01,1d,1d,ed,6e,e4,49,b5,96,1e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(452)
c:\windows\system32\WININET.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
.
Completion time: 2010-04-17 23:08:47
ComboFix-quarantined-files.txt 2010-04-18 02:08
ComboFix2.txt 2010-04-17 03:27
ComboFix3.txt 2010-04-16 20:00

Pre-Run: 135.945.007.104 bytes libres
Post-Run: 135.916.462.080 bytes libres

- - End Of File - - B9D9AC296EDE978A99B354F2040FB020

broni · 2010/04/17

It looks good
Please, stay away from any programs like DriverCure, or you'll mess up your computer pretty quickly.
If you used it prior to this topic, it may be a part of your problem.

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

=================================================================

Let's run one more scan, but at this moment, it looks like your computer is malware free.

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

eddie2000 · 2010/04/17

>Uninstalled Combofix
>Ran TFC
>Kaspersky on line is being updated. It is unavailable. I can download and install one the two full versions Antivirus and Spyware or Full Internet protection, but I have to uninstall NOD 32. Is it worthy?
> here is the log for Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:46:16, on 18/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lanacion.com.ar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VÃnculos
O2 - BHO: AplicaciÃ³n auxiliar de vÃnculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARCHIV~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\ConfiguraciÃ³n local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GoodSync] "C:\Archivos de programa\GoodSync\GoodSync.exe" /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe "
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Archivos de programa\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [Google Update] "C:\Documents and Settings\Administrador\ConfiguraciÃ³n local\Datos de programa\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [GoodSync] "C:\Archivos de programa\GoodSync\GoodSync.exe" /min (User '?')
O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [DownloadAccelerator] "C:\Archivos de programa\DAP\DAP.EXE" /STARTUP (User '?')
O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-21-1715567821-261478967-1177238915-500 Startup: Recorte de pantalla e Inicio rÃ¡pido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: Recorte de pantalla e Inicio rÃ¡pido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: TurboNote.lnk = C:\Archivos de programa\TurboNote\tbnote.exe
O4 - Global Startup: Windows Search.lnk = C:\Archivos de programa\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Abrir en ventana &nueva - C:\Documents and Settings\All Users\Datos de programa\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crear un favorito mÃ³vil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/pro/cabs/as2stubie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7065 bytes

broni · 2010/04/17

Instead of Kaspersky....

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

eddie2000 · 2010/04/18

Hello Broni:

The scan was to slow and I went to sleep.

Here is the scan:

C:\500 INSTALADORES\00 transitorios\unlocker\unlocker1.8.8.exe Win32/Adware.ADON application deleted - quarantined
C:\Archivos de programa\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application deleted - quarantined
C:\System Volume Information\_restore{88382C26-9085-41CA-94A7-0956320D71BC}\RP5\A0039020.exe Win32/Adware.ADON application deleted - quarantined
C:\System Volume Information\_restore{88382C26-9085-41CA-94A7-0956320D71BC}\RP5\A0039021.exe a variant of Win32/Adware.ADON application deleted - quarantined

The last crashes of the PC left the following message errors:

Tipo de suceso: Error
Origen del suceso: DCOM
CategorÃa del suceso: Ninguno
Id. suceso: 10000
Fecha: 18/04/2010
Hora: 1:06:11
Usuario: NT AUTHORITY\Servicio de red
Equipo: PCEDU
DescripciÃ³n:
No se puede iniciar un servidor DCOM: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.

El error:
"El sistema no puede hallar el archivo especificado. "
Ha ocurrido mientras iniciaba este comando:
-Embedding

Para obtener mÃ¡s informaciÃ³n, vea el Centro de ayuda y soporte

tÃ©cnico en http://go.microsoft.com/fwlink/events.asp.

Tipo de suceso: Error
Origen del suceso: Service Control Manager
CategorÃa del suceso: Ninguno
Id. suceso: 7000
Fecha: 18/04/2010
Hora: 1:06:39
Usuario: No disponible
Equipo: PCEDU
DescripciÃ³n:
El servicio wscsvc no pudo iniciarse debido al siguiente error:
El programa ejecutable en el que este servicio estÃ¡ configurado para

ejecutarse no implementa el servicio.

Para obtener mÃ¡s informaciÃ³n, vea el

Centro de ayuda y soporte tÃ©cnico en

http://go.microsoft.com/fwlink/events.asp.

THE FIRST ERROR IS THE SMAE I AM GETTING SINCE A WEEK AGO OR SO.
THE SECOND ERROR IS NEW. IT APPEARD AFTER THE CRASHES OF THE LAST 2 DAYS OR SO.

What's now? Reinstalling system?

Thank you

Eddie2000

broni · 2010/04/18

What's now? Reinstalling system?
Click to expand...

Let's finish our cleaning steps first.

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Open JavaRa.exe again and select Search For Updates.

Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

================================================================

Uninstall AskBarDis, using Add\Remove (if found).

==============================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Archivos de programa\AskBarDis\bar\bin\askBar.dll
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\ConfiguraciÃ³n local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [Google Update] "C:\Documents and Settings\Administrador\ConfiguraciÃ³n local\Datos de programa\Google\Update\GoogleUpdate.exe" /c (User '?')

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

eddie2000 · 2010/04/18

I downloaded and installed Java.

Unjinstalled AskBar

Hijack: cannot find Hijack entries to put checkmarks.

These are the options:

Do asystem scan and save a log file
do a system scan only
View the list of backups
Open the Misc Tools section
Open online Hijackthis QuickStart
None of the above, just start the program

broni · 2010/04/18

Do a system scan and save a log file.
Then you'll see checkboxes.

eddie2000 · 2010/04/18

I am sorry I missed saving the log after checking all you asked and clicked fix cheked.. So I ran HijackThis again and here is the new log. I hope this helps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:15, on 18/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
C:\Archivos de programa\GoodSync\GoodSync.exe
C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe
C:\Archivos de programa\DAP\DAP.EXE
C:\ARCHIV~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\TurboNote\tbnote.exe
C:\Archivos de programa\Windows Desktop Search\WindowsSearch.exe
C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lanacion.com.ar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VÃnculos
O2 - BHO: AplicaciÃ³n auxiliar de vÃnculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARCHIV~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe "
O4 - HKCU\..\Run: [GoodSync] "C:\Archivos de programa\GoodSync\GoodSync.exe" /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe "
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Archivos de programa\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [GoodSync] "C:\Archivos de programa\GoodSync\GoodSync.exe" /min (User '?')
O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [DownloadAccelerator] "C:\Archivos de programa\DAP\DAP.EXE" /STARTUP (User '?')
O4 - HKUS\S-1-5-21-1715567821-261478967-1177238915-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-21-1715567821-261478967-1177238915-500 Startup: Recorte de pantalla e Inicio rÃ¡pido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: Recorte de pantalla e Inicio rÃ¡pido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: TurboNote.lnk = C:\Archivos de programa\TurboNote\tbnote.exe
O4 - Global Startup: Windows Search.lnk = C:\Archivos de programa\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Abrir en ventana &nueva - C:\Documents and Settings\All Users\Datos de programa\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Archivos de programa\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crear un favorito mÃ³vil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/pro/cabs/as2stubie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6572 bytes

broni · 2010/04/18

Your computer is clean

1. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

broni · 2010/04/24

You've never let me know, how your computer is doing.

eddie2000 · 2010/04/24

No changes. I have to work on safe mode. But I am about to install Windows 7 and sure the problem dissapears.
Thank you Broni
You made aloot! Very nice work! I learned a lootb about fighting malware. Hope I do not need all this very often!
eddie2000

"broni said: ↑

You've never let me know, how your computer is doing.
Click to expand...

broni · 2010/04/24

You're very welcome

Good luck with Windows 7

Log in or Sign up

Inactive Can't start a DCOM server:{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

broni Moderator Malware Analyst

eddie2000 Inactive Thread Starter

broni Moderator Malware Analyst

eddie2000 Inactive Thread Starter

broni Moderator Malware Analyst

eddie2000 Inactive Thread Starter

broni Moderator Malware Analyst

eddie2000 Inactive Thread Starter

broni Moderator Malware Analyst

eddie2000 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

eddie2000 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Can't start a DCOM server:{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

broni Moderator Malware Analyst

eddie2000 Inactive Thread Starter

broni Moderator Malware Analyst

eddie2000 Inactive Thread Starter

broni Moderator Malware Analyst

eddie2000 Inactive Thread Starter

broni Moderator Malware Analyst

eddie2000 Inactive Thread Starter

broni Moderator Malware Analyst

eddie2000 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

eddie2000 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches