Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Gracias a este foro consegui el Hijackthis y vi varios ejemplos. Pude eliminar varios archivos, pero todavia sigue lenta y me presenta una ventana ofreciendome el WinSpyware 2008.

Este es el ultimo log de Hijack, pero todavia sigue lenta. Estoy dandole otro scan con McAfee...me urge resolver este problema.

Si alguien tiene la contestacion la puede postear aqui y enviarmela al email
tropicodcg@yahoo.com

Gracias

Carlos Rivera
Puerto Rico

Logfile of HijackThis v1.99.1
Scan saved at 9:16:09 PM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\COMMON~1\mcafee\emproxy\emtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\WISPTIS.EXE
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O3 - Toolbar: Asistente para Internet de Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\cnrqrbht.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Hola Tropicodcg, te doy la bienvenida al Foro de InfoSpyware

Estas usando una versión antigua de HijackThis, por lo que descarga y ejecuta la nueva versión de HijackThis 2.0.2 para generar y dejarnos un nuevo log en este mismo mensaje.

Salu2

Saludos y gracias por contestar:

Le doy fix vuelve y se repiten los archivos, la maquina toma velocidad si no estoy conectado a internet. Cuando me conecto se pone lenta y vuelve y aparece el archivo de WinAntiSpyware.

Baje algunas herramientas

AboutBuster
avg
fixwareout
hjtinstall
rr-free-setup
sdfix
vundu

vundu, descubrio algunos, los borre, pero cuando me conecto nuevamente aparecen.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:51 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Asistente para Internet de Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 7395 bytes

Hola, el log de HijackThis esta limpipo por lo que usa CF.

• Descarga la herramienta ComboFix.exe y guárdala tu escritorio.
• Hace doble-click en el archivo combofix.exe y seguí los avisos.
• Cuando termine este generara un reporte que tendrías que pegar en este mismo mensaje.
  • Nota* Puede que algunos Antivirus como Panda detecten un falso positivo en ComboFix pero no hay que preocuparse por esto.

Reinicia y nos contas los resultados.

Salu2

Estoy bajando ComboFix. Y te envio los resultados.
Por ahora la maquina trabaja con relativa velocidad, pero si la conecto en la red, casi se para. Al igual que cuando voy a imprimir.

No recuerdo exactamente cual de los programas me detecto un Worm, pero no me dio descripcion.

Gracias por contestar, te envio los resultados.

CR

Este es el log que me dio.....la maquina sigue lenta. Estoy por tomar la desicion de tratar de salvar los archivos y formatear el disco.
Espero cualquier sugerencia.

CR

ComboFix 07-09-21.2 - "Tropico Design Group" 2007-09-27 14:08:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.21 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\TROPIC~1\APPLIC~1\winantispyware2007fr eeinstall[1].exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\kjkmp.bak2
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\rmjnxvnv.dll
C:\WINDOWS\system32\vnvxnjmr.ini
C:\WINDOWS\system32\xpdx.sys
C:\wsusupd.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\ApiMon
-------\DomainService
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-08-27 to 2007-09-27 )))))))))))))))))))))))))))))))
.

2007-09-27 14:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-26 18:22 84,032 --a------ C:\WINDOWS\system32\gtyvolfp.dll
2007-09-26 13:06 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-26 13:04 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-09-26 12:36 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-09-26 12:33 <DIR> d-------- C:\VundoFix Backups
2007-09-26 12:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-26 02:13 84,032 --a------ C:\WINDOWS\system32\slxvlqll.dll
2007-09-26 01:03 84,032 --a------ C:\WINDOWS\system32\hxowgjxe.dll
2007-09-25 17:07 84,032 --a------ C:\WINDOWS\system32\wlchlugp.dll
2007-09-25 15:09 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-09-25 15:06 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-09-25 15:06 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-09-25 15:06 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-09-25 15:06 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-09-25 14:24 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-09-25 14:12 84,032 --a------ C:\WINDOWS\system32\tiwwkkkx.dll
2007-09-25 13:46 84,032 --a------ C:\WINDOWS\system32\nviwuybx.dll
2007-09-25 06:59 84,032 --a------ C:\WINDOWS\system32\ppcyrryo.dll
2007-09-25 06:16 84,032 --a------ C:\WINDOWS\system32\rhwwenqa.dll
2007-09-25 01:42 84,032 --a------ C:\WINDOWS\system32\xswlnuli.dll
2007-09-25 01:04 84,032 --a------ C:\WINDOWS\system32\rtvkdkuc.dll
2007-09-24 19:59 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-09-24 19:59 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-09-24 19:59 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-09-24 19:59 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-09-24 19:59 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-09-24 19:58 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-09-24 19:55 <DIR> d-------- C:\Program Files\McAfee.com
2007-09-24 19:53 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-09-24 19:52 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-24 19:52 <DIR> d-------- C:\Program Files\McAfee
2007-09-24 19:50 85,056 --a------ C:\WINDOWS\system32\gotyxvgs.dll
2007-09-24 19:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-24 02:16 <DIR> d-------- C:\KAV
2007-09-22 05:09 153 --a------ C:\WINDOWS\system32\delFSF.bat
2007-09-22 00:01 <DIR> d-------- C:\DOCUME~1\TROPIC~1\APPLIC~1\Uniblue
2007-09-20 00:14 <DIR> d-------- C:\Program Files\Trial123FileConvert
2007-09-17 19:26 <DIR> d-------- C:\DOCUME~1\TROPIC~1\APPLIC~1\GlarySoft
2007-09-15 23:30 <DIR> d-------- C:\Program Files\CSSS
2007-09-15 23:09 <DIR> d-------- C:\RebarWin
2007-09-15 13:30 <DIR> d-------- C:\Program Files\GaLa Reinforcement
2007-09-15 13:27 <DIR> d-------- C:\Program Files\Concrete Mix Designer
2007-09-13 21:05 <DIR> d-------- C:\Program Files\Universal CAD Converter
2007-09-13 13:11 73,728 --a------ C:\WINDOWS\system32\mr310ipc.dll
2007-09-13 13:11 352,256 --a------ C:\WINDOWS\system32\ijl15.dll
2007-09-13 13:11 102,400 --a------ C:\WINDOWS\system32\mr310ifc.dll
2007-09-13 13:11 <DIR> d-------- C:\Program Files\MARS
2007-09-09 17:03 <DIR> d-------- C:\Program Files\Investintech.com Inc
2007-09-09 14:24 204,848 --a------ C:\WINDOWS\system32\gswin32c.exe
2007-09-09 14:24 196,608 --a------ C:\WINDOWS\system32\Utility.dll
2007-09-09 14:24 <DIR> d-------- C:\WINDOWS\system32\gs
2007-08-28 12:41 <DIR> d-------- C:\Program Files\All2Txt
2007-08-28 12:28 360,580 --a------ C:\WINDOWS\eSellerateEngine.dll
2007-08-28 12:28 132 --ah----- C:\DOCUME~1\TROPIC~1\APPLIC~1\brara1985.sys
2007-08-27 10:43 <DIR> d-------- C:\Program Files\Autodesk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-09-27 12:06 --------- d-------- C:\Program Files\Lexmark X1100 Series
2007-09-24 00:05 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-23 22:45 --------- d-------- C:\Program Files\LimeWire
2007-09-22 15:01 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-09-22 13:36 --------- d-------- C:\DOCUME~1\TROPIC~1\APPLIC~1\AdobeUM
2007-09-21 18:11 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-21 16:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
2007-08-28 02:30 --------- d-------- C:\Program Files\Azureus
2007-08-28 02:30 --------- d-------- C:\DOCUME~1\TROPIC~1\APPLIC~1\Azureus
2007-08-27 10:49 --------- d-------- C:\DOCUME~1\TROPIC~1\APPLIC~1\Autodesk
2007-08-27 10:47 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-08-25 22:12 --------- d-------- C:\Program Files\CADesign
2007-08-25 21:31 --------- d-------- C:\DOCUME~1\TROPIC~1\APPLIC~1\AcroPlot
2007-08-25 21:05 --------- d-------- C:\Program Files\AcroPlot
2007-08-15 03:11 --------- d-------- C:\Program Files\MSXML 6.0
2007-08-08 08:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-05 03:03 --------- d-------- C:\DOCUME~1\TROPIC~1\APPLIC~1\Cogniview
2007-08-05 03:01 --------- d-------- C:\Program Files\CogniView
2007-08-05 03:01 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cogniview
2007-08-05 00:20 --------- d-------- C:\Program Files\Docudesk
2007-08-01 23:09 --------- d-------- C:\Program Files\QuickTime
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2006-11-16 01:42 583393714 --a--c--- C:\Program Files\Motorola_Phone_Tools_v4.uif
2001-11-23 00:08 712704 -ra--c--- C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 08:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 08:43:54]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-11-24 19:16:28]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccayyx]
fccayyx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R0 ppa3;Iomega Parallel Port Legacy Filter Driver;C:\WINDOWS\system32\DRIVERS\ppa3.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viam raid.sys
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe"
S3 DIGIRPS;Digi PortServer Driver;C:\WINDOWS\system32\DRIVERS\digirlpt.sys
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-24 23:57:16 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-09-24 23:57:14 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-27 14:21:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-09-27 14:29:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-27 14:29
.
--- E O F ---

Descarga CCleaner v1.4 y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Una vez que este termine de limpiar todo, actualiza "Java", hace una Desfragmentación del disco con la opción de Windows y pasa por www.windowsupdate.com para descargar todos los parches disponibles (si tu sistema lo permite)

• Descarga y ejecuta la utilidad Advanced WindowsCare, para reparar y optimizar a fondo tu PC.

Reinicia y nos contas los resultados.

Salu2

Articulo de interés: "Eliminar lentitud en Windows"

Saludos y muchas gracias

Mejoro bastante, todavia la encuentro algo lenta, estoy bajando lo que me recomendaste y te dejo saber.
Tuve que bajar el IE nuevamente, dado que me habia cambiado la version.

Le dejo saber el analisis tan pronto utilize los programas.

CRivera