Bueno les dejo mi log, para que lo analicen porfavor; cuando estoy navegando todo corre mas lento de lo habitual.
Además tengo en la parte de programas una cosas que no puedo desinstalar, quizas uds puedan verlas y ayudarme sobre este tema.

Home search assistent es una de ellas.
Shopping wizard, la otra.
Muchas Gracias.
Saludos a todos.

Aca va el log:

Logfile of HijackThis v1.99.1
Scan saved at 03:35:27 a.m., on 08/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SiS630_V1.01\utility\khooker.exe
C:\WINNT\system32\internat.exe
C:\Documents and Settings\Gmantenimiento\My Documents\My eBooks\VER\HJT\HijackThis[www.trucoswindows.net].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\ricqv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ricqv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ricqv.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ricqv.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.208.100:3128
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {6D54233B-ABE2-E7E4-AE32-43397BACA2EF} - C:\WINNT\system32\appts32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [\\PRINTERCOMMBASE\EPSON Stylus C63 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P41 "\\PRINTERCOMMBASE\EPSON Stylus C63 Series" /O5 "LPT1:" /M "Stylus C63"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [\\EMMANUEL\EPSON Stylus C63 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P34 "\\EMMANUEL\EPSON Stylus C63 Series" /O5 "LPT1:" /M "Stylus C63"
O4 - HKLM\..\Run: [khooker] C:\Program Files\SiS630_V1.01\utility\khooker.exe
O4 - HKLM\..\Run: [sdkbg32.exe] C:\WINNT\system32\sdkbg32.exe
O4 - HKLM\..\Run: [mfcmi32.exe] C:\WINNT\system32\mfcmi32.exe
O4 - HKLM\..\Run: [crca32.exe] C:\WINNT\crca32.exe
O4 - HKLM\..\Run: [sysxa.exe] C:\WINNT\system32\sysxa.exe
O4 - HKLM\..\Run: [ipch.exe] C:\WINNT\ipch.exe
O4 - HKLM\..\Run: [ipac32.exe] C:\WINNT\system32\ipac32.exe
O4 - HKLM\..\Run: [nettb32.exe] C:\WINNT\system32\nettb32.exe
O4 - HKLM\..\Run: [netty32.exe] C:\WINNT\system32\netty32.exe
O4 - HKLM\..\Run: [atlbh32.exe] C:\WINNT\atlbh32.exe
O4 - HKLM\..\RunOnce: [iekm.exe] C:\WINNT\iekm.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\DOCUME~1\GMANTE~1\MYDOCU~1\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\DOCUME~1\GMANTE~1\MYDOCU~1\MESSEN~1\YPager.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://63.102.226.240:8000/Java/cfs40320.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Games Voice Chat - http://presence.games.yahoo.com/yog/y/va1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! JAPAN Billiards - http://yog38.games.mci.yahoo.co.jp/yog/yj/pot3_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://yog69.games.scd.yahoo.com/yog/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: Yahoo! Sheepshead - http://download.games.yahoo.com/games/clients/y/dt0_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download...MARKETING32.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.mapasgeo.com.ar/plugins/mgaxctrl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://www.gxplugin.com/loader/dll/gxbplug.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9357BD1-5D15-4EC3-A2A4-F377D1B7E602}: NameServer = 192.168.208.3,200.58.26.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = megatran.com.ar
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = megatran.com.ar
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = megatran.com.ar
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)

Baja estos programas :

About Buster:
http://www.besttechie.net/tools/AboutBuster5.zip
Actualízalo, no lo corras todavía
disk cleaner

http://www.trucoswindows.net/downloadview-details-110-Disk_Cleaner_1.5.5.html

AdAware Se 1.06 :

http://www.trucoswindows.net/detalles-59-a...rsonal_106.html
Actualízalo al 31/08/05, no lo corras todavía

ewido security suite:
http://www.ewido.net/en/download/
Actualizarlo acá :(no lo corras todavía)
http://www.ewido.net/en/download/updates/

Imprime o copia estas indicaciones!!!

Si no sabes cómo hacer algunos de los procedimientos mira esto:
http://www.trucoswindows.net/foro/showtopic-25181.html

Esto es muy importante :

Antes que nada guarda el Hijack en su propia carpeta por ej: C>Limpiar>Hijack

Desconéctate físicamente de Internet (cables,ADSL, o Dial Up modem a tu PC )
Reinicia en Modo seguro o A prueba de Fallos
Haz que se vean todos los archivos.
Cierra todas las aplicaciones

Ejecuta el About Buster
si te pide hacer dos limpiezas déjalo
al final te tirará un log

Ahora lanza el Hijack
Busca “Open the Misc Tools Section"
Selecciona "Open process manager"
Busca los siguientes procesos:

sdkbg32.exe
mfcmi32.exe
crca32.exe
sysxa.exe
ipch.exe
ipac32.exe
nettb32.exe
netty32.exe
atlbh32.exe
iekm.exe

Y uno a uno termina estos procesos clickeando "Kill process" y “Yes”
Cuando terminas con todos clickea "Back"
Scan y luego Fix a estas:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\ricqv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ricqv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ricqv.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ricqv.dll/sp.html#37049
O2 - BHO: Class - {6D54233B-ABE2-E7E4-AE32-43397BACA2EF} - C:\WINNT\system32\appts32.dll
O4 - HKLM\..\Run: [sdkbg32.exe] C:\WINNT\system32\sdkbg32.exe
O4 - HKLM\..\Run: [mfcmi32.exe] C:\WINNT\system32\mfcmi32.exe
O4 - HKLM\..\Run: [crca32.exe] C:\WINNT\crca32.exe
O4 - HKLM\..\Run: [sysxa.exe] C:\WINNT\system32\sysxa.exe
O4 - HKLM\..\Run: [ipch.exe] C:\WINNT\ipch.exe
O4 - HKLM\..\Run: [ipac32.exe] C:\WINNT\system32\ipac32.exe
O4 - HKLM\..\Run: [nettb32.exe] C:\WINNT\system32\nettb32.exe
O4 - HKLM\..\Run: [netty32.exe] C:\WINNT\system32\netty32.exe
O4 - HKLM\..\Run: [atlbh32.exe] C:\WINNT\atlbh32.exe
O4 - HKLM\..\RunOnce: [iekm.exe] C:\WINNT\iekm.exe
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download...MARKETING32.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.mapasgeo.com.ar/plugins/mgaxctrl.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://www.gxplugin.com/loader/dll/gxbplug.dll

Cierra el Hijack.
Busca estos archivos y los eliminas:

C:\WINNT\system32\appts32.dll
C:\WINNT\system32\ricqv.dll
C:\WINNT\system32\sdkbg32.exe
C:\WINNT\system32\mfcmi32.exe
C:\WINNT\crca32.exe
C:\WINNT\system32\sysxa.exe
C:\WINNT\ipch.exe
C:\WINNT\system32\ipac32.exe
C:\WINNT\system32\nettb32.exe
C:\WINNT\system32\netty32.exe
C:\WINNT\atlbh32.exe
C:\WINNT\iekm.exe

Borra con el Disk Cleaner :Archivos Temp. de Internet,Temp. de Sistema,cookies,historial , etc.
Vacía la Papelera
Lanza el AdAware Se 1.06 actualizado al 31/08/05
Ejecuta el Ewido, pero antes configúralo así:
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• Launch ewido, there should be a big E icon on your desktop, double-click it.
• The program will prompt you to update click the OK button
• The program will now go to the main screen
You will need to update ewido to the latest definition files.
• On the left hand side of the main screen click update
• Click on Start
The update will start and a progress bar will show the updates being installed.

Once the updates are installed do the following:
• Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run Ewido.
• Click on scanner
• Make sure the following boxes are checked before scanning:
o Binder
o Crypter
o Archives
• Click on Start Scan
• Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report
• Save the report to your desktop

Reinicia normal, conecta Internet y pega un nuevo log del hijack, el log del About Buster y el reporte del Ewido
Salu2
Caito