Utilice lo siguiente:
*11 pasos para una buena eliminacion (x2)
*MSNCleaner
*Panda Anti-Rootkit
*ATF-Cleaner

*Antivirus online no detectan nada

El problema es:
*Firewall de windows desactivado
*Antivirus no escanea
*Sistema demasiado lento
*Internet no carga las paginas
*Acceso a carpetas a veces es denegado

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:31, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM1 2.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_ansi.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM1 2.EXE

--
End of file - 11078 bytes

Hola Mirjeshua, te doy la bienvenida al Foro de InfoSpyware.

Tu log de HijackThis esta libre de Malwares por lo que sugiero realizar lo siguiente:

Descarga, actualiza y ejecuta el programa:

• SUPERAntiSpyware

Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Salu2

Ok de antemano gracias por la ayuda y disculpa la demora realice lo que me indicaste aunque entraron a la computadora y desinstalaron el antivirus aun asi lo hice este es el reporte pero ahora no puedo intalar ningun antivirus dice que se provoco un error y que para continuar debo reiniciar, el firewall ya se activo en fin espero me indiques que puedo hacer.

ComboFix 08-02-25.3 - HP_Administrator 2008-02-27 11:27:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.366 [GMT -6:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-25 20:29 . 2008-02-25 20:29 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ATI
2008-02-25 20:29 . 2008-02-25 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-02-25 20:29 . 2008-02-25 20:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-25 20:25 . 2008-01-22 14:42 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-02-25 20:02 . 2008-02-25 20:02 <DIR> d-------- C:\WINDOWS\Performance
2008-02-25 20:01 . 2008-02-25 20:01 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-02-25 20:01 . 2008-02-25 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-02-24 19:37 . 2008-02-27 10:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-24 19:37 . 2008-02-24 19:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-22 15:02 . 2008-02-22 15:02 <DIR> d-------- C:\Program Files\iTunes
2008-02-22 15:02 . 2008-02-22 15:02 <DIR> d-------- C:\Program Files\iPod
2008-02-21 18:05 . 2008-02-21 18:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-21 17:06 . 2008-02-21 17:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-20 19:30 . 2008-02-20 19:55 <DIR> d-------- C:\Program Files\3D Live Pool
2008-02-20 17:37 . 2008-02-20 17:38 <DIR> d-------- C:\Program Files\Project64 v1.5
2008-02-19 11:13 . 2008-02-19 11:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-18 13:12 . 2008-02-18 13:12 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-15 09:06 . 2008-02-26 15:42 <DIR> d-------- C:\Program Files\Panda Security
2008-02-11 12:04 . 2008-02-11 12:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\PCF-VLC
2008-02-07 19:01 . 2008-02-07 19:01 <DIR> d-------- C:\PC-Sync
2008-02-07 18:21 . 2008-02-07 18:57 <DIR> d-------- C:\Program Files\PC Sync Manager
2008-02-06 11:01 . 2008-02-21 07:07 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-06 11:01 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-06 10:53 . 2008-02-27 10:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-06 10:53 . 2008-02-06 10:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 10:53 . 2008-02-06 10:53 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-02-06 10:53 . 2008-02-06 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-06 10:52 . 2008-02-06 10:52 744,853 --a------ C:\PAVARK.exe
2008-02-05 13:07 . 2008-02-05 13:09 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-01 20:14 . 2008-02-01 20:14 <DIR> d-------- C:\MSNCleaner
2008-02-01 14:42 . 2008-02-01 14:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Printer Info Cache
2008-02-01 14:42 . 2008-02-01 14:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Image Zone Express
2008-02-01 11:17 . 2008-02-01 11:17 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
2008-02-01 10:56 . 2008-02-27 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-01 10:13 . 2008-02-01 10:13 <DIR> d-------- C:\IniRem 2.0.3
2008-02-01 10:02 . 2008-02-01 10:02 <DIR> d-------- C:\WinsockxpFix
2008-02-01 09:14 . 2008-02-01 09:12 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-01 09:14 . 2008-02-01 09:14 3,463 --a------ C:\WINDOWS\unins000.dat
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-31 22:04 . 2008-02-01 10:23 37 --a------ C:\WINDOWS\˜L
2008-01-31 15:30 . 2008-01-31 15:30 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-31 15:30 . 2008-01-31 15:30 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-30 17:34 . 2008-01-30 17:34 <DIR> d-------- C:\Program Files\CCleaner
2008-01-29 10:42 . 2008-01-29 10:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Template
2008-01-29 10:40 . 2008-01-29 10:40 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2008-01-29 10:34 . 2005-03-22 06:48 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-01-29 10:34 . 2007-01-19 11:46 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-01-29 10:34 . 2005-10-14 22:42 46,592 --a------ C:\WINDOWS\system32\hpzll43a.dll
2008-01-29 10:34 . 2007-01-19 11:46 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-01-29 10:34 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-29 10:34 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-29 10:31 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-29 10:31 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-29 10:27 . 2008-01-29 10:39 110,601 --a------ C:\WINDOWS\hpoins08.dat
2008-01-29 10:27 . 2006-01-24 00:15 7,577 --------- C:\WINDOWS\hpomdl08.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-27 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 15:56 --------- d-----w C:\Program Files\Windows Live
2008-02-26 02:27 --------- d-----w C:\Program Files\ATI Technologies
2008-02-23 01:44 --------- d-----w C:\Program Files\Bonjour
2008-02-23 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-22 21:00 --------- d-----w C:\Program Files\QT Lite
2008-02-20 14:16 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\.purple
2008-02-11 18:57 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2008-02-11 18:16 --------- d-----w C:\Program Files\Java
2008-02-11 18:10 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-11 18:10 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-02-11 18:02 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe
2008-02-11 18:02 118,784 ----a-w C:\WINDOWS\GREUninstall.exe
2008-02-11 17:58 --------- d-----w C:\Program Files\Songbird
2008-02-11 17:52 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-02-09 00:46 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Winamp
2008-02-06 00:34 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2
2008-02-01 23:24 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-01 22:50 --------- d-----w C:\Program Files\HP
2008-02-01 15:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-01 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-31 01:27 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-30 01:47 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-01-25 00:45 --------- d-----w C:\Program Files\Microsoft Student
2008-01-25 00:41 --------- d-----w C:\Program Files\Learning Essentials
2008-01-24 18:45 --------- d-----w C:\Program Files\Badongo
2008-01-24 05:26 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\TuneUp Software
2008-01-23 17:37 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-23 17:21 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:04 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-01-22 19:58 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-01-21 21:13 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\gtk-2.0
2008-01-21 00:29 --------- d-----w C:\Program Files\Unlocker
2008-01-21 00:07 --------- d-----w C:\Program Files\QuickSFV
2008-01-20 23:50 --------- d-----w C:\Program Files\Hacha
2008-01-20 23:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-20 22:56 --------- d-----w C:\Program Files\Microsoft Expression
2008-01-20 22:53 --------- d-----w C:\Program Files\MSECache
2008-01-20 22:46 --------- d-----w C:\Program Files\NAUTA
2008-01-20 22:45 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-20 22:32 --------- d-----w C:\Program Files\MSBuild
2008-01-20 22:32 --------- d-----w C:\Program Files\Microsoft Works
2008-01-20 22:31 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-20 21:48 --------- d-----w C:\Program Files\LimeWire
2008-01-20 21:32 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Wormux
2008-01-20 21:31 --------- d-----w C:\Program Files\Wormux
2008-01-20 20:45 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2008-01-20 20:23 --------- d-----w C:\Program Files\Google
2008-01-20 20:16 --------- d-----w C:\Program Files\Participatory Culture Foundation
2008-01-20 20:14 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-20 20:07 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Participatory Culture Foundation
2008-01-20 20:06 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-20 20:02 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-01-20 19:36 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\K-Meleon
2008-01-20 19:35 --------- d-----w C:\Program Files\K-Meleon
2008-01-20 19:31 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Thunderbird
2008-01-20 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-01-20 19:27 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Songbird1
2008-01-20 19:24 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-20 19:21 --------- d-----w C:\Program Files\Nvu
2008-01-20 19:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Nvu
2008-01-20 19:20 --------- d-----w C:\Program Files\mozilla.org
2008-01-20 19:20 --------- d-----w C:\Program Files\Common Files\mozilla.org
2008-01-20 19:16 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2008-01-20 19:14 --------- d-----w C:\Program Files\Pidgin
2008-01-20 19:14 --------- d-----w C:\Program Files\Common Files\GTK
2008-01-20 19:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\FileZilla
2008-01-20 19:09 --------- d-----w C:\Program Files\WinSCP
2008-01-20 19:06 --------- d-----w C:\Program Files\FileZilla Client
2008-01-20 18:55 --------- d-----w C:\Program Files\Inkscape
2008-01-20 18:55 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Inkscape
2008-01-20 18:52 --------- d-----w C:\Program Files\Scribus 1.3.3.9
2008-01-20 18:49 --------- d-----w C:\Program Files\Dia
2008-01-20 18:48 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_78.exe
2008-01-20 18:48 15,094 ----a-w C:\Program Files\settings.dat
2008-01-20 18:48 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-01-20 18:48 --------- d-----w C:\Program Files\PDFCreator
2008-01-20 18:27 --------- d-----w C:\Program Files\AbiSuite2
2008-01-20 18:18 --------- d-----w C:\Program Files\Azemp
2008-01-20 18:14 --------- d-----w C:\Program Files\aMSN
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 22:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 15:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 00:19 77312 C:\WINDOWS\arpwrmsg.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 00:35 49152]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 17:18 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-11 18:13 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 03:57 16855552 C:\WINDOWS\RTHDCPL.EXE]
"PCDrProfiler"="" []
"QuickTime Task"="C:\Program Files\QT Lite\QTTask.exe" [2008-01-31 23:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 17:40:44 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys [2004-06-29 14:25]
R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpi osys.sys [2004-11-30 12:10]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{374ae56a-cec1-11dc-adbe-0016ec9f4251}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 23:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-22 20:34:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 11:30:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-27 11:30:42
ComboFix-quarantined-files.txt 2008-02-27 17:30:39
.
2008-02-27 15:57:11 --- E O F ---

Hola, Te pido disculpa por la demora pero eh estado unos días en conferencias de trabajo y no eh tenido mucho tiempo para conectarme al foro.

Si tu equipo todavía presenta problemas que no hayas podido resolver, si quieres podemos continuar el tema a partir del dia lunes, por lo que solo me tienes que confirmar, ok.

Salu2

Ok no te preocupes puesto que es cansado una jornada laboral y posteriormente regresar a casa y continuar en el foro.
Si me interesa bastante continuar con el tema ya que no puedo intalar ningun antivirus por lo tanto no hago uso del navegador para evitar infecciones molestas, el funcionamiento del equipo mejoro bastante al seguir lo que me indicaste asi que gracias pero por el momento estare fuera de mi domicilio por una semana te parece si continuamos la semana entrante, no se si seria conveniente cerrar este tema y abrir otro y en que seccion del foro espero tu respuesta.

Hola, muy bien, descarga la versión del día de hoy de ComboFix del link de arriba y nos volves a dejar un reporte de este.

Salu2

ComboFix 08-03-07.3 - HP_Administrator 2008-03-07 14:54:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.469 [GMT -6:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.

2008-03-07 14:48 . 2008-03-07 14:48 <DIR> d-------- C:\ComboFix(2)
2008-03-07 14:27 . 2008-03-07 14:27 244 --ah----- C:\sqmnoopt11.sqm
2008-03-07 14:27 . 2008-03-07 14:27 232 --ah----- C:\sqmdata11.sqm
2008-03-07 14:16 . 2008-03-07 14:16 244 --ah----- C:\sqmnoopt10.sqm
2008-03-07 14:16 . 2008-03-07 14:16 232 --ah----- C:\sqmdata10.sqm
2008-03-07 14:15 . 2008-03-07 14:15 244 --ah----- C:\sqmnoopt09.sqm
2008-03-07 14:15 . 2008-03-07 14:15 232 --ah----- C:\sqmdata09.sqm
2008-03-07 14:09 . 2008-03-07 14:09 244 --ah----- C:\sqmnoopt08.sqm
2008-03-07 14:09 . 2008-03-07 14:09 232 --ah----- C:\sqmdata08.sqm
2008-03-06 10:23 . 2008-03-06 10:23 244 --ah----- C:\sqmnoopt07.sqm
2008-03-06 10:23 . 2008-03-06 10:23 244 --ah----- C:\sqmnoopt06.sqm
2008-03-06 10:23 . 2008-03-06 10:23 232 --ah----- C:\sqmdata07.sqm
2008-03-06 10:23 . 2008-03-06 10:23 232 --ah----- C:\sqmdata06.sqm
2008-03-06 10:22 . 2008-03-06 10:22 244 --ah----- C:\sqmnoopt05.sqm
2008-03-06 10:22 . 2008-03-06 10:22 244 --ah----- C:\sqmnoopt04.sqm
2008-03-06 10:22 . 2008-03-06 10:22 232 --ah----- C:\sqmdata05.sqm
2008-03-06 10:22 . 2008-03-06 10:22 232 --ah----- C:\sqmdata04.sqm
2008-03-06 10:21 . 2008-03-06 10:21 244 --ah----- C:\sqmnoopt03.sqm
2008-03-06 10:21 . 2008-03-06 10:21 244 --ah----- C:\sqmnoopt02.sqm
2008-03-06 10:21 . 2008-03-06 10:21 244 --ah----- C:\sqmnoopt01.sqm
2008-03-06 10:21 . 2008-03-06 10:21 232 --ah----- C:\sqmdata03.sqm
2008-03-06 10:21 . 2008-03-06 10:21 232 --ah----- C:\sqmdata02.sqm
2008-03-06 10:21 . 2008-03-06 10:21 232 --ah----- C:\sqmdata01.sqm
2008-03-06 10:20 . 2008-03-06 10:20 244 --ah----- C:\sqmnoopt00.sqm
2008-03-06 10:20 . 2008-03-06 10:20 232 --ah----- C:\sqmdata00.sqm
2008-03-04 19:00 . 2008-03-07 14:09 37 --a------ C:\WINDOWS\ !Ï
2008-03-04 18:28 . 2008-03-04 19:06 <DIR> d-------- C:\WINDOWS\system32\PAV
2008-03-04 18:28 . 2008-03-04 18:28 <DIR> d-------- C:\Program Files\Prodigy Antivirus
2008-03-04 18:28 . 2007-01-23 18:49 71,680 --------- C:\WINDOWS\system32\drivers\PAVDRV51.SYS
2008-03-04 18:28 . 2006-05-02 09:40 49,152 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-03-04 18:28 . 2006-07-14 13:46 45,056 --a------ C:\WINDOWS\system32\avldr.dll
2008-03-04 18:28 . 2008-03-04 18:28 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-03-04 18:12 . 2008-03-04 18:12 37 --a------ C:\WINDOWS\ø'�
2008-02-28 21:52 . 2008-02-28 21:59 110,548 --a------ C:\WINDOWS\hpoins08.dat
2008-02-28 21:52 . 2006-01-24 00:15 7,577 --------- C:\WINDOWS\hpomdl08.dat
2008-02-25 20:29 . 2008-02-25 20:29 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ATI
2008-02-25 20:29 . 2008-02-25 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-02-25 20:29 . 2008-02-25 20:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-25 20:25 . 2008-01-22 14:42 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-02-25 20:02 . 2008-02-25 20:02 <DIR> d-------- C:\WINDOWS\Performance
2008-02-25 20:01 . 2008-02-25 20:01 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-02-25 20:01 . 2008-02-25 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-02-24 19:37 . 2008-03-07 14:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-24 19:37 . 2008-02-24 19:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-22 15:02 . 2008-02-22 15:02 <DIR> d-------- C:\Program Files\iTunes
2008-02-22 15:02 . 2008-02-22 15:02 <DIR> d-------- C:\Program Files\iPod
2008-02-21 18:05 . 2008-02-21 18:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-21 17:06 . 2008-02-21 17:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-20 19:30 . 2008-02-20 19:55 <DIR> d-------- C:\Program Files\3D Live Pool
2008-02-20 17:37 . 2008-02-20 17:38 <DIR> d-------- C:\Program Files\Project64 v1.5
2008-02-19 11:13 . 2008-02-19 11:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-18 13:12 . 2008-02-18 13:12 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-15 09:06 . 2008-02-26 15:42 <DIR> d-------- C:\Program Files\Panda Security
2008-02-11 12:04 . 2008-02-11 12:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\PCF-VLC
2008-02-07 19:01 . 2008-02-07 19:01 <DIR> d-------- C:\PC-Sync
2008-02-07 18:21 . 2008-02-07 18:57 <DIR> d-------- C:\Program Files\PC Sync Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-05 00:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-27 16:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-27 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-27 15:56 --------- d-----w C:\Program Files\Windows Live
2008-02-26 02:27 --------- d-----w C:\Program Files\ATI Technologies
2008-02-23 01:44 --------- d-----w C:\Program Files\Bonjour
2008-02-22 21:00 --------- d-----w C:\Program Files\QT Lite
2008-02-21 13:07 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-20 14:16 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\.purple
2008-02-11 18:57 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2008-02-11 18:16 --------- d-----w C:\Program Files\Java
2008-02-11 18:10 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-11 18:10 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-02-11 18:02 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe
2008-02-11 18:02 118,784 ----a-w C:\WINDOWS\GREUninstall.exe
2008-02-11 17:58 --------- d-----w C:\Program Files\Songbird
2008-02-11 17:52 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-02-09 00:46 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Winamp
2008-02-06 16:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 16:53 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-02-06 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-06 16:52 744,853 ----a-w C:\PAVARK.exe
2008-02-06 00:34 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2
2008-02-01 23:24 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-01 22:50 --------- d-----w C:\Program Files\HP
2008-02-01 20:42 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Printer Info Cache
2008-02-01 20:42 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Image Zone Express
2008-02-01 17:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-02-01 15:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-01 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 15:12 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-01-31 01:27 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-30 23:34 --------- d-----w C:\Program Files\CCleaner
2008-01-30 01:47 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-01-29 16:42 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Template
2008-01-29 16:40 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\HP
2008-01-25 00:45 --------- d-----w C:\Program Files\Microsoft Student
2008-01-25 00:41 --------- d-----w C:\Program Files\Learning Essentials
2008-01-24 18:45 --------- d-----w C:\Program Files\Badongo
2008-01-24 05:26 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\TuneUp Software
2008-01-23 17:37 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-23 17:21 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:04 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-01-22 19:58 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-01-21 21:13 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\gtk-2.0
2008-01-21 00:29 --------- d-----w C:\Program Files\Unlocker
2008-01-21 00:07 --------- d-----w C:\Program Files\QuickSFV
2008-01-20 23:50 --------- d-----w C:\Program Files\Hacha
2008-01-20 23:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-20 22:56 --------- d-----w C:\Program Files\Microsoft Expression
2008-01-20 22:53 --------- d-----w C:\Program Files\MSECache
2008-01-20 22:46 --------- d-----w C:\Program Files\NAUTA
2008-01-20 22:45 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-20 22:32 --------- d-----w C:\Program Files\MSBuild
2008-01-20 22:32 --------- d-----w C:\Program Files\Microsoft Works
2008-01-20 22:31 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-20 21:48 --------- d-----w C:\Program Files\LimeWire
2008-01-20 21:32 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Wormux
2008-01-20 21:31 --------- d-----w C:\Program Files\Wormux
2008-01-20 20:45 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2008-01-20 20:23 --------- d-----w C:\Program Files\Google
2008-01-20 20:16 --------- d-----w C:\Program Files\Participatory Culture Foundation
2008-01-20 20:14 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-20 20:07 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Participatory Culture Foundation
2008-01-20 20:06 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-20 20:02 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-01-20 19:36 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\K-Meleon
2008-01-20 19:35 --------- d-----w C:\Program Files\K-Meleon
2008-01-20 19:31 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Thunderbird
2008-01-20 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-01-20 19:27 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Songbird1
2008-01-20 19:24 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-20 19:21 --------- d-----w C:\Program Files\Nvu
2008-01-20 19:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Nvu
2008-01-20 19:20 --------- d-----w C:\Program Files\mozilla.org
2008-01-20 19:20 --------- d-----w C:\Program Files\Common Files\mozilla.org
2008-01-20 19:16 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2008-01-20 19:14 --------- d-----w C:\Program Files\Pidgin
2008-01-20 19:14 --------- d-----w C:\Program Files\Common Files\GTK
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 22:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 15:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 00:19 77312 C:\WINDOWS\arpwrmsg.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 00:35 49152]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 17:18 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-11 18:13 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 03:57 16855552 C:\WINDOWS\RTHDCPL.EXE]
"PCDrProfiler"="" []
"QuickTime Task"="C:\Program Files\QT Lite\QTTask.exe" [2008-01-31 23:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"APVXDWIN"="C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\APVXDWIN.exe" [2007-01-25 18:50 321072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 17:40:44 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2006-07-14 13:46 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Spanish\\setup.exe"=
"C:\\Program Files\\3D Live Pool\\3D Live Pool.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys [2004-06-29 14:25]
R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpi osys.sys [2004-11-30 12:10]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{374ae56a-cec1-11dc-adbe-0016ec9f4251}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 23:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-29 20:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 14:58:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-03-07 14:59:07
ComboFix-quarantined-files.txt 2008-03-07 20:59:03
ComboFix2.txt 2008-02-27 17:30:42
.
2008-02-27 15:57:11 --- E O F ---

Hola, en tu log parece estar trabajando todo bien y te recomiendo mirar en este tema y utilizar las herramientas:

Flash_Disinfected y RegUnlocker.

Salu2