Hi Judy. I ran both MBA-M and Combofix. Logs are posted below. Not sure, but the programs have appeared to remedy the problem my nephew was having with CID popups and generally slow computer performance. With regards to Combofix, I was unable to completely disable Mcafee's antivirus program, even by turning off the applicable services using services.msc from Start/Run. If you feel that step was absolutely critical, I can uninstall Mcafee entirely and try running Combofix again.

Thanks for all your help!

Malwarebytes' Anti-Malware 1.28
Database version: 1180
Windows 5.1.2600 Service Pack 2

20/09/2008 15:31:46
mbam-log-2008-09-20 (15-31-46).txt

Scan type: Full Scan (H:\|)
Objects scanned: 187212
Time elapsed: 1 hour(s), 24 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 4
Registry Data Items Infected: 19
Folders Infected: 14
Files Infected: 39

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sssinstaller.installer (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{74278296-0ec7-4f7a-ad55-eb7a2f35f311} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0fbc3efb-fc98-4b32-bf10-bde9aa4dea5a} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a4b7d17-1de9-4c14-8adf-eb4c07060519} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abf441b2-9b57-4838-96a0-34b1cecd4aa5} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.installer.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.sinstaller (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.sinstaller.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SSSInstaller (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdhvx.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.195 85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{00a9e119-e86b-4062-95cf-c8227abf0d3c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0fbc26cf-7c73-43c7-b7b7-b126a15b5d13}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{717d3973-88b6-4782-9931-7708198751eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f61f93f9-f7b8-4a87-8e31-56e6f9e83de6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f61f93f9-f7b8-4a87-8e31-56e6f9e83de6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.195 85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{00a9e119-e86b-4062-95cf-c8227abf0d3c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0fbc26cf-7c73-43c7-b7b7-b126a15b5d13}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{717d3973-88b6-4782-9931-7708198751eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f61f93f9-f7b8-4a87-8e31-56e6f9e83de6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f61f93f9-f7b8-4a87-8e31-56e6f9e83de6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.195 85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{00a9e119-e86b-4062-95cf-c8227abf0d3c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0fbc26cf-7c73-43c7-b7b7-b126a15b5d13}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{717d3973-88b6-4782-9931-7708198751eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f61f93f9-f7b8-4a87-8e31-56e6f9e83de6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f61f93f9-f7b8-4a87-8e31-56e6f9e83de6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.195,85.255.112.96 -> Quarantined and deleted successfully.

Folders Infected:
H:\Documents and Settings\All Users\Datos de programa\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\contexts (Adware.Starware) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\ActiveDesktop (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\ActiveDesktop\bin (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\SSSInstaller (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\SSSInstaller\bin (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\SSSInstaller\Ready (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\SSSInstaller\temp (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\SSSInstaller\Upload (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
H:\Archivos de programa\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully.
H:\Archivos de programa\Ares Gold\Data (Adware.WhenUSave) -> Quarantined and deleted successfully.

Files Infected:
H:\WINDOWS\system32\kdhvx.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
H:\Archivos de programa\Screensavers.com\SSSInstaller\bin\SSSInstaller.dll (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\SSSInstaller\bin\sinstaller3.exe (Adware.Comet) -> Quarantined and deleted successfully.
H:\Documents and Settings\papote\Configuración local\Temp\tmp38.tmp (Trojan.Clicker) -> Quarantined and deleted successfully.
H:\Documents and Settings\user\Configuración local\Temp\bit2.exe (Adware.Agent) -> Quarantined and deleted successfully.
H:\Documents and Settings\user\Configuración local\Temp\bitcoll.dll (Adware.Agent) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{C9201CCA-C68F-4092-A78D-D026CCB7DACB}\RP385\A0037570.exe (Adware.Comet) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\screensaver.bmp (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully.
H:\Documents and Settings\All Users\Datos de programa\Starware316\contexts\travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\SSSUninst.exe (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\SSSInstaller\temp\dm69.tmp (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\SSSInstaller\temp\dm6B.tmp (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\SSSInstaller\temp\dm6D.tmp (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Screensavers.com\SSSInstaller\temp\dm6D.tmp.di (Adware.Comet) -> Quarantined and deleted successfully.
H:\Archivos de programa\Ares Gold\Data\cache.net (Adware.WhenUSave) -> Quarantined and deleted successfully.
H:\Archivos de programa\Ares Gold\Data\MyMedia.edb (Adware.WhenUSave) -> Quarantined and deleted successfully.
H:\Archivos de programa\Ares Gold\Data\searchkeys.dat (Adware.WhenUSave) -> Quarantined and deleted successfully.
H:\Archivos de programa\Ares Gold\Data\ultracache.net (Adware.WhenUSave) -> Quarantined and deleted successfully.
H:\Archivos de programa\Ares Gold\Data\webcache.net (Adware.WhenUSave) -> Quarantined and deleted successfully.
H:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

ComboFix 08-09-19.09 - user 2008-09-20 16:08:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.631 [GMT 2:00]
Se ejecuta desde: H:\Documents and Settings\user\Escritorio\ComboFix.exe
* Creado un nuevo punto de restauración
* Resident AV is active


ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
H:\Documents and Settings\papote\Cookies\papote@metacafe[2].txt
H:\Documents and Settings\user\Configuración local\Datos de programa\iqecsiw.dat
H:\Documents and Settings\user\Configuración local\Datos de programa\iqecsiw.exe
H:\Documents and Settings\user\Configuración local\Datos de programa\iqecsiw_nav.dat
H:\Documents and Settings\user\Configuración local\Datos de programa\iqecsiw_navps.dat
H:\Documents and Settings\user\Configuración local\Datos de programa\iqecsiw_navup.dat
H:\Documents and Settings\user\Cookies\user@ehg-dig.hitbox[2].txt
H:\Documents and Settings\user\Cookies\user@t.ifilm[1].txt
H:\Documents and Settings\user\Favoritos\Videos.url
H:\Documents and Settings\user\Menú Inicio\Programas\Videos.url
H:\WINDOWS\system32\uninstall.exe

.
(((((((((((((((((( Archivos creados desde 2008-08-20 - 2008-09-20 )))))))))))))))))))))))))))))))))
.

2008-09-20 12:53 . 2008-09-20 12:53 <DIR> d-------- H:\Archivos de programa\NETGEAR
2008-09-20 12:53 . 2004-04-18 16:43 651,264 --a------ H:\WINDOWS\system32\libeay32.dll
2008-09-20 12:53 . 2005-09-26 16:02 362,944 --a------ H:\WINDOWS\system32\drivers\WPN111.sys
2008-09-20 12:53 . 2005-07-27 21:15 149,392 --a------ H:\WINDOWS\system32\drivers\ar5523.bin
2008-09-20 12:53 . 2004-04-18 16:43 147,456 --a------ H:\WINDOWS\system32\ssleay32.dll
2008-09-20 12:53 . 2003-07-24 12:10 94,208 --a------ H:\WINDOWS\system32\DNIN50.dll
2008-09-20 12:53 . 2003-07-24 12:10 17,149 --a------ H:\WINDOWS\system32\DNINDIS5.sys
2008-09-20 12:53 . 2003-07-25 13:30 15,941 --a------ H:\WINDOWS\system32\DNINDIS3.VXD
2008-09-20 12:53 . 2005-10-06 11:28 15,819 --a------ H:\WINDOWS\system32\drivers\netwpn11.inf
2008-09-20 12:53 . 2005-10-19 05:03 8,263 --a------ H:\WINDOWS\system32\drivers\WPN111.cat
2008-09-20 12:37 . 2008-09-20 12:37 <DIR> d-------- H:\Documents and Settings\user\Datos de programa\Malwarebytes
2008-09-20 12:37 . 2008-09-10 00:03 17,200 --a------ H:\WINDOWS\system32\drivers\mbam.sys
2008-09-20 12:36 . 2008-09-20 12:36 <DIR> d-------- H:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-09-20 12:36 . 2008-09-20 14:04 <DIR> d-------- H:\Archivos de programa\Malwarebytes' Anti-Malware
2008-09-20 12:36 . 2008-09-10 00:04 38,528 --a------ H:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 15:56 . 2008-09-16 15:56 <DIR> d-------- H:\Archivos de programa\grimfrag
2008-09-12 20:55 . 2008-09-12 20:55 <DIR> d-------- H:\Archivos de programa\VirtualDJ
2008-09-07 16:55 . 2008-09-07 16:55 <DIR> d-------- H:\Archivos de programa\Trend Micro
2008-09-07 16:28 . 2008-09-07 16:38 424 --a------ H:\delete.bat
2008-09-07 16:12 . 2008-09-07 16:12 0 --a------ H:\WINDOWS\nsreg.dat
2008-08-31 21:31 . 2008-08-31 21:31 <DIR> d-------- H:\Archivos de programa\Sun

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 11:21 --------- d-----w H:\Documents and Settings\user\Datos de programa\SiteAdvisor
2008-09-20 10:53 --------- d--h--w H:\Archivos de programa\InstallShield Installation Information
2008-09-17 18:05 --------- d-----w H:\Documents and Settings\m.mar\Datos de programa\grimfrag
2008-09-16 13:56 --------- d-----w H:\Documents and Settings\user\Datos de programa\grimfrag
2008-09-16 13:56 --------- d-----w H:\Documents and Settings\All Users\Datos de programa\Tick Find Close Surf
2008-09-12 18:54 --------- d-----w H:\Archivos de programa\eMule
2008-09-08 11:45 --------- d-----w H:\Documents and Settings\papote\Datos de programa\grimfrag
2008-09-05 15:09 --------- d-----w H:\WINDOWS\system32\config\systemprofile\Datos de programa\SiteAdvisor
2008-08-31 19:56 --------- d-----w H:\Archivos de programa\beon Widgets
2008-08-31 19:31 --------- d-----w H:\Archivos de programa\Java
2008-08-29 13:00 --------- d-----w H:\Archivos de programa\Norton Security Scan
2008-08-29 10:29 --------- d-----w H:\Documents and Settings\LocalService\Datos de programa\SiteAdvisor
2007-08-10 19:33 2,201,356 ----a-w H:\Documents and Settings\user\medal of honor allied assault - mohaa nocd crack v1 11(2).exe
2006-07-18 12:41 1,019,094 --sha-r H:\Archivos de programa\serial.zip
2006-07-18 12:41 1,019,094 --sha-r H:\Archivos de programa\serial.tde
2006-05-28 15:46 397,306 --sha-r H:\Archivos de programa\wunauclt.zip
2006-05-28 15:46 397,306 --sha-r H:\Archivos de programa\wunauclt.tbe
2004-10-01 14:00 40,960 -c--a-w H:\Archivos de programa\Uninstall_CDS.exe
2003-05-10 02:16 1,438 ----a-w H:\Documents and Settings\user\_Unpak.bat
2001-12-27 22:00 100,864 ----a-w H:\Documents and Settings\user\Tecuha.exe
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MsnMsgr"="H:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ares"="H:\Archivos de programa\ARES\Ares.exe" [2007-03-05 947712]
"swg"="H:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"MSMSGS"="H:\Archivos de programa\Messenger\msmsgs.exe" [2004-10-13 1694208]
"junk peak"="H:\DOCUME~1\user\DATOSD~1\grimfrag\TwoEach.exe" [2008-09-16 512512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="H:\Archivos de programa\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"RemoteControl"="H:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="H:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PCSuiteTrayApplication"="H:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"SiteAdvisor"="H:\Archivos de programa\SiteAdvisor\6261\SiteAdv.exe" [2006-07-31 35416]
"Adobe Photo Downloader"="H:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="H:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"close surf mail dupe"="H:\Documents and Settings\All Users\Datos de programa\Tick Find Close Surf\Play Send.exe" [2008-09-20 761344]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 H:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]

H:\Documents and Settings\m.mar\Men£ Inicio\Programas\Inicio\
DesktopEarth AutoStart.lnk - H:\Documents and Settings\user\Datos de programa\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-01-02 29926]

H:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
ECOM Turbo-G Wireless Utility.lnk - H:\Archivos de programa\ECOM\Common\TurboG-UI.exe [2006-12-28 614400]
EPSON Status Monitor 3 Environment Check 2.lnk - H:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-11-14 127488]
NETGEAR WPN111 Smart Wizard.lnk - H:\Archivos de programa\NETGEAR\WPN111\wpn111.exe [2008-09-20 884838]

[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^VIA RAID TOOL.lnk]
path=H:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\VIA RAID TOOL.lnk
backup=H:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I downloaded pirated Software from P2P ]
NBA Live 2007 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-08-03 23:33 582992 H:\Archivos de programa\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\Archivos de programa\\ARES\\Ares.exe"=
"H:\\Archivos de programa\\MotoGP2\\motogp2.exe"=
"H:\\WINDOWS\\system32\\rtcshare.exe"=
"H:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"H:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"H:\\Archivos de programa\\Archivos comunes\\McAfee\\MNA\\McNASvc.exe"=

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;H:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 17149]
S3 PAC207;VideoCAM GF112;H:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;H:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 362944]

*Newly Created Service* - PROCEXP90
.
Contenido de carpeta 'Tareas Programadas'
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - H:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-iqecsiw - h:\documents and settings\user\configuración local\datos de programa\iqecsiw.exe
HKLM-Run-H:\WINDOWS\system32\kdqnw.exe - H:\WINDOWS\system32\kdqnw.exe
HKLM-Run-H:\WINDOWS\system32\kdhvx.exe - H:\WINDOWS\system32\kdhvx.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.es/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xportar a Microsoft Excel - H:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://H:\WINDOWS\Java\classes\xmldso.cab
H:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 16:15:48
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
Tiempo completado: 2008-09-20 16:16:59
ComboFix-quarantined-files.txt 2008-09-20 14:16:56

Pre-Run: 93.034.496.000 bytes libres
Post-Run: 96,248,139,776 bytes libres

163 --- E O F --- 2007-12-27 17:40:10