My Log from ComboFix continuation

I’m sorry, I have even lost track of what I was doing.
Too many interruptions has trouble my mind.
I hope this is what I was suppose to do.
Here I go again.

WinPFind3

WinPFind3 logfile created on: 6/10/2007 12:17:12 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Rosa Alonso.COQUI\Desktop\WinPFind3u
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

223.48 Mb Total Physical Memory | 56.53 Mb Available Physical Memory | 25.30% Memory free
544.99 Mb Paging File | 163.84 Mb Available in Paging File | 30.06% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.27 Gb Total Space | 20.79 Gb Free Space | 76.24% Space Free
Drive D: | 9.99 Gb Total Space | 7.56 Gb Free Space | 75.73% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: COQUI
Current User Name: Rosa Alonso
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
acrord32.exe → %SystemDrive%\Acrobat3\Reader\AcroRd32.exe → Adobe Systems Incorporated [Ver = 3.0.000 | Size = 2318848 bytes | Modified Date = 6/16/1997 12:59:14 PM | Attr = ]
aexplore.exe → %CommonProgramFiles%\AOL\1152373256\ee\aexplore.exe → America Online, Inc. [Ver = 1.4.16.2 | Size = 75344 bytes | Modified Date = 4/27/2006 2:13:32 PM | Attr = ]
aolload.exe → %CommonProgramFiles%\AOL\Loader\aolload.exe → America Online, Inc. [Ver = 9.2.0.1 | Size = 11352 bytes | Modified Date = 7/11/2005 4:35:18 PM | Attr = ]
aolsoftware.exe → %CommonProgramFiles%\AOL\1152373256\ee\aolsoftware.exe → America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 12:10:14 PM | Attr = ]
ashdisp.exe → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 1/15/2007 12:28:58 PM | Attr = ]
ashmaisv.exe → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 1/15/2007 12:28:32 PM | Attr = ]
ashserv.exe → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 1/15/2007 12:28:52 PM | Attr = ]
ashwebsv.exe → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 1/15/2007 12:27:52 PM | Attr = ]
aswupdsv.exe → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → [Ver = | Size = 59008 bytes | Modified Date = 1/15/2007 12:18:24 PM | Attr = ]
lexbces.exe → %System32%\LEXBCES.EXE → Lexmark International, Inc. [Ver = 9.37 | Size = 307200 bytes | Modified Date = 2/26/2004 8:55:20 AM | Attr = ]
lexpps.exe → %System32%\LEXPPS.EXE → Lexmark International, Inc. [Ver = 9.37 | Size = 174592 bytes | Modified Date = 2/26/2004 8:55:50 AM | Attr = ]

qttask.exe → %ProgramFiles%\QuickTime\qttask.exe → Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 6/21/2004 11:50:30 AM | Attr = ]
smc.exe → %ProgramFiles%\Sygate\SPF\Smc.exe → Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr = ]
winpfind3u.exe → %UserDesktop%\WinPFind3u\WinPFind3U.exe → OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] → %CommonProgramFiles%\AOL\ACS\AOLAcsd.exe → File not found
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → [Ver = | Size = 59008 bytes | Modified Date = 1/15/2007 12:18:24 PM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 1/15/2007 12:28:52 PM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 1/15/2007 12:28:32 PM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 1/15/2007 12:27:52 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] → %System32%\dmadmin.exe → Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]

(LexBceS) LexBce Server [Win32_Own | Auto | Running] → %System32%\LEXBCES.EXE → Lexmark International, Inc. [Ver = 9.37 | Size = 307200 bytes | Modified Date = 2/26/2004 8:55:20 AM | Attr = ]
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] → %ProgramFiles%\Sygate\SPF\Smc.exe → Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avast! → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 1/15/2007 12:28:58 PM | Attr = ]
QuickTime Task → %ProgramFiles%\QuickTime\qttask.exe → Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 6/21/2004 11:50:30 AM | Attr = ]
SmcService → %ProgramFiles%\Sygate\SPF\Smc.exe → Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr = ]
< ShellExecuteHooks [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{08C134D3-087C-4139-A98C-3A078358DFDE} [HKLM] → %System32%\byxurrr.dll → [Ver = | Size = 33302 bytes | Modified Date = 6/6/2007 4:28:40 PM | Attr = ]
< SecurityProviders [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
< Winlogon settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
awtqp → %System32%\awtqp.dll → [Ver = | Size = 263220 bytes | Modified Date = 6/8/2007 7:52:40 PM | Attr = HS]
byxurrr → %System32%\byxurrr.dll → [Ver = | Size = 33302 bytes | Modified Date = 6/6/2007 4:28:40 PM | Attr = ]

< CurrentVersion Policy Settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} → 1073741857 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1} → 32 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\dontdisplaylastusername → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticecaption → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticetext → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\shutdownwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\undockwithoutlogon → 1 →
< CurrentVersion Policy Settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun → 145 →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ → →
< HOSTS File > (23 bytes) → C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost → →

< Internet Explorer Settings > →
HKLM: Default_Page_URL → http://www.yahoo.com/
HKLM: Main\Default_Search_URL → http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
HKLM: Local Page → %SystemRoot%\system32\blank.htm →
HKLM: Search Bar → http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
HKLM: Search Page → http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
HKLM: Start Page → about:blank →
HKLM: CustomizeSearch → http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM: SearchAssistant → http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU: Local Page → C:\WINDOWS\system32\blank.htm →
HKCU: Search Page → http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU: Start Page → http://www.comcast.net
HKCU: SearchAssistant → http://ie.search.msn.com/en-us/srchasst/srchasst.htm
HKCU: URLSearchHooks\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] → Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
HKCU: ProxyEnable → 0 →
< Trusted Sites > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
msn.com [ - ] → →
< BHO’s > → HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] → Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] → %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] → Adobe Systems Incorporated [Ver = 6.0.0.2003051500 | Size = 50376 bytes | Modified Date = 5/14/2003 11:47:54 PM | Attr = ]
{08C134D3-087C-4139-A98C-3A078358DFDE} [HKLM] → %System32%\byxurrr.dll [Reg Data - Value does not exist] → [Ver = | Size = 33302 bytes | Modified Date = 6/6/2007 4:28:40 PM | Attr = ]
{4DDD747B-110B-4BBA-8A83-1B90ED65736F} [HKLM] → %System32%\awtqp.dll [Reg Data - Value does not exist] → [Ver = | Size = 263220 bytes | Modified Date = 6/8/2007 7:52:40 PM | Attr = HS]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKLM] → %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] → Comcast Cable Communications. [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 2:21:58 PM | Attr = ]
{58CAD45F-1435-432C-3ABC-6E148B3BE658} [HKLM] → %ProgramFiles%\Windows Media Player\lavufaw.dll [Reg Data - Value does not exist] → File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] → %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] → Yahoo! Inc. [Ver = 2006, 1, 5, 1 | Size = 181752 bytes | Modified Date = 1/6/2006 11:52:14 AM | Attr = ]
{6F282B65-56BF-4BD1-A8B2-A4449A05863D} [HKLM] → %ProgramFiles%\GamesBar\oberontb.dll [GamesBar] → File not found
{7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} [HKLM] → %ProgramFiles%\PeoplePC\Toolbar\ScamGrd.dll [PPCScamBHO Class] → EarthLink, Inc. [Ver = 3.0.3.0 | Size = 176128 bytes | Modified Date = 1/19/2006 6:43:12 PM | Attr = ]
{B12B391A-A0A7-FB27-D97F-89ADA897299D} [HKLM] → %System32%\dakv.dll [Reg Data - Value does not exist] → File not found
{E12BFF69-38A7-406e-A8EF-2738107A7831} [HKLM] → %System32%\xanjvlym.dll [Reg Data - Value does not exist] → File not found
{F1CEB0E0-FB0E-4F79-8019-3031A22FCF7D} [HKLM] → %ProgramFiles%\WindowsUpdate\hokel.dll → File not found
< Internet Explorer Bars [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
< Internet Explorer ToolBars [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKLM] → %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] → Comcast Cable Communications. [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 2:21:58 PM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] → Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
ShellBrowser\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKLM] → %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] → Comcast Cable Communications. [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 2:21:58 PM | Attr = ]
WebBrowser\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
WebBrowser\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKLM] → %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] → Comcast Cable Communications. [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 2:21:58 PM | Attr = ]
WebBrowser\{A8FB8EB3-183B-4598-924D-86F0E5E37085} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] → %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] → Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} → Reg Data - Value does not exist [ButtonText: Yahoo! Services] → File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} → Reg Data - Value does not exist [ButtonText: Real.com] → File not found
CmdMapping [HKLM] → Reg Data - Key not found [MenuText: Reg Data - Value does not exist] → File not found
< Internet Explorer Menu Extensions [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
&Yahoo! Search → %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM → [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 6:07:38 PM | Attr = ]
Yahoo! &Dictionary → %ProgramFiles%\Yahoo!\Common\YCDICT.HTM → [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 6:07:16 PM | Attr = ]
Yahoo! &Maps → %ProgramFiles%\Yahoo!\Common\ycmap.htm → [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 6:07:44 PM | Attr = ]
Yahoo! &SMS → %ProgramFiles%\Yahoo!\Common\YCsms.htm → [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 5:43:00 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension
.mpeg → %ProgramFiles%\Internet Explorer\PLUGINS\npqtplugin3.dll [QuickTime Plug-in 6.5] → Apple Computer, Inc. [Ver = 6.5 | Size = 106496 bytes | Modified Date = 6/21/2004 11:50:24 AM | Attr = ]

< User Agent Post Platform [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 → →
< DNS Name Servers [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters
{2A5E6B29-A553-4AC4-B600-CC7163D8A16A} → () →
{D4BC450B-465B-4BD1-8A55-F3375020F1A7} → (SiS 900-Based PCI Fast Ethernet Adapter) →
< Protocol Handlers [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler
ipp → Reg Data - Key not found → File not found
msdaipp → Reg Data - Key not found → File not found
< Downloaded Program Files > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units
{166B1BCA-3F9C-11CF-8075-444553540000} → Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} → YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll →
{5C051655-FCD5-4969-9182-770EA5AA5565} → Solitaire Showdown Class - CodeBase = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} → WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154116431296
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} → MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154448063656
{89D75D39-5531-47BA-9E4F-B346BA9C362C} → CWDL_DownLoadControl Class - CodeBase = http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
{8AD9C840-044E-11D1-B3E9-00805F499D93} → Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} → MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} → - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DirectAnimation Java Classes → - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab →
Microsoft XML Parser for Java → - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab →

[Files/Folders - Created Within 30 days]
dnsbak.reg → %SystemDrive%\dnsbak.reg → [Ver = | Size = 8502 bytes | Created Date = 6/9/2007 1:53:00 PM | Attr = ]
fixwareout → %SystemDrive%\fixwareout → [Folder | Created Date = 6/9/2007 1:52:26 PM | Attr = ]
QooBox → %SystemDrive%\QooBox → [Folder | Created Date = 6/8/2007 6:57:54 PM | Attr = ]
sqmdata00.sqm → %SystemDrive%\sqmdata00.sqm → [Ver = | Size = 268 bytes | Created Date = 5/21/2007 9:03:58 PM | Attr = H ]
sqmdata01.sqm → %SystemDrive%\sqmdata01.sqm → [Ver = | Size = 232 bytes | Created Date = 6/5/2007 9:39:00 PM | Attr = H ]
sqmdata02.sqm → %SystemDrive%\sqmdata02.sqm → [Ver = | Size = 268 bytes | Created Date = 6/6/2007 8:03:16 AM | Attr = H ]
sqmdata03.sqm → %SystemDrive%\sqmdata03.sqm → [Ver = | Size = 268 bytes | Created Date = 6/6/2007 8:10:37 PM | Attr = H ]
sqmdata04.sqm → %SystemDrive%\sqmdata04.sqm → [Ver = | Size = 268 bytes | Created Date = 6/6/2007 8:48:01 PM | Attr = H ]
sqmnoopt00.sqm → %SystemDrive%\sqmnoopt00.sqm → [Ver = | Size = 244 bytes | Created Date = 5/21/2007 9:03:58 PM | Attr = H ]
sqmnoopt01.sqm → %SystemDrive%\sqmnoopt01.sqm → [Ver = | Size = 244 bytes | Created Date = 6/5/2007 9:39:00 PM | Attr = H ]
sqmnoopt02.sqm → %SystemDrive%\sqmnoopt02.sqm → [Ver = | Size = 244 bytes | Created Date = 6/6/2007 8:03:16 AM | Attr = H ]
sqmnoopt03.sqm → %SystemDrive%\sqmnoopt03.sqm → [Ver = | Size = 244 bytes | Created Date = 6/6/2007 8:10:37 PM | Attr = H ]
sqmnoopt04.sqm → %SystemDrive%\sqmnoopt04.sqm → [Ver = | Size = 244 bytes | Created Date = 6/6/2007 8:48:01 PM | Attr = H ]

Temp → %SystemDrive%\Temp → [Folder | Created Date = 6/6/2007 4:28:48 PM | Attr = ]
_OTMoveIt → %SystemDrive%_OTMoveIt → [Folder | Created Date = 6/9/2007 10:17:16 AM | Attr = ]
$NtUninstallKB927891$ → %SystemRoot%$NtUninstallKB927891$ → [Folder | Created Date = 5/23/2007 9:29:57 PM | Attr = H ]
catchme.exe → %SystemRoot%\catchme.exe → [Ver = | Size = 87040 bytes | Created Date = 6/8/2007 7:48:51 PM | Attr = ]
erdnt → %SystemRoot%\erdnt → [Folder | Created Date = 6/8/2007 7:23:29 PM | Attr = ]
nircmd.exe → %SystemRoot%\nircmd.exe → NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 6/8/2007 7:48:51 PM | Attr = ]
tcb.pmw → %SystemRoot%\tcb.pmw → [Ver = | Size = 45 bytes | Created Date = 6/6/2007 4:30:06 PM | Attr = ]
1-Click Maintenance.job → %SystemRoot%\tasks\1-Click Maintenance.job → [Ver = | Size = 402 bytes | Created Date = 5/15/2007 3:14:21 PM | Attr = ]
actskin4.ocx → %System32%\actskin4.ocx → [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 6/6/2007 8:46:11 PM | Attr = ]
aswBoot.exe → %System32%\aswBoot.exe → [Ver = 4, 7, 936, 0 | Size = 689280 bytes | Created Date = 6/6/2007 8:46:11 PM | Attr = ]
AVASTSS.scr → %System32%\AVASTSS.scr → ALWIL Software [Ver = 4, 7, 936, 0 | Size = 90112 bytes | Created Date = 6/6/2007 8:46:11 PM | Attr = ]
awtqp.dll → %System32%\awtqp.dll → [Ver = | Size = 263220 bytes | Created Date = 6/8/2007 7:52:37 PM | Attr = HS]
byxurrr.dll → %System32%\byxurrr.dll → [Ver = | Size = 33302 bytes | Created Date = 6/6/2007 4:28:37 PM | Attr = ]
ClickToFindandFixErrors_Intl.ico → %System32%\ClickToFindandFixErrors_Intl.ico → [Ver = | Size = 2238 bytes | Created Date = 6/6/2007 8:36:12 PM | Attr = ]
ecypdnan.ini → %System32%\ecypdnan.ini → [Ver = | Size = 982785 bytes | Created Date = 6/7/2007 4:40:23 PM | Attr = HS]
fhoufhdx.ini → %System32%\fhoufhdx.ini → [Ver = | Size = 970985 bytes | Created Date = 6/8/2007 7:58:54 PM | Attr = HS]
ipcmbhyk.ini → %System32%\ipcmbhyk.ini → [Ver = | Size = 1012333 bytes | Created Date = 6/6/2007 4:42:59 PM | Attr = HS]
moveex.exe → %System32%\moveex.exe → [Ver = | Size = 38400 bytes | Created Date = 6/8/2007 7:48:51 PM | Attr = ]
nmeywjhq.ini → %System32%\nmeywjhq.ini → [Ver = | Size = 970803 bytes | Created Date = 6/8/2007 4:43:11 PM | Attr = HS]
pqtwa.bak1 → %System32%\pqtwa.bak1 → [Ver = | Size = 1808519 bytes | Created Date = 6/8/2007 7:52:51 PM | Attr = HS]
pqtwa.ini → %System32%\pqtwa.ini → [Ver = | Size = 1813283 bytes | Created Date = 6/8/2007 7:52:40 PM | Attr = HS]
SSSensor.dll → %System32%\SSSensor.dll → Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Created Date = 6/8/2007 9:28:11 PM | Attr = ]
stera.job → %System32%\stera.job → [Ver = | Size = 2 bytes | Created Date = 6/6/2007 8:00:26 PM | Attr = ]
swreg.exe → %System32%\swreg.exe → SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 6/8/2007 7:48:51 PM | Attr = ]
swsc.exe → %System32%\swsc.exe → SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 6/8/2007 7:48:51 PM | Attr = ]

swxcacls.exe → %System32%\swxcacls.exe → SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/8/2007 7:48:51 PM | Attr = ]
uxtuneup.dll → %System32%\uxtuneup.dll → TuneUp Software GmbH [Ver = 2.0.0.7 | Size = 29704 bytes | Created Date = 5/15/2007 3:13:48 PM | Attr = ]
vfind.exe → %System32%\vfind.exe → [Ver = | Size = 49152 bytes | Created Date = 6/8/2007 7:48:51 PM | Attr = ]
aavmker4.sys → %System32%\drivers\aavmker4.sys → ALWIL Software [Ver = 4.7.892.0 | Size = 31560 bytes | Created Date = 6/6/2007 8:46:41 PM | Attr = ]
aswmon.sys → %System32%\drivers\aswmon.sys → ALWIL Software [Ver = 4.7.892.0 | Size = 85952 bytes | Created Date = 6/6/2007 8:46:31 PM | Attr = ]
aswmon2.sys → %System32%\drivers\aswmon2.sys → ALWIL Software [Ver = 4.7.892.0 | Size = 94424 bytes | Created Date = 6/6/2007 8:46:31 PM | Attr = ]
aswRdr.sys → %System32%\drivers\aswRdr.sys → ALWIL Software [Ver = 4.7.936.0 | Size = 23352 bytes | Created Date = 6/6/2007 8:46:41 PM | Attr = ]
aswTdi.sys → %System32%\drivers\aswTdi.sys → ALWIL Software [Ver = 4.7.936.0 | Size = 43176 bytes | Created Date = 6/6/2007 8:46:41 PM | Attr = ]
AvgArCln.sys → %System32%\drivers\AvgArCln.sys → GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 6/7/2007 9:07:29 PM | Attr = ]
Teefer.sys → %System32%\drivers\Teefer.sys → Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Created Date = 6/8/2007 9:28:26 PM | Attr = ]
wg3n.sys → %System32%\drivers\wg3n.sys → Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 6/8/2007 9:28:27 PM | Attr = ]
wg4n.sys → %System32%\drivers\wg4n.sys → Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 6/8/2007 9:28:27 PM | Attr = ]
wg5n.sys → %System32%\drivers\wg5n.sys → Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 6/8/2007 9:28:27 PM | Attr = ]
wg6n.sys → %System32%\drivers\wg6n.sys → Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 6/8/2007 9:28:27 PM | Attr = ]
wpsdrvnt.sys → %System32%\drivers\wpsdrvnt.sys → Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Created Date = 6/8/2007 9:28:24 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
dnsbak.reg → %SystemDrive%\dnsbak.reg → [Ver = | Size = 8502 bytes | Modified Date = 6/9/2007 1:53:02 PM | Attr = ]
fixwareout → %SystemDrive%\fixwareout → [Folder | Modified Date = 6/9/2007 2:00:52 PM | Attr = ]
found.001 → %SystemDrive%\found.001 → [Folder | Modified Date = 5/17/2007 1:35:22 PM | Attr = HS]
Program Files → %ProgramFiles% → [Folder | Modified Date = 6/10/2007 8:07:38 AM | Attr = ]
QooBox → %SystemDrive%\QooBox → [Folder | Modified Date = 6/8/2007 6:57:56 PM | Attr = ]
Recycled → %SystemDrive%\Recycled → [Folder | Modified Date = 6/8/2007 7:49:14 PM | Attr = HS]
sqmdata00.sqm → %SystemDrive%\sqmdata00.sqm → [Ver = | Size = 268 bytes | Modified Date = 5/21/2007 9:04:00 PM | Attr = H ]
sqmdata01.sqm → %SystemDrive%\sqmdata01.sqm → [Ver = | Size = 232 bytes | Modified Date = 6/5/2007 9:39:02 PM | Attr = H ]
sqmdata02.sqm → %SystemDrive%\sqmdata02.sqm → [Ver = | Size = 268 bytes | Modified Date = 6/6/2007 8:03:18 AM | Attr = H ]
sqmdata03.sqm → %SystemDrive%\sqmdata03.sqm → [Ver = | Size = 268 bytes | Modified Date = 6/6/2007 8:10:38 PM | Attr = H ]
sqmdata04.sqm → %SystemDrive%\sqmdata04.sqm → [Ver = | Size = 268 bytes | Modified Date = 6/6/2007 8:48:02 PM | Attr = H ]
sqmnoopt00.sqm → %SystemDrive%\sqmnoopt00.sqm → [Ver = | Size = 244 bytes | Modified Date = 5/21/2007 9:04:00 PM | Attr = H ]
sqmnoopt01.sqm → %SystemDrive%\sqmnoopt01.sqm → [Ver = | Size = 244 bytes | Modified Date = 6/5/2007 9:39:02 PM | Attr = H ]
sqmnoopt02.sqm → %SystemDrive%\sqmnoopt02.sqm → [Ver = | Size = 244 bytes | Modified Date = 6/6/2007 8:03:18 AM | Attr = H ]
sqmnoopt03.sqm → %SystemDrive%\sqmnoopt03.sqm → [Ver = | Size = 244 bytes | Modified Date = 6/6/2007 8:10:38 PM | Attr = H ]
sqmnoopt04.sqm → %SystemDrive%\sqmnoopt04.sqm → [Ver = | Size = 244 bytes | Modified Date = 6/6/2007 8:48:02 PM | Attr = H ]
Temp → %SystemDrive%\Temp → [Folder | Modified Date = 6/9/2007 10:17:24 AM | Attr = ]
WINDOWS → %SystemRoot% → [Folder | Modified Date = 6/9/2007 10:17:22 AM | Attr = ]
_OTMoveIt → %SystemDrive%_OTMoveIt → [Folder | Modified Date = 6/9/2007 10:17:18 AM | Attr = ]
$NtUninstallKB927891$ → %SystemRoot%$NtUninstallKB927891$ → [Folder | Modified Date = 5/23/2007 9:29:58 PM | Attr = H ]
ACROREAD.INI → %SystemRoot%\ACROREAD.INI → [Ver = | Size = 2556 bytes | Modified Date = 6/9/2007 8:08:46 AM | Attr = ]
bootstat.dat → %SystemRoot%\bootstat.dat → [Ver = | Size = 2048 bytes | Modified Date = 6/9/2007 1:54:54 PM | Attr = S]
catchme.exe → %SystemRoot%\catchme.exe → [Ver = | Size = 87040 bytes | Modified Date = 5/28/2007 4:23:12 AM | Attr = ]
Debug → %SystemRoot%\Debug → [Folder | Modified Date = 6/7/2007 8:35:34 AM | Attr = ]
Downloaded Program Files → %SystemRoot%\Downloaded Program Files → [Folder | Modified Date = 6/4/2007 3:50:06 PM | Attr = S]
erdnt → %SystemRoot%\erdnt → [Folder | Modified Date = 6/8/2007 7:23:30 PM | Attr = ]
Help → %SystemRoot%\Help → [Folder | Modified Date = 6/7/2007 9:12:48 PM | Attr = ]
inf → %SystemRoot%\inf → [Folder | Modified Date = 6/8/2007 4:09:34 PM | Attr = H ]
Installer → %SystemRoot%\Installer → [Folder | Modified Date = 6/8/2007 9:28:30 PM | Attr = HS]
Minidump → %SystemRoot%\Minidump → [Folder | Modified Date = 5/15/2007 3:23:58 PM | Attr = ]
Prefetch → %SystemRoot%\Prefetch → [Folder | Modified Date = 6/9/2007 6:17:28 PM | Attr = ]
Registration → %SystemRoot%\Registration → [Folder | Modified Date = 6/6/2007 4:22:14 PM | Attr = ]
system32 → %System32% → [Folder | Modified Date = 6/10/2007 12:17:20 PM | Attr = ]
Tasks → %SystemRoot%\Tasks → [Folder | Modified Date = 6/8/2007 6:59:06 PM | Attr = S]
tcb.pmw → %SystemRoot%\tcb.pmw → [Ver = | Size = 45 bytes | Modified Date = 6/6/2007 4:32:16 PM | Attr = ]
Temp → %SystemRoot%\Temp → [Folder | Modified Date = 6/10/2007 11:33:08 AM | Attr = ]
WORDPAD.INI → %SystemRoot%\WORDPAD.INI → [Ver = | Size = 754 bytes | Modified Date = 5/25/2007 5:31:20 PM | Attr = ]
1-Click Maintenance.job → %SystemRoot%\tasks\1-Click Maintenance.job → [Ver = | Size = 402 bytes | Modified Date = 6/8/2007 5:15:02 PM | Attr = ]
SA.DAT → %SystemRoot%\tasks\SA.DAT → [Ver = | Size = 6 bytes | Modified Date = 6/9/2007 1:55:06 PM | Attr = H ]
awtqp.dll → %System32%\awtqp.dll → [Ver = | Size = 263220 bytes | Modified Date = 6/8/2007 7:52:40 PM | Attr = HS]
byxurrr.dll → %System32%\byxurrr.dll → [Ver = | Size = 33302 bytes | Modified Date = 6/6/2007 4:28:40 PM | Attr = ]
CatRoot → %System32%\CatRoot → [Folder | Modified Date = 5/23/2007 7:43:30 AM | Attr = ]
CatRoot2 → %System32%\CatRoot2 → [Folder | Modified Date = 6/8/2007 7:25:58 PM | Attr = ]
ClickToFindandFixErrors_Intl.ico → %System32%\ClickToFindandFixErrors_Intl.ico → [Ver = | Size = 2238 bytes | Modified Date = 6/6/2007 8:36:14 PM | Attr = ]
config → %System32%\config → [Folder | Modified Date = 6/8/2007 7:23:52 PM | Attr = ]
CONFIG.NT → %System32%\CONFIG.NT → [Ver = | Size = 2626 bytes | Modified Date = 6/6/2007 8:46:42 PM | Attr = ]
dllcache → %System32%\dllcache → [Folder | Modified Date = 6/8/2007 7:26:04 PM | Attr = RHS]
drivers → %System32%\drivers → [Folder | Modified Date = 6/8/2007 9:28:28 PM | Attr = ]
ecypdnan.ini → %System32%\ecypdnan.ini → [Ver = | Size = 982785 bytes | Modified Date = 6/7/2007 4:40:28 PM | Attr = HS]
fhoufhdx.ini → %System32%\fhoufhdx.ini → [Ver = | Size = 970985 bytes | Modified Date = 6/9/2007 8:29:36 PM | Attr = HS]
ipcmbhyk.ini → %System32%\ipcmbhyk.ini → [Ver = | Size = 1012333 bytes | Modified Date = 6/6/2007 8:15:24 PM | Attr = HS]
Macromed → %System32%\Macromed → [Folder | Modified Date = 5/27/2007 5:23:06 PM | Attr = ]
nmeywjhq.ini → %System32%\nmeywjhq.ini → [Ver = | Size = 970803 bytes | Modified Date = 6/8/2007 4:43:18 PM | Attr = HS]
pqtwa.bak1 → %System32%\pqtwa.bak1 → [Ver = | Size = 1808519 bytes | Modified Date = 6/8/2007 7:52:52 PM | Attr = HS]
pqtwa.ini → %System32%\pqtwa.ini → [Ver = | Size = 1813283 bytes | Modified Date = 6/10/2007 12:17:20 PM | Attr = HS]
stera.job → %System32%\stera.job → [Ver = | Size = 2 bytes | Modified Date = 6/6/2007 8:00:30 PM | Attr = ]
wpa.dbl → %System32%\wpa.dbl → [Ver = | Size = 1158 bytes | Modified Date = 6/1/2007 8:52:42 PM | Attr = ]
etc → %System32%\drivers\etc → [Folder | Modified Date = 6/8/2007 7:47:36 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , → %System32%\ALSNDMGR.CPL → Realtek Semiconductor Corp. [Ver = 2.2.22 | Size = 14250496 bytes | Modified Date = 3/19/2004 9:44:32 AM | Attr = R ]
UPX! , UPX0 , → %System32%\aswBoot.exe → [Ver = 4, 7, 936, 0 | Size = 689280 bytes | Modified Date = 1/15/2007 12:32:08 PM | Attr = ]
PEC2 , → %System32%\dfrg.msc → [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
winsync , → %System32%\wbdbase.deu → [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
WSUD , UPX0 , → %System32%\dllcache\hwxjpn.dll → [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
PTech , → %System32%\drivers\mtlstrm.sys → Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >

COMBOFIX WORD PAD

“Rosa Alonso” - 2007-06-08 18:55:43 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Documents and Settings\Rosa Alonso.COQUI\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.ini
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.ini
C:\WINDOWS\system32\rtutv.tmp
C:\WINDOWS\system32\vtutr.dll

      • POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

– Purity Folders:
C:\DOCUME~1\ROSAAL~1.COQ\MYDOCU~1\CROSOF~1.NET
C:\DOCUME~1\ROSAAL~1.COQ\STARTM~1\Programs.\PornoPlayer
C:\DOCUME~1\ROSAAL~1.COQ\STARTM~1\Programs.\PornoPlayer\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Temp\0b9
C:\Temp\0b9\tmpTF.logHiJackthis log
C:\Temp\tn3
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\cfg32r.dll
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\system32\CROSOF~1.NET
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\kdaql.exe
C:\WINDOWS\system32\pog
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T4\amst5.exe
C:\WINDOWS\wr.txt

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CORE
-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\core
-------\Net Agent
-------\Windows Overlay Components

((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 )))))))))))))))))))))))))))))))

2007-06-07 21:07 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-06-07 16:46 58,420 --a------ C:\WINDOWS\system32\xanjvlym.dll
2007-06-06 20:46 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-06 20:46 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-06-06 20:46 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-06 20:46 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-06 20:46 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-06 20:46 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-06 20:46 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-06 16:51 d–hsc— C:\UWA7P
2007-06-06 16:49 d-------- C:\DOCUME~1\ROSAAL~1.COQ\APPLIC~1\WinAntiVirus Pro 2007
2007-06-06 16:48 dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor
2007-06-06 16:46 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-06 16:46 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-06 16:46 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-06-06 16:46 d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-06-06 16:46 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
2007-06-06 16:45 2,580 --a------ C:\WINDOWS\system32\itidslmy.exe
2007-06-06 16:42 131,124 --a------ C:\WINDOWS\system32\kyhbmcpi.dll
2007-06-06 16:41 33,302 --a------ C:\WINDOWS\system32\opnmnmm.dll
2007-06-06 16:40 55,316 --a------ C:\WINDOWS\system32\nqquvbep.dll
2007-06-06 16:31 2 --a------ C:\WINDOWS\system32\wcpisvit.exe
2007-06-06 16:30 771,920 -r-hs---- C:\WINDOWS\oaftrobA.exe
2007-06-06 16:30 46,592 --a------ C:\WINDOWS\oaftrob.exe
2007-06-06 16:29 d-------- C:\WINDOWS\system32\TQ0
2007-06-06 16:29 d-------- C:\WINDOWS\system32\T6
2007-06-06 16:28 33,302 --a------ C:\WINDOWS\system32\byxurrr.dll
2007-06-06 16:28 d----c— C:\Temp\x2b
2007-06-06 16:28 d----c— C:\Temp
2007-06-06 16:28 d-------- C:\WINDOWS\system32\T1QaSQ
2007-05-22 09:24 d-------- C:\Program Files\GamesBar
2007-05-22 09:24 d-------- C:\Program Files\Comcast Play Games
2007-05-22 09:24 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tarma Installer
2007-05-22 09:24 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
2007-05-18 17:51 d-------- C:\DOCUME~1\ROSAAL~1.COQ\APPLIC~1\Talkback
2007-05-15 17:50 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-05-15 17:38 d-------- C:\Program Files\CCleaner
2007-05-15 15:13 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-05-15 15:13 d-------- C:\Program Files\TuneUp Utilities 2007
2007-05-15 15:13 d-------- C:\DOCUME~1\ROSAAL~1.COQ\APPLIC~1\TuneUp Software
2007-05-15 15:12 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-15 15:12 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
2007-05-09 21:22 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-05-09 21:13 d-------- C:\Program Files\Common Files\logishrd
2007-05-09 21:11 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-05-08 17:17 d-------- C:\Program Files\Alwil Software
2007-05-08 17:04 d-------- C:\DOCUME~1\ROSAAL~1.COQ\APPLIC~1\Sammsoft
2007-05-08 14:50 d-------- C:\Program Files\RegistryPatrol3.0
2007-05-08 14:26 d-------- C:\Program Files\XPMedic

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-08 02:12:46 -------- d–h–w C:\Program Files\WindowsUpdate
2007-06-06 21:22:02 -------- d-----w C:\DOCUME~1\ROSAAL~1.COQ\APPLIC~1\ComcastToolbar
2007-05-15 22:38:49 -------- d-----w C:\Program Files\Yahoo!
2007-05-15 20:23:40 -------- d-----w C:\Program Files\RamBooster 2.0
2007-05-09 21:05:02 -------- d-----w C:\DOCUME~1\ROSAAL~1.COQ\APPLIC~1\Yahoo!
2007-05-09 18:57:40 -------- d-----w C:\Program Files\The Rise Of Atlantis
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 12:35:55 -------- d-----w C:\Program Files\ComcastToolbar
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-10 13:27:32 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-10 13:27:13 -------- d–h–w C:\Program Files\InstallShield Installation Information
2007-04-10 13:10:54 -------- d-----w C:\Program Files\iWin Games
2007-04-09 15:52:50 -------- d-----w C:\Program Files\iWin.com
2007-04-09 13:26:11 -------- d-----w C:\Program Files\Oberon Media
2007-04-08 22:03:48 -------- d-----w C:\Program Files\BFG
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-14 23:47]
{08C134D3-087C-4139-A98C-3A078358DFDE}=C:\WINDOWS\system32\byxurrr.dll [2007-06-06 16:28]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}=C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 14:21]
{58CAD45F-1435-432C-3ABC-6E148B3BE658}=C:\Program Files\Windows Media Player\lavufaw.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-01-06 11:52]
{6F282B65-56BF-4BD1-A8B2-A4449A05863D}=C:\Program Files\GamesBar\oberontb.dll [2006-07-06 14:54]
{7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED}=C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll [2006-01-19 18:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{B12B391A-A0A7-FB27-D97F-89ADA897299D}=C:\WINDOWS\system32\dakv.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 15:04]
{E12BFF69-38A7-406e-A8EF-2738107A7831}=C:\WINDOWS\system32\xanjvlym.dll [2007-06-07 16:46]
{F1CEB0E0-FB0E-4F79-8019-3031A22FCF7D}=C:\Program Files\WindowsUpdate\hokel.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-01-15 12:28]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2004-06-21 11:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{08C134D3-087C-4139-A98C-3A078358DFDE}”=“C:\WINDOWS\system32\byxurrr.dll” [2007-06-06 16:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxurrr]
byxurrr.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“AOL”=C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe /d locale=en-US ee://aol/browserapp
“Crao”=“C:\WINDOWS\system32\CROSOF~1.NET\dexplore.exe” -vt yazb
“ccleaner”=“C:\Program Files\CCleaner\ccleaner.exe” /AUTO
“msnmsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
“YSearchProtection”=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
“Yahoo! Pager”=“C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“HostManager”=C:\Program Files\Common Files\AOL\1152373256\ee\AOLSoftware.exe
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” -atboottime
“tgcmd”=C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
“KernelFaultCheck”=%systemroot%\system32\dumprep 0 -k
“RealTray”=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
“runner1”=C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
“VTPreset”=VTPreset.exe
“Configuration Manager”=C:\WINDOWS\cfg32.exe
“oaftrobA”=C:\WINDOWS\oaftrobA.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost netsvcs
UxTuneUp

Contents of the ‘Scheduled Tasks’ folder
2007-06-08 22:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job


catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-08 19:47:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0


Completion time: 2007-06-08 19:48:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-06-08 19:48

--- E O F ---

MoveIt Result

C:\Program Files\GamesBar moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xdhfuohf.dll
C:\WINDOWS\system32\xdhfuohf.dll NOT unregistered.
C:\WINDOWS\system32\xdhfuohf.dll moved successfully.

Created on 06/09/2007 14:24:23

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 2:14:05 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolbar.msn.com/installsuccess.aspx&&FORM=TOOLBR&DI=2883&CM=MsgrInstall
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [ApachInc] rundll32.exe “C:\WINDOWS\system32\xdhfuohf.dll”,realset
O4 - HKLM..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra ‘Tools’ menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD6

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154116431296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154448063656
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

I hope I did this correctly.
I think this is a lot of work for you to
check all this. I would become insane.
I don’t know anything about computers and I really admire
you who can understand all these “rebolu” ;D
My complements to you.
Thank you so much. If I was working and making a living
someway I would make a good donation cause the forum really
deserves it.
A dozen of :-* for everyone helping.

Hi Haydee,

Your hjt logfile evaluation can be found here: http://www.hijackthis.de/logfiles/9040b214d04b28d634928a6abd754913.html
This is for 3 consequent days. From what I can see here, but you have to wait for what Essexboy has to say about this, you have to get rid of URL SearchHook and Toolbar Gamebar. He might also give you instructions to get rid of your Zango infection.
To manually remove the Zango infection:
To manually remove the adware, use the following removal steps:

  1. Close all open Internet Explorer windows.

  2. Open a DOS command prompt window ( Start > Run , type ‘cmd’ (on Windows NT/2000/XP ) or ‘command’ (on Windows 95/98/Me)) and enter the following commands,

    cd %ProgramFiles%\ZangoClient
    regsvr32 /u zangohook.dll

  3. Click Start > Run, type ‘regedit’ and click Ok to open Registry Editor.

  4. Navigate to the following key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.

    In the right pane find and delete the entry with the value ’ zanu’ (which points to the file zanu.exe ) or ’ Zango TvTimes ’ (which points to the file ZangoTVTimes ) .

  5. Reboot the computer.

  6. Open the Registry eidtor again, navigate to and delete the following keys to clean up (if exist):

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {0AC49246-419B-4EE0-8917-8818DAAD6A4E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {99410CDE-6F16-42ce-9D49-3807F78F0287}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {2B0ECEAC-F597-4858-A542-D966B49055B9}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {F1F1E775-1B21-454D-8D38-7C16519969E5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {7B178417-3CDA-444F-94FF-312C0A3A78A8}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {68BF4626-D66B-4383-A6AF-62E57E9B6CD4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {15EA8944-438E-471E-860D-6743D4383A37}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {E5B57AB3-15F8-43A2-ABAC-3E58A9C25818}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ncmyb.SABHO
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ncmyb.SABHO.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.ClientInstaller
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.ClientInstaller.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.RequiredComponent
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.RequiredComponent.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zanu
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zango TV Times
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units \ {99410CDE-6F16-42ce-9D49-3807F78F0287}
    HKEY_LOCAL_MACHINE\SOFTWARE\zanu
    HKEY_CURRENT_USER\Software\zanu

  7. Exit Registry Editor.

  8. Delete the following folders:

    %ProgramFiles%\ZangoClient
    %ProgramFiles%\Zango Applications\

polonus

Working on the winpfind now shouldn’t take to long

You can run but not hide I found you ;D

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button.

[Registry - Non-Microsoft Only] < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks YY -> {08C134D3-087C-4139-A98C-3A078358DFDE} [HKLM] -> %System32%\byxurrr.dll [] < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ YY -> awtqp -> %System32%\awtqp.dll YY -> byxurrr -> %System32%\byxurrr.dll < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ YY -> {08C134D3-087C-4139-A98C-3A078358DFDE} [HKLM] -> %System32%\byxurrr.dll [Reg Data - Value does not exist] YY -> {4DDD747B-110B-4BBA-8A83-1B90ED65736F} [HKLM] -> %System32%\awtqp.dll [Reg Data - Value does not exist] YN -> {6F282B65-56BF-4BD1-A8B2-A4449A05863D} [HKLM] -> %ProgramFiles%\GamesBar\oberontb.dll [GamesBar] YN -> {B12B391A-A0A7-FB27-D97F-89ADA897299D} [HKLM] -> %System32%\dakv.dll [Reg Data - Value does not exist] YN -> {E12BFF69-38A7-406e-A8EF-2738107A7831} [HKLM] -> %System32%\xanjvlym.dll [Reg Data - Value does not exist] YN -> {F1CEB0E0-FB0E-4F79-8019-3031A22FCF7D} [HKLM] -> %ProgramFiles%\WindowsUpdate\hokel.dll [] < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ YN -> WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] YN -> WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ YN -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] [Files/Folders - Created Within 30 days] NY -> dnsbak.reg -> %SystemDrive%\dnsbak.reg NY -> sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm NY -> sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm NY -> sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm NY -> sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm NY -> sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm NY -> sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm NY -> sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm NY -> sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm NY -> sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm NY -> sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm NY -> tcb.pmw -> %SystemRoot%\tcb.pmw NY -> awtqp.dll -> %System32%\awtqp.dll NY -> byxurrr.dll -> %System32%\byxurrr.dll NY -> ClickToFindandFixErrors_Intl.ico -> %System32%\ClickToFindandFixErrors_Intl.ico NY -> ecypdnan.ini -> %System32%\ecypdnan.ini NY -> fhoufhdx.ini -> %System32%\fhoufhdx.ini NY -> ipcmbhyk.ini -> %System32%\ipcmbhyk.ini NY -> nmeywjhq.ini -> %System32%\nmeywjhq.ini NY -> pqtwa.bak1 -> %System32%\pqtwa.bak1 NY -> pqtwa.ini -> %System32%\pqtwa.ini NY -> stera.job -> %System32%\stera.job [Files/Folders - Modified Within 30 days] NY -> found.001 -> %SystemDrive%\found.001 NY -> sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm NY -> sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm NY -> sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm NY -> sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm NY -> sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm NY -> sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm NY -> sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm NY -> sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm NY -> sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm NY -> sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm NY -> tcb.pmw -> %SystemRoot%\tcb.pmw NY -> awtqp.dll -> %System32%\awtqp.dll NY -> byxurrr.dll -> %System32%\byxurrr.dll NY -> ClickToFindandFixErrors_Intl.ico -> %System32%\ClickToFindandFixErrors_Intl.ico NY -> ecypdnan.ini -> %System32%\ecypdnan.ini NY -> fhoufhdx.ini -> %System32%\fhoufhdx.ini NY -> ipcmbhyk.ini -> %System32%\ipcmbhyk.ini NY -> nmeywjhq.ini -> %System32%\nmeywjhq.ini NY -> pqtwa.bak1 -> %System32%\pqtwa.bak1 NY -> pqtwa.ini -> %System32%\pqtwa.ini NY -> stera.job -> %System32%\stera.job

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. I see you still have symantec on your system are you using their firewall