I’ll go ahead and give all that a shot. I’ll be back with the info.
Alright. I think this is what you are looking for. Let me know if I need to do something else.
Chuckle Chuckle ;D I already have a copy of the programme - could you upload the log
It will be in the OTScanit folder and will be called otscanit.txt
woops ???
There but for the grace of god go I - been there done that 
lmao
I think this is what you were looking for
http://www.mediafire.com/?sharekey=467c8ea8d3409c33d2db6fb9a8902bda
Hmm that one invited a lot of friends along. You will lose your desktop and the system will reboot. Again disconnect from the net and disable Avast
Due to the size of this fix I will attach it as a text file. Open the text file, go to edit and select all then go to edit and select copy
Start OTScanit. Copy/Paste the information in the into the pane where it says “Paste fix here” and then click the Run Fix button.
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
EDIT only use one text file as they are both the same
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:53 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: HP50B1BA HP00187150B1BA
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {39070b34-de03-44b9-aa07-96d7a56359c6} - C:\WINDOWS\system32\kawolumi.dll
O2 - BHO: (no name) - {b408eaf6-3091-4a5c-9b66-5732570e74b7} - C:\WINDOWS\system32\kawolumi.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe”
O4 - HKLM..\Run: [Bar] C:\DOCUME~1\Owner\LOCALS~1\Temp\xrwnaoecsm.tmp
O4 - HKLM..\Run: [fc0e0b93] rundll32.exe “C:\WINDOWS\system32\tituzeki.dll”,b
O4 - HKLM..\Run: [CPMff3d380f] Rundll32.exe “c:\windows\system32\lobofenu.dll”,a
O4 - HKLM..\Run: [salumibudi] Rundll32.exe “C:\WINDOWS\system32\boserote.dll”,s
O4 - HKCU..\Run: [PowerBar] “C:\Program Files\CyberLink\DVD Solution\PowerBar.exe” /AtBootTime
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [Vidalia] “C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe”
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [DW6] “C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe”
O4 - HKCU..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 - HKUS\S-1-5-18..\Run: [Power2GoExpress] NA (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [Power2GoExpress] NA (User ‘Default user’)
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O17 - HKLM\System\CCS\Services\Tcpip..{89240DEC-04FA-4E9B-88CE-5E910643F795}: NameServer = 192.168.1.1,68.238.112.12
O20 - AppInit_DLLs: c:\windows\system32\lobofenu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lobofenu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lobofenu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
–
End of file - 8966 bytes
The fix
[Processes - Safe List]
Process gadcom.exe killed successfully!
C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe moved successfully.
Process m3srchmn.exe killed successfully!
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE moved successfully.
Process oeaddon.exe killed successfully!
C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe moved successfully.
Process zangosa.exe killed successfully!
C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe moved successfully.
[Registry - Safe List]
Registry key HKEY_USERS\EFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL moved successfully.
Registry key HKEY_USERS\1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
File C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL not found.
Registry key HKEY_USERS\1-5-21-1007030829-3503191145-182539144-1006\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
File C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
File C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{a22d0e1d-0ddc-4078-90e8-183ce3e5990a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{a22d0e1d-0ddc-4078-90e8-183ce3e5990a}\ deleted successfully.
C:\WINDOWS\system32\yjfibr.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{A7BE34F6-3C58-4406-9351-49DDAAE562E0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A7BE34F6-3C58-4406-9351-49DDAAE562E0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{ABADC07C-9990-405a-AA24-2C209B50AE79}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{ABADC07C-9990-405a-AA24-2C209B50AE79}\ deleted successfully.
C:\WINDOWS\system32\svchstb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{ae713b05-537b-4ac9-83cd-8cb9003711fd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{ae713b05-537b-4ac9-83cd-8cb9003711fd}\ deleted successfully.
C:\WINDOWS\system32\unvznq.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ deleted successfully.
C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ not found.
File C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ not found.
File C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-1007030829-3503191145-182539144-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CPMff3d380f deleted successfully.
C:\WINDOWS\system32\tanetezo.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor deleted successfully.
File C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salumibudi deleted successfully.
C:\WINDOWS\system32\dubuwemo.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZangoOE deleted successfully.
File C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZangoSA deleted successfully.
File C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom deleted successfully.
File C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe not found.
Registry value HKEY_USERS\S-1-5-21-1007030829-3503191145-182539144-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom not found.
File C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt&Search\ deleted successfully.
Registry key HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt&Search\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt&Search\ not found.
Registry key HKEY_USERS\S-1-5-21-1007030829-3503191145-182539144-1006\Software\Microsoft\Internet Explorer\MenuExt&Search\ not found.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\Contains\Files\ not found.
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls:yjfibr.dll deleted successfully.
File C:\WINDOWS\system32\yjfibr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls:C:\WINDOWS\system32\boserote.dll deleted successfully.
C:\WINDOWS\system32\boserote.dll moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls:c:\windows\system32\tanetezo.dll scheduled to be deleted on reboot.
File C:\WINDOWS\system32\tanetezo.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify__c0034210\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRHBrqo\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SSODL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
File C:\WINDOWS\system32\tanetezo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
File C:\WINDOWS\system32\tanetezo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages:C:\WINDOWS\system32\iifefFWp deleted successfully.
File not found.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\fjxcnbdh.ini moved successfully.
C:\WINDOWS\System32\hdbncxjf.dll moved successfully.
File C:\WINDOWS\System32\unvznq.dll not found!
C:\WINDOWS\System32\gsvyuixv.dll moved successfully.
File C:\WINDOWS\System32\yjfibr.dll not found!
C:\Documents and Settings\Owner\Local Settings\Temp\GGS12E.tmp\setuphook.dll moved successfully.
Folder move failed. C:\Documents and Settings\Owner\Local Settings\Temp\nsy8D.tmp\ scheduled to be moved on reboot.
C:\Documents and Settings\Owner\Local Settings\Temp\3SNyLREn.dat moved successfully.
C:\WINDOWS\Temp\GLF102.EXE moved successfully.
C:\WINDOWS\Temp\TMP5.exe moved successfully.
C:\WINDOWS\Temp\TMPE7.exe moved successfully.
C:\WINDOWS\Temp\3SNyLREn.dat moved successfully.
C:\WINDOWS\System32\virabuna moved successfully.
File C:\WINDOWS\System32\tanetezo.dll not found!
C:\WINDOWS\System32\yopopanu.dll moved successfully.
File C:\WINDOWS\System32\pWFfefii.ini not found!
File C:\WINDOWS\System32\pWFfefii.ini2 not found!
File C:\WINDOWS\System32\fjxcnbdh.ini not found!
File C:\WINDOWS\System32\hdbncxjf.dll not found!
File C:\WINDOWS\System32\unvznq.dll not found!
File C:\WINDOWS\System32\gsvyuixv.dll not found!
File C:\WINDOWS\System32\yjfibr.dll not found!
File C:\WINDOWS\System32\ikaxrwdm.dll not found!
File C:\WINDOWS\System32\qkcijptn.ini not found!
File C:\WINDOWS\System32\ufcegr.dll not found!
File C:\WINDOWS\System32\evqaopgb.dll not found!
File C:\WINDOWS\System32\ntpjickq.dll not found!
C:\WINDOWS\tasks\rpc.job moved successfully.
File C:\WINDOWS\System32\hsrjeaia.ini not found!
File C:\WINDOWS\System32\aiaejrsh.dll not found!
File C:\WINDOWS\System32\rbxici.dll not found!
File C:\WINDOWS\System32\pethxpjp.dll not found!
File C:\WINDOWS\System32\glbkgamy.ini not found!
File C:\WINDOWS\System32\ouqhdfjf.dll not found!
File C:\WINDOWS\System32\kjwyjz.dll not found!
File C:\WINDOWS\System32\tb.dr not found!
File C:\WINDOWS\System32\rc.dat not found!
File C:\WINDOWS\System32\ps1.dat not found!
File C:\WINDOWS\System32\cs.dat not found!
File C:\WINDOWS\System32\bb1.dat not found!
File C:\WINDOWS\System32\cookie1.dat not found!
File C:\WINDOWS\System32\svchstb.dll not found!
File C:\WINDOWS\System32\msnav32.ax not found!
File C:\WINDOWS\System32\uruvfvvd.ini not found!
File C:\WINDOWS\System32\rilsen.dll not found!
File C:\WINDOWS\System32\hjfklodp.dll not found!
C:\Documents and Settings\All Users\Documents\ESBK.mbb moved successfully.
C:\Documents and Settings\All Users\Documents\ESBK.mb moved successfully.
C:\Documents and Settings\Owner\My Documents\phonr.docx moved successfully.
File C:\WINDOWS\System32\delself.bat not found!
File C:\Documents and Settings\Owner\Desktop\AntivirusPro2009.lnk not found!
[File - Lop Check]
C:\Documents and Settings\All Users\Application Data\Winferno\RegPowerClean folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winferno folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\Zango\Zango\v3.0\HostOI\dynamic folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\Zango\Zango\v3.0\HostOI folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\Zango\Zango\v3.0 folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\Zango\Zango folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\Zango\v3.0\Zango\dynamic folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\Zango\v3.0\Zango folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\Zango\v3.0 folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\Zango folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\Zango\static\DownLoad folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\Zango\static\2 folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\Zango\static\1 folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\Zango\static folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\Zango\dynamic\ustat folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\Zango\dynamic folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\Zango folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\HostOL\static folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\HostOL\dynamic folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\HostOL folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\HostOI\static folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\HostOI\dynamic folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0\HostOI folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\v3.0 folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango\IESkins folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Zango folder moved successfully.
File C:\Documents and Settings\Owner\Application Data\gadcom not found!
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static\1 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\static folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango\dynamic folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\Zango folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOL\static\DownLoad folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOL\static\1 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOL\static folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOL\dynamic folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOL folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOI\static folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOI\dynamic folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0\HostOI folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango\v3.0 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Zango folder moved successfully.
File C:\WINDOWS\Tasks\rpc.job not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\MSHist012008120520081206\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp~DF2FAB.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_234.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin → emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.2.1 fix logfile created on 12052008_160200
Files moved on Reboot…
File C:\Documents and Settings\Owner\Local Settings\Temp\nsy8D.tmp\ not found!
C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\MSHist012008120520081206\index.dat moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp~DF2FAB.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_234.dat moved successfully.
Registry entries deleted on Reboot…
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls:c:\windows\system32\tanetezo.dll scheduled to be deleted on reboot.
I think thats everything you needed there. Anything else just let me know.
Hi can you confirm that you ran the Hijackthis before the OTScanit fix ?
If you did could you re-run Hijackthis and post a new log Ta
I ran the Hijackthis after the OTScanit. I waited till my cpu rebooted after the OTScanit.
Thank you for all your help so far also.
The reason I asked is that some elements I called for deletion were still present… Lets get one of the bigger boys on it
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Im not sure how to disable my antispyware. I clicked on all 3 links but none of them allow me to save.
I was just able to save it.
I am just about to turn in now… I will look at the log first thing in the morning
I appreciate the help
ComboFix 08-12-05.02 - Owner 2008-12-05 18:43:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.127 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\bold.log
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\Programs\Zango
c:\documents and settings\All Users\Start Menu\Programs\Zango\Reset Cursor.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Weather.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Games!.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Library.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Screensavers!.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Videos!.lnk
c:\documents and settings\Owner\Application Data\WeatherDPA
c:\documents and settings\Owner\Application Data\WeatherDPA\Weather\WeatherStartup.xml
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images[u]0[/u]02FCC92.urr
c:\program files\FunWebProducts\ScreenSaver\Images\19DEC060.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache[u]0[/u]73E0C3B
c:\program files\MyWebSearch\bar\Cache[u]0[/u]73E137E.bin
c:\program files\MyWebSearch\bar\Cache[u]0[/u]73E1795.bin
c:\program files\MyWebSearch\bar\Cache[u]0[/u]73E19C7.bin
c:\program files\MyWebSearch\bar\Cache[u]0[/u]73E1BDB.bin
c:\program files\MyWebSearch\bar\Cache[u]0[/u]F1F6AF2.bin
c:\program files\MyWebSearch\bar\Cache[u]0[/u]F1F70DE.bin
c:\program files\MyWebSearch\bar\Cache[u]0[/u]F1F7255.bin
c:\program files\MyWebSearch\bar\Cache[u]0[/u]F1F7458.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\OneStepSearch
c:\program files\OneStepSearch\home.js
c:\program files\OneStepSearch\readme.html
c:\program files\video activex access
c:\program files\zango
c:\program files\zango\bin\10.3.75.0\arrow.ico
c:\program files\zango\bin\10.3.75.0\CntntCntr.dll
c:\program files\zango\bin\10.3.75.0\copyright.txt
c:\program files\zango\bin\10.3.75.0\CoreSrv.dll
c:\program files\zango\bin\10.3.75.0\firefox\extensions\chrome.manifest
c:\program files\zango\bin\10.3.75.0\firefox\extensions\components\npclntax.xpt
c:\program files\zango\bin\10.3.75.0\firefox\extensions\install.rdf
c:\program files\zango\bin\10.3.75.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
c:\program files\zango\bin\10.3.75.0\HostOE.dll
c:\program files\zango\bin\10.3.75.0\HostOL.dll
c:\program files\zango\bin\10.3.75.0\link.ico
c:\program files\zango\bin\10.3.75.0\Srv.exe
c:\program files\zango\bin\10.3.75.0\Toolbar.dll
c:\program files\zango\bin\10.3.75.0\Wallpaper.dll
c:\program files\zango\bin\10.3.75.0\Weather.exe
c:\program files\zango\bin\10.3.75.0\WeSkin.dll
c:\program files\zango\bin\10.3.75.0\ZangoSAAX.dll
c:\program files\zango\bin\10.3.75.0\ZangoSADF.exe
c:\program files\zango\bin\10.3.75.0\ZangoSAHook.dll
c:\program files\zango\bin\10.3.75.0\ZangoUninstaller.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32_003377_.tmp.dll
c:\windows\system32_003378_.tmp.dll
c:\windows\system32_003379_.tmp.dll
c:\windows\system32_003380_.tmp.dll
c:\windows\system32_003387_.tmp.dll
c:\windows\system32_003388_.tmp.dll
c:\windows\system32_003389_.tmp.dll
c:\windows\system32_003390_.tmp.dll
c:\windows\system32_003392_.tmp.dll
c:\windows\system32_003393_.tmp.dll
c:\windows\system32_003396_.tmp.dll
c:\windows\system32_003397_.tmp.dll
c:\windows\system32_003399_.tmp.dll
c:\windows\system32_003400_.tmp.dll
c:\windows\system32_003401_.tmp.dll
c:\windows\system32_003403_.tmp.dll
c:\windows\system32_003406_.tmp.dll
c:\windows\system32_003407_.tmp.dll
c:\windows\system32_003411_.tmp.dll
c:\windows\system32_003412_.tmp.dll
c:\windows\system32_003414_.tmp.dll
c:\windows\system32_003416_.tmp.dll
c:\windows\system32_003417_.tmp.dll
c:\windows\system32_003419_.tmp.dll
c:\windows\system32_003420_.tmp.dll
c:\windows\system32_003421_.tmp.dll
c:\windows\system32_003422_.tmp.dll
c:\windows\system32_003423_.tmp.dll
c:\windows\system32_003426_.tmp.dll
c:\windows\system32_003427_.tmp.dll
c:\windows\system32_003428_.tmp.dll
c:\windows\system32_003429_.tmp.dll
c:\windows\system32_003430_.tmp.dll
c:\windows\system32_003435_.tmp.dll
c:\windows\system32_003437_.tmp.dll
c:\windows\system32\2m4lxKAr.exe.a_a
c:\windows\system32\alatopus.ini
c:\windows\system32\alog.txt
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\fagopitu.dll
c:\windows\system32\ikezutit.ini
c:\windows\system32\kawolumi.dll
c:\windows\system32\lobofenu.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\o81S622H.exe.a_a
c:\windows\system32\pebapehe.dll
c:\windows\system32\supotala.dll
c:\windows\system32\tituzeki.dll
D:\Autorun.inf