Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Windows 8 running slowly
Go to first new post Windows Update not working
Go to first new post Trojan virus
Go to first new post RunDLL error on startup after virus remo ...
Go to first new post Unable to run malware programs, Proxy Se ...
Go to first new post NtAlpcCo... virus HELP PLEASE!
Go to first new post v-39.net top arcae hits
Go to first new post Please check my log...Computer running S ...
Go to first new post Computer running slowly
Go to first new post Memory upgrade problems.
Go to first new post Unable to turn on Windows Security Centr ...
Go to first new post What is findGala and why does my browser ...
Go to first new post Suspected Malware - Radio plays randomly ...
Go to first new post only command prompt apears on boot
Go to first new post Freezing Computer and beyond ridiculousl ...
Search Search
Search for:
Tech Support Guy Forums > > >

What is jx0mj09vaz.exe. . .

(In Progress)
(!)

Reply
Page 2 of 2 1 2
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,558 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
27-Mar-2012, 03:32 PM #16
Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.

Code:
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} [HKLM] -> [AC-Pro]
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Users^Rees^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk -> 
[Files/Folders - Created Within 30 Days]
NY ->  F4D55F3B00007C7D0003E51DEEC1FB6E -> C:\ProgramData\F4D55F3B00007C7D0003E51DEEC1FB6E
NY ->  1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  6CuX26ypM.dat -> C:\ProgramData\6CuX26ypM.dat
NY ->  v46p8J6t.exe_.b -> C:\ProgramData\v46p8J6t.exe_.b
NY ->  v46p8J6t.exe.b -> C:\ProgramData\v46p8J6t.exe.b
NY ->  1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp
[Files - No Company Name]
NY ->  v46p8J6t.exe_.b -> C:\ProgramData\v46p8J6t.exe_.b
NY ->  v46p8J6t.exe.b -> C:\ProgramData\v46p8J6t.exe.b
NY ->  6CuX26ypM.dat -> C:\ProgramData\6CuX26ypM.dat
NY ->  5f15e809 -> C:\Users\Rees\AppData\Roaming\5f15e809
NY ->  5ec219fe -> C:\Users\Rees\AppData\Local\5ec219fe
NY ->  5108c444 -> C:\ProgramData\5108c444
NY ->  ~AXpqZ5HiYfX8yC -> C:\ProgramData\~AXpqZ5HiYfX8yC
NY ->  ~AXpqZ5HiYfX8yCr -> C:\ProgramData\~AXpqZ5HiYfX8yCr
NY ->  AXpqZ5HiYfX8yC -> C:\ProgramData\AXpqZ5HiYfX8yC
NY ->  ~MgLebH9G7NvVJvr -> C:\ProgramData\~MgLebH9G7NvVJvr
NY ->  ~MgLebH9G7NvVJv -> C:\ProgramData\~MgLebH9G7NvVJv
NY ->  MgLebH9G7NvVJv -> C:\ProgramData\MgLebH9G7NvVJv
NY ->  Dqiwewo.dat -> C:\Users\Rees\AppData\Local\Dqiwewo.dat
NY ->  Ntiyo.bin -> C:\Users\Rees\AppData\Local\Ntiyo.bin
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
__________________
Microsoft MVP - Consumer Security
DrYattz's Avatar
Member with 13 posts.
THREAD STARTER
  
Join Date: Jul 2008
27-Mar-2012, 08:49 PM #17
Running Hijack this, I got an error message saying something about being unable to write access Hosts, but I ran it anyway.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,558 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
28-Mar-2012, 02:07 PM #18
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:48:31 PM, on 3/27/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://oc-startpage.aol.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MapQuest Toolbar Search Class - {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll
O2 - BHO: TranslatorBar 1 Toolbar - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: MapQuest Toolbar Loader - {bd3fd433-147a-482e-a192-614f26e2310c} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O3 - Toolbar: TranslatorBar 1 Toolbar - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MapQuest Toolbar - {9302e698-7e00-43ab-b867-c6e759bc2ada} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll
O3 - Toolbar: KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rees\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O15 - Trusted Zone: *.ancestry.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe

--
End of file - 12310 bytes
__________________
Microsoft MVP - Consumer Security
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,558 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
28-Mar-2012, 02:08 PM #19
All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Rees^AppData^Roaming^Microsoft^Window s^Start Menu^Programs^Startup^LimeWire On Startup.lnk\ deleted successfully.
File C:\Windows\pss\imeWire On Startup.lnk not found.
[Files/Folders - Created Within 30 Days]
C:\ProgramData\F4D55F3B00007C7D0003E51DEEC1FB6E folder moved successfully.
C:\Windows\System32\~.tmp deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\ProgramData\6CuX26ypM.dat moved successfully.
C:\ProgramData\v46p8J6t.exe_.b moved successfully.
C:\ProgramData\v46p8J6t.exe.b moved successfully.
[Files - No Company Name]
File C:\ProgramData\v46p8J6t.exe_.b not found!
File C:\ProgramData\v46p8J6t.exe.b not found!
File C:\ProgramData\6CuX26ypM.dat not found!
C:\Users\Rees\AppData\Roaming\5f15e809 moved successfully.
C:\Users\Rees\AppData\Local\5ec219fe moved successfully.
C:\ProgramData\5108c444 moved successfully.
C:\ProgramData\~AXpqZ5HiYfX8yC moved successfully.
C:\ProgramData\~AXpqZ5HiYfX8yCr moved successfully.
C:\ProgramData\AXpqZ5HiYfX8yC moved successfully.
C:\ProgramData\~MgLebH9G7NvVJvr moved successfully.
C:\ProgramData\~MgLebH9G7NvVJv moved successfully.
C:\ProgramData\MgLebH9G7NvVJv moved successfully.
C:\Users\Rees\AppData\Local\Dqiwewo.dat moved successfully.
C:\Users\Rees\AppData\Local\Ntiyo.bin moved successfully.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rees
->Temp folder emptied: 92646 bytes
->Temporary Internet Files folder emptied: 9912150 bytes
->Java cache emptied: 4613203 bytes
->Google Chrome cache emptied: 88068655 bytes
->Flash cache emptied: 3336 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21071 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\ Temporary Internet Files folder emptied: 527979 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 98.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Rees
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Rees
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 03272012_183319

Files\Folders moved on Reboot...
File\Folder C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YNJMBKDE\fastbutton[1].htm not found!
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YNJMBKDE\mail[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YNJMBKDE\mail[2].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XK8P6SU4\mail[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PC2P5B3D\DtCol[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PC2P5B3D\RSltPrc[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PC2P5B3D\swp[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OYN1EISW\1046406-what-jx0mj09vaz-exe-2[1].html moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OYN1EISW\bkdp[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OYN1EISW\RSltPrc[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OYN1EISW\RSltPrc[2].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OYN1EISW\swp[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JF95B3OF\gtp[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JF95B3OF\RSltPrc[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JF95B3OF\RSltPrc[2].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JF95B3OF\ticolscr[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABT2R6YQ\mail[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6C99FZQJ\RSltPrc[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6C99FZQJ\si[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6C99FZQJ\swp[1].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1YGHBHHM\mail[1].htm moved successfully.
File\Folder C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1YGHBHHM\nwshp[1].htm not found!
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQSJUF2T\google_com[1].txt moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQSJUF2T\search[4].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQSJUF2T\search[5].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N695ZOCO\search[3].htm moved successfully.
C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPQYIM26\search[2].htm moved successfully.

Registry entries deleted on Reboot...
__________________
Microsoft MVP - Consumer Security
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 89,558 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
28-Mar-2012, 02:11 PM #20
I see you have MalwareBytes.
  • Update the program to get the latest definitions.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
__________________
Microsoft MVP - Consumer Security
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 2 of 2 1 2
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

Tags
jx0mj09vaz, requesting permission, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 02:28 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑