1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

What is jx0mj09vaz.exe. . .

Discussion in 'Virus & Other Malware Removal' started by DrYattz, Mar 24, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,655
    Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.

    Code:
    [Kill All Processes]
    [Unregister Dlls]
    [Registry - Safe List]
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} [HKLM] -> [AC-Pro]
    YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    [Registry - Additional Scans - Safe List]
    < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
    YN -> C:^Users^Rees^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk -> 
    [Files/Folders - Created Within 30 Days]
    NY ->  F4D55F3B00007C7D0003E51DEEC1FB6E -> C:\ProgramData\F4D55F3B00007C7D0003E51DEEC1FB6E
    NY ->  1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp
    [Files/Folders - Modified Within 30 Days]
    NY ->  6CuX26ypM.dat -> C:\ProgramData\6CuX26ypM.dat
    NY ->  v46p8J6t.exe_.b -> C:\ProgramData\v46p8J6t.exe_.b
    NY ->  v46p8J6t.exe.b -> C:\ProgramData\v46p8J6t.exe.b
    NY ->  1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp
    [Files - No Company Name]
    NY ->  v46p8J6t.exe_.b -> C:\ProgramData\v46p8J6t.exe_.b
    NY ->  v46p8J6t.exe.b -> C:\ProgramData\v46p8J6t.exe.b
    NY ->  6CuX26ypM.dat -> C:\ProgramData\6CuX26ypM.dat
    NY ->  5f15e809 -> C:\Users\Rees\AppData\Roaming\5f15e809
    NY ->  5ec219fe -> C:\Users\Rees\AppData\Local\5ec219fe
    NY ->  5108c444 -> C:\ProgramData\5108c444
    NY ->  ~AXpqZ5HiYfX8yC -> C:\ProgramData\~AXpqZ5HiYfX8yC
    NY ->  ~AXpqZ5HiYfX8yCr -> C:\ProgramData\~AXpqZ5HiYfX8yCr
    NY ->  AXpqZ5HiYfX8yC -> C:\ProgramData\AXpqZ5HiYfX8yC
    NY ->  ~MgLebH9G7NvVJvr -> C:\ProgramData\~MgLebH9G7NvVJvr
    NY ->  ~MgLebH9G7NvVJv -> C:\ProgramData\~MgLebH9G7NvVJv
    NY ->  MgLebH9G7NvVJv -> C:\ProgramData\MgLebH9G7NvVJv
    NY ->  Dqiwewo.dat -> C:\Users\Rees\AppData\Local\Dqiwewo.dat
    NY ->  Ntiyo.bin -> C:\Users\Rees\AppData\Local\Ntiyo.bin
    [Empty Temp Folders]
    [EmptyFlash]
    [EmptyJava]
    [Start Explorer]
    [Reboot]
     
  2. DrYattz

    DrYattz Thread Starter

    Joined:
    Jul 2, 2008
    Messages:
    13
    Running Hijack this, I got an error message saying something about being unable to write access Hosts, but I ran it anyway.
     

    Attached Files:

  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,655
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:48:31 PM, on 3/27/2012
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.19088)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://oc-startpage.aol.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: MapQuest Toolbar Search Class - {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll
    O2 - BHO: TranslatorBar 1 Toolbar - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: MapQuest Toolbar Loader - {bd3fd433-147a-482e-a192-614f26e2310c} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
    O3 - Toolbar: TranslatorBar 1 Toolbar - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MapQuest Toolbar - {9302e698-7e00-43ab-b867-c6e759bc2ada} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll
    O3 - Toolbar: KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rees\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
    O15 - Trusted Zone: *.ancestry.com
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
    O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe

    --
    End of file - 12310 bytes
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,655
    All Processes Killed
    [Registry - Safe List]
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    [Registry - Additional Scans - Safe List]
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Rees^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk\ deleted successfully.
    File C:\Windows\pss\imeWire On Startup.lnk not found.
    [Files/Folders - Created Within 30 Days]
    C:\ProgramData\F4D55F3B00007C7D0003E51DEEC1FB6E folder moved successfully.
    C:\Windows\System32\~.tmp deleted successfully.
    [Files/Folders - Modified Within 30 Days]
    C:\ProgramData\6CuX26ypM.dat moved successfully.
    C:\ProgramData\v46p8J6t.exe_.b moved successfully.
    C:\ProgramData\v46p8J6t.exe.b moved successfully.
    [Files - No Company Name]
    File C:\ProgramData\v46p8J6t.exe_.b not found!
    File C:\ProgramData\v46p8J6t.exe.b not found!
    File C:\ProgramData\6CuX26ypM.dat not found!
    C:\Users\Rees\AppData\Roaming\5f15e809 moved successfully.
    C:\Users\Rees\AppData\Local\5ec219fe moved successfully.
    C:\ProgramData\5108c444 moved successfully.
    C:\ProgramData\~AXpqZ5HiYfX8yC moved successfully.
    C:\ProgramData\~AXpqZ5HiYfX8yCr moved successfully.
    C:\ProgramData\AXpqZ5HiYfX8yC moved successfully.
    C:\ProgramData\~MgLebH9G7NvVJvr moved successfully.
    C:\ProgramData\~MgLebH9G7NvVJv moved successfully.
    C:\ProgramData\MgLebH9G7NvVJv moved successfully.
    C:\Users\Rees\AppData\Local\Dqiwewo.dat moved successfully.
    C:\Users\Rees\AppData\Local\Ntiyo.bin moved successfully.
    [Empty Temp Folders]


    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Rees
    ->Temp folder emptied: 92646 bytes
    ->Temporary Internet Files folder emptied: 9912150 bytes
    ->Java cache emptied: 4613203 bytes
    ->Google Chrome cache emptied: 88068655 bytes
    ->Flash cache emptied: 3336 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 21071 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 527979 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 98.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Rees
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Rees
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    < End of fix log >
    OTS by OldTimer - Version 3.1.47.2 fix logfile created on 03272012_183319

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YNJMBKDE\fastbutton[1].htm not found!
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YNJMBKDE\mail[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YNJMBKDE\mail[2].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XK8P6SU4\mail[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PC2P5B3D\DtCol[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PC2P5B3D\RSltPrc[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PC2P5B3D\swp[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OYN1EISW\1046406-what-jx0mj09vaz-exe-2[1].html moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OYN1EISW\bkdp[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OYN1EISW\RSltPrc[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OYN1EISW\RSltPrc[2].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OYN1EISW\swp[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JF95B3OF\gtp[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JF95B3OF\RSltPrc[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JF95B3OF\RSltPrc[2].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JF95B3OF\ticolscr[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABT2R6YQ\mail[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6C99FZQJ\RSltPrc[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6C99FZQJ\si[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6C99FZQJ\swp[1].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1YGHBHHM\mail[1].htm moved successfully.
    File\Folder C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1YGHBHHM\nwshp[1].htm not found!
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQSJUF2T\google_com[1].txt moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQSJUF2T\search[4].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQSJUF2T\search[5].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N695ZOCO\search[3].htm moved successfully.
    C:\Users\Rees\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPQYIM26\search[2].htm moved successfully.

    Registry entries deleted on Reboot...
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,655
    I see you have MalwareBytes.

    • Update the program to get the latest definitions.
    • Select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1046406