Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

yohujoku.dll


  • Please log in to reply
19 replies to this topic

#1 Inky456

Inky456

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 16 December 2008 - 11:00 PM

Hi All...

Every time I open a program I get a pop up telling me yohujoku.dll is not a Windows file...blah blah blah...

I have MacAfee and Spybot Search and Destroy...neither one is detecting anything.

Thoughts? Ideas?

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 16 December 2008 - 11:16 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Inky456

Inky456
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 28 December 2008 - 01:26 PM

Though it did find a bunch of stuff, yohujoku is still there every time I open a program and at least 10 times when I'm booting up.

Thanks for the help, BTW!

Here's the log..





Malwarebytes' Anti-Malware 1.31
Database version: 1550
Windows 5.1.2600 Service Pack 2

12/28/2008 1:05:26 PM
mbam-log-2008-12-28 (13-05-26).txt

Scan type: Quick Scan
Objects scanned: 91899
Time elapsed: 16 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{69b98c68-d2b8-4a4e-9cb7-e85b6f3a7014} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f2bada0d-fd61-45ef-a994-64a073fd6613} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\97JNLLCE\xrun[1].tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 28 December 2008 - 04:06 PM

Reboot your computer, update Malwarebytes and run the Full Scan. Post the new log and let us know how your computer is running.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Inky456

Inky456
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 29 December 2008 - 12:38 AM

Yup...still there





Malwarebytes' Anti-Malware 1.31
Database version: 1564
Windows 5.1.2600 Service Pack 2

12/29/2008 12:24:37 AM
mbam-log-2008-12-29 (00-24-37).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 295483
Time elapsed: 1 hour(s), 54 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149335.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149338.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149345.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149346.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149347.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149349.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149354.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149356.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149357.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149359.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149362.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149363.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149364.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149370.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149371.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149386.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149387.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 29 December 2008 - 01:58 AM

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on drweb-cureit.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 Inky456

Inky456
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 13 January 2009 - 07:59 PM

Ok..I did Dr. Web....and the little **** is still popping up...




Preview-T-3870556-im looking for a good time CD quality.mp3;C:\Documents and Settings\Compaq_Administrator\Desktop\Incomplete;Trojan.WMALoader;Cured.;
im looking for a good time CD quality.mp3;C:\Documents and Settings\Compaq_Administrator\Desktop\Krystina's MP3's;Trojan.WMALoader;Cured.;
TrivialSASetup-dm[1].exe;C:\Downloads;Adware.TryMedia;Incurable.Moved.;
slghex.dll;C:\Program Files\Common Files\Sandlot Shared;Adware.SpywareStorm;Incurable.Moved.;
nppopcaploader.dll;C:\Program Files\Netscape\Netscape\Plugins;Program.PopcapLoader.origin;Incurable.Moved.;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Program Files\Online Services\Aol\United States\AOL90\comps\coach;Archive contains infected objects;Moved.;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90E\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Program Files\Online Services\Aol\United States\AOL90E\comps\coach;Archive contains infected objects;Moved.;
Uninstall.exe;C:\Program Files\PopCap Games\PopCap Browser Plugin;Program.PopcapLoader.origin;Incurable.Moved.;
mwsSetup.CommonCodebase.exe\data003;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.4;;
mwsSetup.CommonCodebase.exe\data007;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MWS.75;;
mwsSetup.CommonCodebase.exe\data008;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.7;;
mwsSetup.CommonCodebase.exe\data010;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MWS.77;;
mwsSetup.CommonCodebase.exe\data011;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.Websearch.7;;
mwsSetup.CommonCodebase.exe\data012;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.Websearch.35;;
mwsSetup.CommonCodebase.exe\data013;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MWS.74;;
mwsSetup.CommonCodebase.exe\data014;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MWS.76;;
mwsSetup.CommonCodebase.exe\data015;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.14;;
mwsSetup.CommonCodebase.exe\data016;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.11;;
mwsSetup.CommonCodebase.exe\data019;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.8;;
mwsSetup.CommonCodebase.exe\data020;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.10;;
mwsSetup.CommonCodebase.exe\data021;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.Msearch;;
mwsSetup.CommonCodebase.exe\data022;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.9;;
mwsSetup.CommonCodebase.exe\data024;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MWS;;
mwsSetup.CommonCodebase.exe\data027;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.15;;
mwsSetup.CommonCodebase.exe\data028;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.Websearch.6;;
mwsSetup.CommonCodebase.exe\data030;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.12;;
mwsSetup.CommonCodebase.exe\data031;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001\mwsSetup.CommonCodebase;Adware.Websearch.8;;
mwsSetup.CommonCodebase.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe\data001;Archive contains infected objects;;
data001;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055\A0149333.exe;Archive contains infected objects;;
A0149333.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Archive contains infected objects;Moved.;
A0149334.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.Websearch.13;Incurable.Moved.;
A0149336.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MyWebSearch.6;Incurable.Moved.;
A0149337.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MyWebSearch.6;Incurable.Moved.;
A0149342.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MyWebSearch.5;Incurable.Moved.;
A0149343.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MyWebSearch.10;Incurable.Moved.;
A0149344.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MWS.77;Incurable.Moved.;
A0149348.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MyWebSearch.3;Incurable.Moved.;
A0149350.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MyWebSearch.5;Incurable.Moved.;
A0149352.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MyWebSearch.6;Incurable.Moved.;
A0149353.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MWS.75;Incurable.Moved.;
A0149358.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MyWebSearch.10;Incurable.Moved.;
A0149366.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MyWebSearch.12;Incurable.Moved.;
A0149368.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MWS.76;Incurable.Moved.;
A0149372.EXE;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MyWebSearch.15;Incurable.Moved.;
A0149373.EXE;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.Websearch.6;Incurable.Moved.;
A0149374.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.Websearch.35;Incurable.Moved.;
A0149375.EXE;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.Websearch.8;Incurable.Moved.;
A0149384.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.Websearch.13;Incurable.Moved.;
A0149385.DLL;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MWS.77;Incurable.Moved.;
A0149396.dll;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1055;Adware.MWS.77;Incurable.Moved.;
mwsSetup.CommonCodebase.exe\data003;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.4;;
mwsSetup.CommonCodebase.exe\data007;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MWS.75;;
mwsSetup.CommonCodebase.exe\data008;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.7;;
mwsSetup.CommonCodebase.exe\data010;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MWS.77;;
mwsSetup.CommonCodebase.exe\data011;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.Websearch.7;;
mwsSetup.CommonCodebase.exe\data012;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.Websearch.35;;
mwsSetup.CommonCodebase.exe\data013;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MWS.74;;
mwsSetup.CommonCodebase.exe\data014;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MWS.76;;
mwsSetup.CommonCodebase.exe\data015;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.14;;
mwsSetup.CommonCodebase.exe\data016;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.11;;
mwsSetup.CommonCodebase.exe\data019;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.8;;
mwsSetup.CommonCodebase.exe\data020;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.10;;
mwsSetup.CommonCodebase.exe\data021;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.Msearch;;
mwsSetup.CommonCodebase.exe\data022;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.9;;
mwsSetup.CommonCodebase.exe\data024;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MWS;;
mwsSetup.CommonCodebase.exe\data027;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.15;;
mwsSetup.CommonCodebase.exe\data028;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.Websearch.6;;
mwsSetup.CommonCodebase.exe\data030;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.MyWebSearch.12;;
mwsSetup.CommonCodebase.exe\data031;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001\mwsSetup.CommonCodebase;Adware.Websearch.8;;
mwsSetup.CommonCodebase.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe\data001;Archive contains infected objects;;
data001;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091\A0157478.exe;Archive contains infected objects;;
A0157478.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1091;Archive contains infected objects;Moved.;
A0157662.exe\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1096\A0157662.exe;Adware.Gdown;;
A0157662.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1096;Archive contains infected objects;Moved.;
A0157663.exe\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1096\A0157663.exe;Adware.Gdown;;
A0157663.exe;C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1096;Archive contains infected objects;Moved.;

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 13 January 2009 - 08:06 PM

Ok, try this one:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 Inky456

Inky456
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 21 April 2009 - 07:39 PM

It's been awhile since I got back in here....Mr. yohujoku is still making my life hell.

I dl'd SDFix. As soon as it starts up and begins to scan, the yohujoku pop ups start and, with no exaggeration, I can hit them 150 times and they won't go away. It won't allow SDFix to continue.

There are a lot of file names mentioned in the boxes that pop up when I start my computer (at least 25 at start-up and at least one at the start of every program)

Here are the main 2 that pop up when I'm running SDFix

CSweg.exe BAD IMAGE
dnif.exe BAD IMAGE

every pop up both in and out of SDFix says the following:

The application or DLL C/Windows/system32/yohujoku.dll is an invalid windows image. Please check this against your installation disk.

I hope I explained this correctly

Thanks!

Cindy

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:35 PM

Posted 21 April 2009 - 09:23 PM

Your Malwarebytes Anti-Malware log indicates you are using an older version of MBAM (v1.31) with an outdated database. Please download and install the most current version (1.36) from here.
You may have to reboot after updating in order to overwrite any "in use" protection module files.

Update the database through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install.Your database shows 1564. Last I checked it was 2021.

Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Inky456

Inky456
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 22 April 2009 - 12:01 AM

My leetle friend is still there...

Here's the log


Malwarebytes' Anti-Malware 1.36
Database version: 2024
Windows 5.1.2600 Service Pack 2

4/22/2009 12:50:35 AM
mbam-log-2009-04-22 (00-50-35).txt

Scan type: Quick Scan
Objects scanned: 135456
Time elapsed: 19 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyClean (Rogue.NetCom3) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hleyuqosejefi (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Compaq_Administrator\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\FunWebProducts\Data\Compaq_Administrator (Adware.MyWay) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\pdfupd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv121239024633.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\SLWPF9GN\load[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\alolifet.dll (Trojan.Agent) -> Delete on reboot.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:35 PM

Posted 22 April 2009 - 07:45 AM

Malwarebytes Anti-Malware has a built-in FileAssassin feature for removing stubborn malware files.
  • Go to the "More Tools" tab and click on the "Run Tool" button
  • Browse to the location of the file to remove using the drop down box next to "Look in:" at the top.
    • C:\Windows\system32\yohujoku.dll <- this file
  • When you find the file, click on it to highlight, then select Open.
  • You will be prompted with a message warning: This file will be permanently deleted. Are you sure you want to continue?. Click Yes.
  • If removal did not require a reboot, you will receive a message indicating the file was deleted successfully.
  • Click Ok and exit MBAM.
  • If prompted to reboot, then do so immediately.
-- If the file returns, then you probably have other malware on your system which is protecting or regenerating it.

Caution: Be careful what you delete. FileAssassin is a powerful program, designed to move highly persistent files. Using it incorrectly could lead to serious problems with your operating system.


Then rescan one more time with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

If the issue continues, be aware that some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is hidden piece of malware which has not been detected by your security tools that protects malicious files and registry keys (which have been detected) so they cannot be permanently deleted. I saw evidence of a rootkit infection in your last log. Disinfection will probably require the use of more powerful tools than we recommend in this forum. We will refer you accordingly.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Inky456

Inky456
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 22 April 2009 - 05:56 PM

When I look for the file in Windows\system32, I don't see it. Am I looking in the wrong place or is it hiding itself?

Oy...this thing is a PITA.

And what's a rootkit infection?

Edited by Inky456, 23 April 2009 - 09:20 AM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:35 PM

Posted 23 April 2009 - 09:32 AM

The application or DLL C/Windows/system32/yohujoku.dll...

That's the path which was given. Lets try something else.

Please download OTMoveIt3 by OldTimer and save to your Desktop.
  • Double-click on OTMoveIt3.exe to launch the program. (If using Windows Vista, be sure to Run As Administrator)
  • Copy the file(s)/folder(s) paths listed below - highlight everything in the code box and press CTRL+C or right-click and choose Copy.
:Processes
explorer.exe

:Files
C:\Windows\system32\yohujoku.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right-click in the open text box labeled "Paste Instructions for Items to be Moved" (under the yellow bar) and choose Paste.
  • Click the red MoveIt! button.
  • The list will be processed and the results will be displayed in the right-hand pane.
  • Highlight everything in the Results window (under the green bar), press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
  • Click Exit when done.
  • A log of the results is automatically created and saved to C:\_OTMoveIt\MovedFiles \mmddyyyy_hhmmss.log <- the date/time the tool was run.
-- Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. After the reboot, open Notepad, click File > Open, in the File Name box type *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, open the newest .log file and copy/paste the contents in your next reply. If not asked, reboot anyway.

Caution: Be careful of what you copy and paste with this tool. OTMoveIt is a powerful program, designed to move highly persistent files and folders.


Then do your rescan with MBAM.

what's a rootkit infection?

What is a Rootkit?
Rootkits and how to combat them
r00tkit Analysis
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Inky456

Inky456
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 23 April 2009 - 05:13 PM

Here's the log...

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
LoadLibrary failed for C:\Windows\system32\yohujoku.dll
C:\Windows\system32\yohujoku.dll NOT unregistered.
C:\Windows\system32\yohujoku.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\etilqs_RAMQmp9226MEngEMD5CS scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_2ljlwmR0Sbv2UKT scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_1Ij23gFuAEJgFBi scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_CbgAuHA5mv6HgWS scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_D3qJfO9scbu7Kzc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_JbF1WxnMZyu76Qj scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_li6BbzVeybEQvsn scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV158.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2f370c45.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2f370c45.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2f370c45.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2f370c45.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2f370c45.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2f370c45.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04232009_174524

Files moved on Reboot...
File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\etilqs_RAMQmp9226MEngEMD5CS not found!
File C:\WINDOWS\temp\mcafee_2ljlwmR0Sbv2UKT not found!
File C:\WINDOWS\temp\mcmsc_1Ij23gFuAEJgFBi not found!
File C:\WINDOWS\temp\mcmsc_CbgAuHA5mv6HgWS not found!
File C:\WINDOWS\temp\mcmsc_D3qJfO9scbu7Kzc not found!
File C:\WINDOWS\temp\mcmsc_JbF1WxnMZyu76Qj not found!
File C:\WINDOWS\temp\mcmsc_li6BbzVeybEQvsn not found!
File C:\WINDOWS\temp\Perflib_Perfdata_f4.dat not found!
File C:\WINDOWS\temp\WFV158.tmp not found!
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2f370c45.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2f370c45.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2f370c45.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2f370c45.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2f370c45.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2f370c45.default\XUL.mfl moved successfully.



And the best part is....


It's Gone!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users