Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93124 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Xoftspyse - Satchfan [Solved]

Started by PattiChati , Aug 30 2012 08:49 AM

  • This topic is locked This topic is locked
151 replies to this topic

#31 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 02 September 2012 - 09:59 AM

There were no threats found on malware or eset. Malware didn't generate a log and eset had somewhat of a log, but it couldn't be saved or copied and pasted

    Advertisements

Register to Remove

#32 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 02 September 2012 - 10:49 AM

Ok....how is your system behaving. :)
Posted Image
 
 

#33 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 02 September 2012 - 12:47 PM

Haven t really tried it out. There are several questions I would like to ask abut our processes before e we close the thread though. Or is there more tech stuff to do. Did we get rid of xofspyse and any other virus?

#34 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 02 September 2012 - 01:23 PM

I just started playing around with the computer and the very first thing I notice was when I was on some of the websites and clicked the back button right on the end of the URL address this is what I got

Attached Images

  • locked.PNG

Edited by PattiChati, 02 September 2012 - 01:27 PM.

#35 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 02 September 2012 - 05:09 PM

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

**If you are using a 64bit system please use either of the following links for your download instead:
Link 1
Link 2

  • Right-click and Run as Administrator SystemLook.exe to run it.
  • Copy the content within the following codebox into the main textfield:
    :filefind
*xofspyse*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
 
 

#36 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 02 September 2012 - 05:24 PM

SystemLook 30.07.11 by jpshortstuff Log created at 19:22 on 02/09/2012 by Patty Administrator - Elevation successful ========== filefind ========== Searching for "*xofspyse*" No files found. -= EOF =-

#37 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 02 September 2012 - 08:54 PM

Please run ESET again and post all of the information that is found. If there are no infections ESET does not create a log, but since you said that if found something I need to see what that might be. :) You are doing a great job by the way.
Posted Image
 
 

#38 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 02 September 2012 - 10:19 PM

WOW I don't tink any of you techies have said that before, I feel so dumb. I would to do what you do. It is late here and as I said before I couldn't get the eset report to copy of attach or anything, but I will try again in the morning. Also, we got done with all this, there are a few questions I just need to clarify up with you, is that ok?

#39 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 03 September 2012 - 05:17 AM

The ESET is still running now, over 6 hours and 85& donenly. There are 26 infected files. threats, but it has been on 85& for the last 2 hours - is this how long it normally takes? I just realized my comp0uter is set to go to sleep when it is left alone, so maybe it hasn't been working all night, because just since I got on it, it has moved 1%. I am going back to bed, will let you know than..

Edited by PattiChati, 03 September 2012 - 05:27 AM.

#40 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 03 September 2012 - 01:43 PM

Hi, Yes please just let it run and when it finishes you should be able to Export to Text File the log. I have attached a picture for you to see.

Attached Thumbnails

  • esetresults2.jpg

Posted Image
 
 

    Advertisements

Register to Remove

#41 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 03 September 2012 - 01:47 PM

C:\Users\Patty\Downloads\CrystalDiskInfo4_1_3-en.exe Win32/OpenCandy application J:\Feb 8 12\Downloads\CrystalDiskInfo4_1_3-en.exe Win32/OpenCandy application J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 3.zip probably a variant of Win32/TrojanDownloader.Whizelown.I trojan J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-12-04 121605\Backup files 1.zip multiple threats J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-12-11 113721\Backup files 1.zip multiple threats J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 2.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 3.zip multiple threats J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2012-01-08 082247\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 3.zip multiple threats J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 6.zip Win32/TuneUp360 application J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 3.zip multiple threats J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 3.zip multiple threats J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-06-17 133812\Backup files 2.zip HTML/ScrInject.B.Gen virus J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-06-17 133812\Backup files 4.zip HTML/ScrInject.B.Gen virus J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 4.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 6.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 1.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 10.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 11.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 9.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 2.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 6.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 7.zip multiple threats J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-08-12 092826\Backup files 1.zip a variant of Win32/InstallCore.D application J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 2.zip a variant of Win32/InstallIQ application J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 5.zip multiple threats J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 6.zip multiple threats J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 7.zip multiple threats J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-19 094208\Backup files 1.zip a variant of Win32/InstallCore.AM application J:\PATTY-PC\Backup Set 2011-10-13 173912\Backup Files 2011-10-13 173912\Backup files 3.zip multiple threats J:\PATTY-PC\Backup Set 2011-10-13 173912\Backup Files 2011-10-13 173912\Backup files 5.zip multiple threats J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 3.zip probably a variant of Win32/TrojanDownloader.Whizelown.I trojan J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 4.zip multiple threats J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 5.zip Win32/RegistryBooster application J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 6.zip Win32/TuneUp360 application

#42 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 03 September 2012 - 02:05 PM

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:


    ClearJavaCache::

    File::
    C:\Users\Patty\Downloads\CrystalDiskInfo4_1_3-en.exe Win32/OpenCandy application
    J:\Feb 8 12\Downloads\CrystalDiskInfo4_1_3-en.exe Win32/OpenCandy application
    J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 3.zip
    J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 4.zip
    J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 5.zip
    J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-12-04 121605\Backup files 1.zip
    J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-12-11 113721\Backup files 1.zip
    J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 2.zip
    J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 3.zip
    J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 4.zip
    J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 5.zip
    J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2012-01-08 082247\Backup files 1.zip
    J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 1.zip
    J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 3.zip
    J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 4.zip
    J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 5.zip
    J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 1.zip
    J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 4.zip
    J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 5.zip
    J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 6.zip
    J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 1.zip
    J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 3.zip
    J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 4.zip
    J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 5.zip
    J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 1.zip
    J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 3.zip
    J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 4.zip
    J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 5.zip
    J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-06-17 133812\Backup files 2.zip
    J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-06-17 133812\Backup files 4.zip
    J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 1.zip
    J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 4.zip
    J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 5.zip
    J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 6.zip
    J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 1.zip
    J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 10.zip
    J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 11.zip
    J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 9.zip
    J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 2.zip
    J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 5.zip
    J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 6.zip
    J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 7.zip
    J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-08-12 092826\Backup files 1.zip
    J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 2.zip
    J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 5.zip
    J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 6.zip
    J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 7.zip
    J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-19 094208\Backup files 1.zip
    J:\PATTY-PC\Backup Set 2011-10-13 173912\Backup Files 2011-10-13 173912\Backup files 3.zip
    J:\PATTY-PC\Backup Set 2011-10-13 173912\Backup Files 2011-10-13 173912\Backup files 5.zip
    J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 3.zip
    J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 4.zip

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
Posted Image
 
 

#43 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 03 September 2012 - 02:38 PM

ComboFix 12-09-03.07 - Patty 09/03/2012 16:28:57.7.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.2135 [GMT -4:00] Running from: c:\users\Patty\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 ))))))))))))))))))))))))))))))) . . 2012-09-03 20:35 . 2012-09-03 20:35 -------- d-----w- c:\users\Patti-PC\AppData\Local\temp 2012-09-03 20:35 . 2012-09-03 20:35 -------- d-----w- c:\users\Patti's New Account\AppData\Local\temp 2012-09-03 20:35 . 2012-09-03 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-01 15:57 . 2012-09-01 15:57 -------- d-----w- c:\users\Patty\AppData\Local\Avanquest North America 2012-08-31 21:48 . 2012-08-31 21:48 -------- d-----w- C:\_OTL 2012-08-31 19:12 . 2012-08-31 19:12 -------- d-----w- c:\program files\ERUNT 2012-08-31 13:43 . 2012-08-31 13:43 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-08-31 13:42 . 2012-08-31 13:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-08-27 03:05 . 2012-08-27 03:05 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-27 03:05 . 2012-08-27 03:05 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-24 23:43 . 2012-08-24 23:43 -------- d-----w- c:\users\Patty\AppData\Local\NovaRegister 2012-08-24 23:42 . 2012-08-24 23:42 -------- d-----w- c:\users\Patty\AppData\Local\HCSShell 2012-08-24 23:38 . 2012-08-24 23:38 -------- d-----w- c:\users\Patty\AppData\Local\Creative Home 2012-08-24 19:56 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-24 06:06 . 2012-08-24 06:06 -------- d-----w- c:\program files\ESET 2012-08-21 04:41 . 2012-08-21 03:33 12992 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys 2012-08-21 04:41 . 2012-08-21 03:33 16064 ----a-w- c:\windows\system32\drivers\pssnap.sys 2012-08-21 04:41 . 2012-08-21 03:33 53952 ----a-w- c:\windows\system32\drivers\psmounter.sys 2012-08-15 10:53 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 10:53 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll 2012-08-15 10:53 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll 2012-08-14 16:33 . 2012-08-14 16:33 -------- d-----w- c:\users\Patty\AppData\Local\antiphishing-vmninternethelper1_1dn 2012-08-13 21:21 . 2012-08-14 17:00 -------- d-----w- c:\programdata\Yahoo! Companion 2012-08-12 20:01 . 2012-08-12 20:01 -------- d-----w- c:\users\Patty\AppData\Local\APN 2012-08-11 23:58 . 2012-08-11 23:58 -------- d-----w- c:\users\Patty\AppData\Local\Apple Computer 2012-08-11 23:56 . 2012-08-15 10:45 -------- d-----w- c:\program files\Bonjour 2012-08-07 04:34 . 2012-08-15 10:44 -------- d-----w- c:\program files\Awesome Duplicate Photo Finder 2012-08-07 04:25 . 2012-08-07 04:26 -------- d-----w- c:\users\Patty\AppData\Roaming\EasyDuplicateFinder 2012-08-05 19:59 . 2012-08-05 19:59 -------- d-----w- c:\users\Patty\AppData\Local\MyScrapNook_12 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-13 20:01 . 2012-07-13 20:01 53248 ----a-r- c:\users\Patty\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe 2012-07-06 02:06 . 2012-07-16 17:59 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-06 02:06 . 2011-09-08 22:59 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-27 02:14 . 2012-06-27 02:14 4472832 ----a-w- c:\windows\system32\GPhotos.scr 2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-06 05:05 . 2012-07-11 00:33 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:05 . 2012-07-11 00:33 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:03 . 2012-07-11 00:33 805376 ----a-w- c:\windows\system32\cdosys.dll 2011-11-16 19:20 . 2011-11-28 20:40 584192 ----a-w- c:\program files\OTL.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office2010\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Event Planner Reminder.lnk - c:\program files\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\PLNRnote.exe [2011-10-12 366496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder 2010.lnk] backup=c:\windows\pss\Event Planner Reminder 2010.lnk.CommonStartup backupExtension=.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KineticD.lnk] backup=c:\windows\pss\KineticD.lnk.CommonStartup backupExtension=.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\KineticD.lnk . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup backupExtension=.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk . [HKLM\~\startupfolder\C:^Users^Patty^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup path=c:\users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk . [HKLM\~\startupfolder\C:^Users^Patty^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk] path=c:\users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk backup=c:\windows\pss\ZooskMessenger.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office2010\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater] 2011-12-15 15:40 1446248 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2010-08-26 00:45 171032 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2010-08-26 00:45 136216 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-07-03 17:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] 2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2012-01-21 01:03 719672 ----a-w- c:\program files\Microsoft Office2010\Office14\MSOSYNC.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2010-08-26 00:45 170520 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office2010\Office14\GROOVE.EXE [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [x] R3 PSVolAcc;PSVolAcc; [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [x] S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL724A9098 *Deregistered* - MpKsl724a9098 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc . Contents of the 'Scheduled Tasks' folder . 2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 03:05] . 2012-08-31 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-09-29 18:43] . 2012-08-30 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-09-29 18:43] . . ------- Supplementary Scan ------- . uStart Page = mStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3 FF - ProfilePath - c:\users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\791mcddo.default-1346059307542\ FF - prefs.js: browser.startup.homepage - hxxp://us.mg5.mail.yahoo.com/neo/launch?.rand=dfcgl1kd68nre . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,2c,28,fe,93,ff,c0,40,87,15,fd,\ "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,2c,28,fe,93,ff,c0,40,87,15,fd,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*] "v5Licence0"="15-D9KX-C4Q6-DN4R-TVH3-4HM1-XCTA125" "Activated"="Y" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-03 16:37:25 ComboFix-quarantined-files.txt 2012-09-03 20:37 ComboFix2.txt 2012-09-01 18:56 ComboFix3.txt 2012-09-01 18:44 . Pre-Run: 251,827,871,744 bytes free Post-Run: 252,180,516,864 bytes free . - - End Of File - - 3BE0CB377044F364577E66A0D2C9170B

#44 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 03 September 2012 - 03:30 PM

HELP - I AM SCARED TO DEATH I HAVE LOST ALL MY PICTURES!!!!! I had the same pictures under Music as I did Pictures, so I deleted those in Music, but now ALL my pics are gone. for some reason I cannot get them off my external drives and the sandisk cruzers I have nothing shows up. Should I take this to another forum!!! I thought this is why I backed them up????

Edited by PattiChati, 03 September 2012 - 03:39 PM.

#45 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 03 September 2012 - 05:34 PM

Hi,

All of those were infected and that was why I removed them. We can retrieve them though...

Please go to C:\Qoobox\Quarantine\ComboFix-quarantined-files.txt and then copy/paste that to your next reply.
Posted Image
 
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·