WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Xoftspyse - Satchfan [Solved]

Started by PattiChati , Aug 30 2012 08:49 AM

Page 6 of 11
4
5
6
7
8

This topic is locked

151 replies to this topic

#76 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 05 September 2012 - 08:55 AM

Hi Patti,

I think the easiest way for you to save all of your pictures in one place so that you can save them is to do this...

Create a new folder on your Desktop by right-clicking on your Desktop >> go to New >> select Folder >> name the folder whatever you like
Go to everyplace that you are finding these photos on your system and right-click on all the photos and select copy. **Note: You can press and hold Shift and highlight large groups of photos at once or you can press Ctrl (button) and highlight numerous individual photos at once.**
Go to the folder you created on your Desktop >> right-click on that folder and select paste. This will make a copy of those photos in that folder.
Continue looking for photos and follow the same steps I just provided until you feel as though you have found and copied all of them to the new folder on your Desktop.

Once you get that complete let me know and we will continue with cleaning up your system (I feel it is pretty well clean now already of malware compared to when we started).

Advertisements

Register to Remove

#77 PattiChati

Advanced Member

Authentic Member
703 posts

Posted 05 September 2012 - 10:10 AM

I think I have found all the pics, there are so many duplicates. I also found 4 macrium reflect in pictures. But I think we can continue.

#78 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 05 September 2012 - 10:17 AM

I think I have found all the pics, there are so many duplicates. I also found 4 macrium reflect in pictures. But I think we can continue.

Great Job Patti! Now whatever you saved them on move them away from your computer so that we don't get anything confused or accidentally deleted. :thumbup:

-----------

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

ClearJavaCache::

File::
C:\Users\Patty\Downloads\CrystalDiskInfo4_1_3-en.exe Win32/OpenCandy application
J:\Feb 8 12\Downloads\CrystalDiskInfo4_1_3-en.exe Win32/OpenCandy application
J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 3.zip probably a variant of Win32/TrojanDownloader.Whizelown.I trojan
J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 4.zip multiple threats
J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 5.zip multiple threats
J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-12-04 121605\Backup files 1.zip multiple threats
J:\PATTI-PC\Backup Set 2011-11-27 105108\Backup Files 2011-12-11 113721\Backup files 1.zip multiple threats
J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 2.zip a variant of Win32/InstallIQ application
J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 3.zip multiple threats
J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 4.zip multiple threats
J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 5.zip multiple threats
J:\PATTI-PC\Backup Set 2011-12-25 101246\Backup Files 2012-01-08 082247\Backup files 1.zip a variant of Win32/InstallIQ application
J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 1.zip a variant of Win32/InstallIQ application
J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 3.zip multiple threats
J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 4.zip multiple threats
J:\PATTI-PC\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 5.zip multiple threats
J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 1.zip a variant of Win32/InstallIQ application
J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 4.zip multiple threats
J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 5.zip multiple threats
J:\PATTI-PC\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 6.zip Win32/TuneUp360 application
J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 1.zip a variant of Win32/InstallIQ application
J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 3.zip multiple threats
J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 4.zip multiple threats
J:\PATTI-PC\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 5.zip multiple threats
J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 1.zip a variant of Win32/InstallIQ application
J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 3.zip multiple threats
J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 4.zip multiple threats
J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 5.zip multiple threats
J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-06-17 133812\Backup files 2.zip HTML/ScrInject.B.Gen virus
J:\PATTI-PC\Backup Set 2012-04-23 214304\Backup Files 2012-06-17 133812\Backup files 4.zip HTML/ScrInject.B.Gen virus
J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 1.zip a variant of Win32/InstallIQ application
J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 4.zip multiple threats
J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 5.zip multiple threats
J:\PATTI-PC\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 6.zip multiple threats
J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 1.zip a variant of Win32/InstallIQ application
J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 10.zip multiple threats
J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 11.zip multiple threats
J:\PATTI-PC\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 9.zip multiple threats
J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 2.zip a variant of Win32/InstallIQ application
J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 5.zip multiple threats
J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 6.zip multiple threats
J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 7.zip multiple threats
J:\PATTI-PC\Backup Set 2012-07-29 185704\Backup Files 2012-08-12 092826\Backup files 1.zip a variant of Win32/InstallCore.D application
J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 2.zip a variant of Win32/InstallIQ application
J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 5.zip multiple threats
J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 6.zip multiple threats
J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 7.zip multiple threats
J:\PATTI-PC\Backup Set 2012-08-15 065546\Backup Files 2012-08-19 094208\Backup files 1.zip a variant of Win32/InstallCore.AG application
J:\PATTY-PC\Backup Set 2011-10-13 173912\Backup Files 2011-10-13 173912\Backup files 3.zip multiple threats
J:\PATTY-PC\Backup Set 2011-10-13 173912\Backup Files 2011-10-13 173912\Backup files 5.zip multiple threats
J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 3.zip probably a variant of Win32/TrojanDownloader.Whizelown.I trojan
J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 4.zip multiple threats
J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 5.zip Win32/RegistryBooster application
J:\Sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 6.zip Win32/TuneUp360 application
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix may request an update; please allow it.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

#79 PattiChati

Advanced Member

Authentic Member
703 posts

Posted 05 September 2012 - 11:02 AM

All my pictures are in a folder on my desktop, not an external drive, is that ok for now since I don't know how to do that yet? Also, I cannot disable malwarebytes - the free malwarebytes is ending tomorow. What do I do?

Edited by PattiChati, 05 September 2012 - 11:04 AM.

#80 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 05 September 2012 - 11:21 AM

All my pictures are in a folder on my desktop, not an external drive, is that ok for now since I don't know how to do that yet?

Let me know what the name of that folder is so that when I see it in the next set of logs I will know.
----------

Also, I cannot disable malwarebytes - the free malwarebytes is ending tomorow. What do I do?

Don't worry about that. Just continue on with ComboFix as I don't think it will cause a problem.

#81 PattiChati

Advanced Member

Authentic Member
703 posts

Posted 05 September 2012 - 03:19 PM

THE NAME OF THE FOLDER WITH THE PICTURES IN IT IS CALLED "ALL MY PICTURES" AND IT IS ON MY DESKTOP!

ComboFix 12-09-03.07 - Patty 09/05/2012 17:11:38.8.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.2030 [GMT -4:00]
Running from: c:\users\Patty\Desktop\ComboFix.exe
Command switches used :: c:\users\Patty\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Patty\Downloads\CrystalDiskInfo4_1_3-en.exe Win32/OpenCandy application"
"j:\feb 8 12\Downloads\CrystalDiskInfo4_1_3-en.exe Win32/OpenCandy application"
"j:\patti-pc\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 3.zip probably a variant of Win32/TrojanDownloader.Whizelown.I trojan"
"j:\patti-pc\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 4.zip multiple threats"
"j:\patti-pc\Backup Set 2011-11-27 105108\Backup Files 2011-11-27 105108\Backup files 5.zip multiple threats"
"j:\patti-pc\Backup Set 2011-11-27 105108\Backup Files 2011-12-04 121605\Backup files 1.zip multiple threats"
"j:\patti-pc\Backup Set 2011-11-27 105108\Backup Files 2011-12-11 113721\Backup files 1.zip multiple threats"
"j:\patti-pc\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 2.zip a variant of Win32/InstallIQ application"
"j:\patti-pc\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 3.zip multiple threats"
"j:\patti-pc\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 4.zip multiple threats"
"j:\patti-pc\Backup Set 2011-12-25 101246\Backup Files 2011-12-25 101246\Backup files 5.zip multiple threats"
"j:\patti-pc\Backup Set 2011-12-25 101246\Backup Files 2012-01-08 082247\Backup files 1.zip a variant of Win32/InstallIQ application"
"j:\patti-pc\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 1.zip a variant of Win32/InstallIQ application"
"j:\patti-pc\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 3.zip multiple threats"
"j:\patti-pc\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 4.zip multiple threats"
"j:\patti-pc\Backup Set 2012-01-27 152807\Backup Files 2012-01-27 152807\Backup files 5.zip multiple threats"
"j:\patti-pc\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 1.zip a variant of Win32/InstallIQ application"
"j:\patti-pc\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 4.zip multiple threats"
"j:\patti-pc\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 5.zip multiple threats"
"j:\patti-pc\Backup Set 2012-02-05 223432\Backup Files 2012-02-05 223432\Backup files 6.zip Win32/TuneUp360 application"
"j:\patti-pc\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 1.zip a variant of Win32/InstallIQ application"
"j:\patti-pc\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 3.zip multiple threats"
"j:\patti-pc\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 4.zip multiple threats"
"j:\patti-pc\Backup Set 2012-02-19 032039\Backup Files 2012-02-19 032039\Backup files 5.zip multiple threats"
"j:\patti-pc\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 1.zip a variant of Win32/InstallIQ application"
"j:\patti-pc\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 3.zip multiple threats"
"j:\patti-pc\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 4.zip multiple threats"
"j:\patti-pc\Backup Set 2012-04-23 214304\Backup Files 2012-04-23 214304\Backup files 5.zip multiple threats"
"j:\patti-pc\Backup Set 2012-04-23 214304\Backup Files 2012-06-17 133812\Backup files 2.zip HTML/ScrInject.B.Gen virus"
"j:\patti-pc\Backup Set 2012-04-23 214304\Backup Files 2012-06-17 133812\Backup files 4.zip HTML/ScrInject.B.Gen virus"
"j:\patti-pc\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 1.zip a variant of Win32/InstallIQ application"
"j:\patti-pc\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 4.zip multiple threats"
"j:\patti-pc\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 5.zip multiple threats"
"j:\patti-pc\Backup Set 2012-07-08 130447\Backup Files 2012-07-08 130447\Backup files 6.zip multiple threats"
"j:\patti-pc\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 1.zip a variant of Win32/InstallIQ application"
"j:\patti-pc\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 10.zip multiple threats"
"j:\patti-pc\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 11.zip multiple threats"
"j:\patti-pc\Backup Set 2012-07-15 115658\Backup Files 2012-07-15 115658\Backup files 9.zip multiple threats"
"j:\patti-pc\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 2.zip a variant of Win32/InstallIQ application"
"j:\patti-pc\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 5.zip multiple threats"
"j:\patti-pc\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 6.zip multiple threats"
"j:\patti-pc\Backup Set 2012-07-29 185704\Backup Files 2012-07-29 185704\Backup files 7.zip multiple threats"
"j:\patti-pc\Backup Set 2012-07-29 185704\Backup Files 2012-08-12 092826\Backup files 1.zip a variant of Win32/InstallCore.D application"
"j:\patti-pc\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 2.zip a variant of Win32/InstallIQ application"
"j:\patti-pc\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 5.zip multiple threats"
"j:\patti-pc\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 6.zip multiple threats"
"j:\patti-pc\Backup Set 2012-08-15 065546\Backup Files 2012-08-15 065546\Backup files 7.zip multiple threats"
"j:\patti-pc\Backup Set 2012-08-15 065546\Backup Files 2012-08-19 094208\Backup files 1.zip a variant of Win32/InstallCore.AG application"
"j:\patty-pc\Backup Set 2011-10-13 173912\Backup Files 2011-10-13 173912\Backup files 3.zip multiple threats"
"j:\patty-pc\Backup Set 2011-10-13 173912\Backup Files 2011-10-13 173912\Backup files 5.zip multiple threats"
"j:\sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 3.zip probably a variant of Win32/TrojanDownloader.Whizelown.I trojan"
"j:\sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 4.zip multiple threats"
"j:\sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 5.zip Win32/RegistryBooster application"
"j:\sept.29\PATTY-PC\Backup Set 2011-10-02 095833\Backup Files 2011-10-02 095833\Backup files 6.zip Win32/TuneUp360 applicatio"
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 21:16 . 2012-09-05 21:16 -------- d-----w- c:\users\Patti-PC\AppData\Local\temp
2012-09-05 21:16 . 2012-09-05 21:16 -------- d-----w- c:\users\Patti's New Account\AppData\Local\temp
2012-09-05 21:16 . 2012-09-05 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-05 21:08 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C504A20-A760-4ADF-851E-262AD010818D}\mpengine.dll
2012-09-05 16:12 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-01 18:44 . 2012-09-05 21:16 -------- d-----w- c:\users\Patty\AppData\Local\temp
2012-09-01 15:57 . 2012-09-01 15:57 -------- d-----w- c:\users\Patty\AppData\Local\Avanquest North America
2012-08-31 21:48 . 2012-08-31 21:48 -------- d-----w- C:\_OTL
2012-08-31 19:12 . 2012-08-31 19:12 -------- d-----w- c:\program files\ERUNT
2012-08-31 13:43 . 2012-08-31 13:43 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 13:42 . 2012-08-31 13:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-27 03:05 . 2012-08-27 03:05 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-27 03:05 . 2012-08-27 03:05 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 23:43 . 2012-08-24 23:43 -------- d-----w- c:\users\Patty\AppData\Local\NovaRegister
2012-08-24 23:42 . 2012-08-24 23:42 -------- d-----w- c:\users\Patty\AppData\Local\HCSShell
2012-08-24 23:38 . 2012-08-24 23:38 -------- d-----w- c:\users\Patty\AppData\Local\Creative Home
2012-08-24 19:56 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 06:06 . 2012-08-24 06:06 -------- d-----w- c:\program files\ESET
2012-08-21 04:41 . 2012-08-21 03:33 12992 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2012-08-21 04:41 . 2012-08-21 03:33 16064 ----a-w- c:\windows\system32\drivers\pssnap.sys
2012-08-21 04:41 . 2012-08-21 03:33 53952 ----a-w- c:\windows\system32\drivers\psmounter.sys
2012-08-15 10:53 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 10:53 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 10:53 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 16:33 . 2012-08-14 16:33 -------- d-----w- c:\users\Patty\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-08-13 21:21 . 2012-08-14 17:00 -------- d-----w- c:\programdata\Yahoo! Companion
2012-08-12 20:01 . 2012-08-12 20:01 -------- d-----w- c:\users\Patty\AppData\Local\APN
2012-08-11 23:58 . 2012-08-11 23:58 -------- d-----w- c:\users\Patty\AppData\Local\Apple Computer
2012-08-11 23:56 . 2012-08-15 10:45 -------- d-----w- c:\program files\Bonjour
2012-08-07 04:34 . 2012-08-15 10:44 -------- d-----w- c:\program files\Awesome Duplicate Photo Finder
2012-08-07 04:25 . 2012-08-07 04:26 -------- d-----w- c:\users\Patty\AppData\Roaming\EasyDuplicateFinder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 20:01 . 2012-07-13 20:01 53248 ----a-r- c:\users\Patty\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe
2012-07-06 02:06 . 2012-07-16 17:59 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06 . 2011-09-08 22:59 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-27 02:14 . 2012-06-27 02:14 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2011-11-16 19:20 . 2011-11-28 20:40 584192 ----a-w- c:\program files\OTL.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office2010\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - c:\program files\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\PLNRnote.exe [2011-10-12 366496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder 2010.lnk]
backup=c:\windows\pss\Event Planner Reminder 2010.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KineticD.lnk]
backup=c:\windows\pss\KineticD.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\KineticD.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
.
[HKLM\~\startupfolder\C:^Users^Patty^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
path=c:\users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
.
[HKLM\~\startupfolder\C:^Users^Patty^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office2010\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-12-15 15:40 1446248 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-26 00:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-26 00:45 136216 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-07-03 17:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2012-01-21 01:03 719672 ----a-w- c:\program files\Microsoft Office2010\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-26 00:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office2010\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [x]
R3 PSVolAcc;PSVolAcc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 03:05]
.
2012-09-04 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-09-29 18:43]
.
2012-08-30 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-09-29 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
FF - ProfilePath - c:\users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\791mcddo.default-1346059307542\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg5.mail.yahoo.com/neo/launch?.rand=dfcgl1kd68nre
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,2c,28,fe,93,ff,c0,40,87,15,fd,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,2c,28,fe,93,ff,c0,40,87,15,fd,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-D9KX-C4Q6-DN4R-TVH3-4HM1-XCTA125"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-05 17:18:08
ComboFix-quarantined-files.txt 2012-09-05 21:18
ComboFix2.txt 2012-09-03 20:37
ComboFix3.txt 2012-09-01 18:56
ComboFix4.txt 2012-09-01 18:44
.
Pre-Run: 242,461,179,904 bytes free
Post-Run: 242,408,280,064 bytes free
.
- - End Of File - - 3557DB6E533EA2DA3AD409E976374932

Edited by PattiChati, 05 September 2012 - 03:20 PM.

#82 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 05 September 2012 - 05:52 PM

Great Job Patti! How is your system behaving?

#83 PattiChati

Advanced Member

Authentic Member
703 posts

Posted 05 September 2012 - 07:56 PM

They seem to be going good. I have several things that aren't there that should be and thngs around, but as far as the malware, it is running good.

#84 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 05 September 2012 - 08:01 PM

I have several things that aren't there that should be and thngs around,

What do you mean?

as far as the malware, it is running good.

#85 PattiChati

Advanced Member

Authentic Member
703 posts

Posted 05 September 2012 - 08:07 PM

In the pictures library I have the desktop, it is not in the list of libraries, isn’t that the name of the list on the left. When I go to save, desktop is not there as an option. The same thing with downloads. In picture library I have five copies of “backup”. I don’t know how to move these things back where they belong. Probably more, but that is the jist of it.

Advertisements

Register to Remove

#86 PattiChati

Advanced Member

Authentic Member
703 posts

Posted 05 September 2012 - 08:10 PM

I found about 20 more pictures under layout!

#87 PattiChati

Advanced Member

Authentic Member
703 posts

Posted 05 September 2012 - 08:17 PM

what is supposed to be in layouts, I don't even remember. It is hard for me to do much with pics because they come up in photo viewer, is there a way for them to just show up in In Patty PC, the desktop, the folder pictures, music, microsoft office. are you getting the idea

#88 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 05 September 2012 - 08:18 PM

Hi there Patti,

I apologize that I may not be the best person to help you with this. I think that you may have better luck posting a new topic in the Windows forum. When you post the new topic be sure to post the link to this topic so that the techs there can see what we have done. When you are complete there, come back here and we will remove our tools.

#89 PattiChati

Advanced Member

Authentic Member
703 posts

Posted 05 September 2012 - 08:25 PM

How do I send a link a link from here, what is the link? Is that the url address. Thank you sooooooooooooo much for everything and I will get back to you. But I do need to know what antivirus to use since my free malwarebytes is gone tomorrow. I didn't realize it wasn't a free program. I have MSE and malwarebytes and windows firewall.

#90 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 05 September 2012 - 08:31 PM

what is the link? Is that the url address.

Here is the link >> http://forums.whatth...c...27&t=124190
----------

But I do need to know what antivirus to use since my free malwarebytes is gone tomorrow. I didn't realize it wasn't a free program. I have MSE and malwarebytes and windows firewall.

When you say your "free" malwarebytes is gone tomorrow do you mean the trial version is over? If that is the case don't worry about that...if you choose not to buy it then Malwarebytes will revert back to the free version on its own. If you are running Microsoft Security Essentials and the Windows firewall you should be just fine.

----------

Thank you sooooooooooooo much for everything and I will get back to you.

You are more than welcome Patti! I am glad that I could help.

Body Background

skin color theme