151 replies to this topic

[PattiChati]

SystemLook 30.07.11 by jpshortstuff Log created at 13:01 on 06/09/2012 by Patty Administrator - Elevation successful ========== filefind ========== Searching for "*XoftspySE*" C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe --a---- 582424 bytes [18:43 29/09/2010] [18:43 29/09/2010] 5DFFD6BC2D8BCCA1964084F9E92F529E C:\Program Files\Common Files\XoftSpySE\6\xoftspyservicePS.dll --a---- 64792 bytes [18:43 29/09/2010] [18:43 29/09/2010] 0F1ECAF4951E07909A631CA853F045FE Searching for "*PARATOLOGIC*" No files found. ========== folderfind ========== Searching for "*XoftspySE*" C:\$WINDOWS.~Q\DATA\Users\Patty\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_XoftSpySE.exe_db5d1c2f4f7f69c99b22c516521f9b54dde73b90_0b2fe7d0 d----c- [20:01 21/01/2012] C:\Program Files\Common Files\XoftSpySE d------ [20:46 12/10/2011] C:\ProgramData\ParetoLogic\UUS3\xoftspyse d------ [20:46 12/10/2011] C:\Users\All Users\ParetoLogic\UUS3\xoftspyse d------ [20:46 12/10/2011] C:\Users\Patty\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\XoftSpySE-15102011-184759 d------ [22:47 15/10/2011] Searching for "*PARATOLOGIC*" No folders found. -= EOF =-

[PattiChati]

You asked when it popped up - my computer is usually asleep and when "i wake it up", the message is there Shoot.......I have to go to the dr. I won't be back for about 2hours, I thnk I will ask for a tranquilizer!!!!

Edited by PattiChati, 06 September 2012 - 11:05 AM.

[jeffce]

Hi there Patti,

It seems to me that there are residual parts of this program that are left on your system. It seems you have had XoftspSE on your system at one point and it has only partially been removed. Let's remove the rest and see if that helps out your problems.

Go ahead and open then run ERUNT again so that we can get a backup of your registry before we continue.
----------

Run OTL.exe

• Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  
  :Services
  
  :Files
  C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe
  C:\Program Files\Common Files\XoftSpySE\6\xoftspyservicePS.dll
  C:\$WINDOWS.~Q\DATA\Users\Patty\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_XoftSpySE.exe_db5d1c2f4f7f69c99b22c516521f9b54dde73b90_0b2fe7d0
  C:\Program Files\Common Files\XoftSpySE
  C:\ProgramData\ParetoLogic\UUS3\xoftspyse
  C:\Users\All Users\ParetoLogic\UUS3\xoftspyse
  C:\Users\Patty\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\XoftSpySE-15102011-184759
  ipconfig /flushdns /c
  
  :Commands
  [emptytemp]
  [resethosts]
  [clearjavacache]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

[PattiChati]

I could not get erunt to work the first timme and it won't work now. I wonder if it is compatible with windows 7. I sure don't want to screw up the registry. What do you want me to do? When you say run a new scan then post otl, is that the scan? I am also not getting email notifications in my inbox, so I don't know when you reply. I was getting them, but they stopped. Was a setting changed?

Edited by PattiChati, 06 September 2012 - 02:02 PM.

[jeffce]

Hi Patti, Forgo running ERUNT. Use the instructions that I provided for OTL above. As a matter of fact....don't even run a new scan. Just run the fix that I provided and post the log that is created.

[PattiChati]

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe moved successfully.
C:\Program Files\Common Files\XoftSpySE\6\xoftspyservicePS.dll moved successfully.
C:\$WINDOWS.~Q\DATA\Users\Patty\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_XoftSpySE.exe_db5d1c2f4f7f69c99b22c516521f9b54dde73b90_0b2fe7d0 folder moved successfully.
C:\Program Files\Common Files\XoftSpySE\6 folder moved successfully.
C:\Program Files\Common Files\XoftSpySE folder moved successfully.
C:\ProgramData\ParetoLogic\UUS3\xoftspyse folder moved successfully.
File\Folder C:\Users\All Users\ParetoLogic\UUS3\xoftspyse not found.
C:\Users\Patty\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\XoftSpySE-15102011-184759 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Patty\Downloads\cmd.bat deleted successfully.
C:\Users\Patty\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Patti's New Account
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Patti-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Patty
->Temp folder emptied: 1045505 bytes
->Temporary Internet Files folder emptied: 493445 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 83579453 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2442 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[clearjavacache]> in the current context!

OTL by OldTimer - Version 3.2.59.1 log created on 09062012_161253

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[jeffce]

Ok Patti, That was all that I could find of XoftspySE on your system. Give it a good go 'round and let me know how it is running.

[PattiChati]

Allright - now when it says xoftspy ifile is moved - do they mean it has been removed off my system or the file has just moved somewhere else?

[PattiChati]

And should I keep all the programs on my desktop? For how long?

[jeffce]

now when it says xoftspy ifile is moved - do they mean it has been removed off my system or the file has just moved somewhere else?

Do you mean in the log that you posted? Is that what you are talking about it being "moved"? If that is the case, right now the files are quarantined by OTL and will be permanently removed when we uninstall OTL.

And should I keep all the programs on my desktop? For how long?

Once you give me a thumbs up that everything seems ok we will remove the programs properly. Until then just leave them alone.

[PattiChati]

One more question - now how can I keep it clean from viruses and when I delete something they always want to delete the registry connected to, especially REVO. I notice my maywarebytes is still there. Thanks and now I move on to backing stuff up - lucky Lee, huh!

[PattiChati]

now when it says xoftspy ifile is moved - do they mean it has been removed off my system or the file has just moved somewhere else?

Do you mean in the log that you posted? Is that what you are talking about it being "moved"? If that is the case, right now the files are quarantined by OTL and will be permanently removed when we uninstall OTL.

And should I keep all the programs on my desktop? For how long?

Once you give me a thumbs up that everything seems ok we will remove the programs properly. Until then just leave them alone.

I have about 5 copies of OTL on my computer!!!

[jeffce]

One more question - now how can I keep it clean from viruses and when I delete something they always want to delete the registry connected to, especially REVO.

When we clean up our tools I will give you a good link you can read over that will give you great information on what you are looking for.

As for Revo I really don't use it that much so I am not the best to ask about it unfortunately.

Come back here when Lee is finished with you and we will remove our tools providing everything is ok.

[PattiChati]

Thank you so very much. Hopefully the bugs are gone and I will contact you when I am done with Lee. You're great. thanks for your time.

[PattiChati]

I backed up with Lee and tmr he will show me how to check and make sure it did it correctly and then I will get back to you re your post 118. Thanks.