📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

JohnDoes777's spyware problem

Options
2»

Comments

  • JohnDoe777
    JohnDoe777 Posts: 5 Forumite
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    -- System Information
    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English
    CPU 0: Intel Pentium III Xeon processor
    Percentage of Memory in Use: 15%
    Physical Memory (total/avail): 3581.99 MiB / 3017.84 MiB
    Pagefile Memory (total/avail): 5463.14 MiB / 5030.16 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1929.63 MiB
    C: is Fixed (NTFS) - 183.8 GiB total, 78.89 GiB free.
    D: is CDROM (No Media)
    [URL="file://\\.\PHYSICALDRIVE0"]\\.\PHYSICALDRIVE0[/URL] - ST9200420ASG - 186.31 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 183.8 GiB - C:
    \PARTITION1 - Extended w/Extended Int 13 - 2.5 GiB

    -- Security Center
    AUOptions is disabled.
    Windows Internal Firewall is enabled.
    FirstRunDisabled is set.
    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.
    UpdatesDisableNotify is set.
    AV: Symantec AntiVirus Corporate Edition v10.1.7.7000 (Symantec Corporation)
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Utorrent\\utorrent.exe"="C:\\Program Files\\Utorrent\\utorrent.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Disabled:Call of Duty(R) 4 - Modern Warfare(TM) "
    "C:\\Program Files\\Steam\\steamapps\\meatballz777\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\meatballz777\\counter-strike source\\hl2.exe:*:Enabled:hl2"
    "C:\\Program Files\\TetriNet\\TETRINET.EXE"="C:\\Program Files\\TetriNet\\TETRINET.EXE:*:Enabled:TetriNet"
    "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
    "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
    "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
    "C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft - Brood War"

    -- Environment Variables
    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Johan\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=GUMMITARZAN
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Johan
    LOGONSERVER=\\GUMMITARZAN
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=1706
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Johan\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Johan\LOCALS~1\Temp
    USERDOMAIN=GUMMITARZAN
    USERNAME=Johan
    USERPROFILE=C:\Documents and Settings\Johan
    windir=C:\WINDOWS

    -- User Profiles
    Johan (admin)

    -- Add/Remove Programs
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    a-squared Free 3.5 --> "C:\Program Files\a-squared Free\unins000.exe"
    Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Photoshop CS2 --> msiexec /I !!236BB7C4-4419-42FD-0409-1E257A25E34D}
    Audacity 1.3.5 (Unicode) --> "C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
    Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch --> C:\Program Files\InstallShield Installation Information\!!8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
    Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    ConvertXtoDVD 2.2.3.258h --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
    Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
    Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
    Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
    DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
    Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    ImgBurn --> "C:\Program Files\ImgBurn\uninstall.exe"
    Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    K-Lite Codec Pack 3.9.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
    KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
    Laptop Integrated Webcam Driver (1.02.01.0612) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
    LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
    Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011041D-6000-11D3-8CFE-0150048383C9}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    MyPhoneExplorer --> C:\Program Files\MyPhoneExplorer\uninstall.exe
    Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    QuickTime Alternative 2.6.0 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
    Real Alternative 1.8.0 --> "C:\Program Files\Real Alternative\unins000.exe"
    Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe"
    Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
    Sid Meier's Civilization 4 - Beyond the Sword --> C:\Program Files\InstallShield Installation Information\!!32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
    SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
    Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
    Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Symantec AntiVirus --> MsiExec.exe /I{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}
    System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
    The Tournament Director --> C:\Program Files\The Tournament Director\Uninstall.exe
    Tournament Indicator 1.2.4 --> "C:\Program Files\Tournament Indicator\unins000.exe"
    Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
    VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    XML Paper Specification Shared Components Pack 1.0 -->

    -- Application Event Log
    Event Record #/Type2042 / Error
    Event Submitted/Written: 08/06/2008 10:21:01 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application hl2.exe, version 0.0.0.0, faulting module datacache.dll, version 0.0.0.0, fault address 0x0000b423.
    Processing media-specific event for [hl2.exe!ws!]
    Event Record #/Type2027 / Error
    Event Submitted/Written: 08/05/2008 09:39:52 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application hl2.exe, version 0.0.0.0, faulting module datacache.dll, version 0.0.0.0, fault address 0x0000b423.
    Processing media-specific event for [hl2.exe!ws!]
    Event Record #/Type1993 / Warning
    Event Submitted/Written: 08/04/2008 09:00:57 PM
    Event ID/Source: 6 / Symantec AntiVirus
    Event Description:
    Could not scan 2 files inside C:\WINDOWS\InstallDisc\Udi_M1530_XP_Drivers\Bluetooth\Step2\Win32\Data1.cab due to extraction errors encountered by the Decomposer Engines.
    Event Record #/Type1992 / Warning
    Event Submitted/Written: 08/04/2008 09:00:07 PM
    Event ID/Source: 6 / Symantec AntiVirus
    Event Description:
    Could not scan 1 files inside C:\WINDOWS\InstallDisc\I386\SOFTBAR.IN_ due to extraction errors encountered by the Decomposer Engines.
    Event Record #/Type1991 / Warning
    Event Submitted/Written: 08/04/2008 08:28:06 PM
    Event ID/Source: 6 / Symantec AntiVirus
    Event Description:
    Could not scan 23 files inside C:\!Downloads\Photoshop CS2.rar due to extraction errors encountered by the Decomposer Engines.

    -- Security Event Log
    No Errors/Warnings found.

    -- System Event Log
    Event Record #/Type3371 / Warning
    Event Submitted/Written: 08/10/2008 09:59:28 PM
    Event ID/Source: 8021 / BROWSER
    Event Description:
    The browser was unable to retrieve a list of servers from the browser master [URL="file://jonathanc-dator/"]\\JONATHANC-DATOR[/URL] on the network \Device\NetBT_Tcpip_{C5024A9B-CE0A-4F4E-B8D4-209559061205}.
    The data is the error code.
    Event Record #/Type3368 / Warning
    Event Submitted/Written: 08/10/2008 09:01:30 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 001E4CC44D6C. The following
    error occurred:
    %%1223.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.
    Event Record #/Type3349 / Error
    Event Submitted/Written: 08/10/2008 09:01:01 PM
    Event ID/Source: 7034 / Service Control Manager
    Event Description:
    The Remote Procedure Calld (RPCK) service terminated unexpectedly. It has done this 1 time(s).
    Event Record #/Type3348 / Error
    Event Submitted/Written: 08/10/2008 09:01:01 PM
    Event ID/Source: 7034 / Service Control Manager
    Event Description:
    The Remote Procedure Call (HPM) service terminated unexpectedly. It has done this 1 time(s).
    Event Record #/Type3347 / Error
    Event Submitted/Written: 08/10/2008 09:01:00 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The Andrea ST Filters Service service failed to start due to the following error:
    %%2

    -- End of Deckard's System Scanner: finished at 2008-08-10 22:07:44
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    these look like crap

    2008-07-30 22:41:06 14080 ---hs---- C:\WINDOWS\system32\mssjfilejf.dll
    2008-07-30 22:41:04 20192 ---hs---- C:\WINDOWS\system32\vcrxfileju.dll
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open internet browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Please download the OTMoveIt2 by OldTimer

    Save it to your desktop

    Please double-click OTMoveIt2.exe to run it

    Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\mssjfilejf.dll
    C:\WINDOWS\system32\vcrxfileju.dll
    purity
    EmptyTemp
    [start explorer]

    Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste

    Click the red Moveit! button

    A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

    Close OTMoveIt2

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    Ex forum ambassador

    Long term forum member
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.1K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture