Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

need help with spyware from catrina

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

need help with spyware from catrina

Unread postby skeeterc920 » June 21st, 2005, 3:04 am

i've ran ad aware and spybot but i still have problems...please help me, here is my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 10:46:58 PM, on 6/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\lznnsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\bjzvdll.EXE
C:\WINDOWS\bjzvenc.EXE
C:\program files\tvs\tvs_b.exe
C:\WINDOWS\System32\scrsvc.exe
C:\WINDOWS\System32\bootpd.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\vnrznp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\bootpd.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ortr\ntst.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\scvvhost.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\chow anaya\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 66.180.173.39 http://www.google.ae
O1 - Hosts: 66.180.173.39 http://www.google.am
O1 - Hosts: 66.180.173.39 http://www.google.as
O1 - Hosts: 66.180.173.39 http://www.google.at
O1 - Hosts: 66.180.173.39 http://www.google.az
O1 - Hosts: 66.180.173.39 http://www.google.be
O1 - Hosts: 66.180.173.39 http://www.google.bi
O1 - Hosts: 66.180.173.39 http://www.google.ca
O1 - Hosts: 66.180.173.39 http://www.google.cd
O1 - Hosts: 66.180.173.39 http://www.google.cg
O1 - Hosts: 66.180.173.39 http://www.google.ch
O1 - Hosts: 66.180.173.39 http://www.google.ci
O1 - Hosts: 66.180.173.39 http://www.google.cl
O1 - Hosts: 66.180.173.39 http://www.google.co.cr
O1 - Hosts: 66.180.173.39 http://www.google.co.hu
O1 - Hosts: 66.180.173.39 http://www.google.co.il
O1 - Hosts: 66.180.173.39 http://www.google.co.in
O1 - Hosts: 66.180.173.39 http://www.google.co.je
O1 - Hosts: 66.180.173.39 http://www.google.co.jp
O1 - Hosts: 66.180.173.39 http://www.google.co.ke
O1 - Hosts: 66.180.173.39 http://www.google.co.kr
O1 - Hosts: 66.180.173.39 http://www.google.co.ls
O1 - Hosts: 66.180.173.39 http://www.google.co.nz
O1 - Hosts: 66.180.173.39 http://www.google.co.th
O1 - Hosts: 66.180.173.39 http://www.google.co.ug
O1 - Hosts: 66.180.173.39 http://www.google.co.uk
O1 - Hosts: 66.180.173.39 http://www.google.co.ve
O1 - Hosts: 66.180.173.39 http://www.google.com
O1 - Hosts: 66.180.173.39 http://www.google.com.ag
O1 - Hosts: 66.180.173.39 http://www.google.com.ar
O1 - Hosts: 66.180.173.39 http://www.google.com.au
O1 - Hosts: 66.180.173.39 http://www.google.com.br
O1 - Hosts: 66.180.173.39 http://www.google.com.co
O1 - Hosts: 66.180.173.39 http://www.google.com.cu
O1 - Hosts: 66.180.173.39 http://www.google.com.do
O1 - Hosts: 66.180.173.39 http://www.google.com.ec
O1 - Hosts: 66.180.173.39 http://www.google.com.fj
O1 - Hosts: 66.180.173.39 http://www.google.com.gi
O1 - Hosts: 66.180.173.39 http://www.google.com.gr
O1 - Hosts: 66.180.173.39 http://www.google.com.gt
O1 - Hosts: 66.180.173.39 http://www.google.com.hk
O1 - Hosts: 66.180.173.39 http://www.google.com.ly
O1 - Hosts: 66.180.173.39 http://www.google.com.mt
O1 - Hosts: 66.180.173.39 http://www.google.com.mx
O1 - Hosts: 66.180.173.39 http://www.google.com.my
O1 - Hosts: 66.180.173.39 http://www.google.com.na
O1 - Hosts: 66.180.173.39 http://www.google.com.nf
O1 - Hosts: 66.180.173.39 http://www.google.com.ni
O1 - Hosts: 66.180.173.39 http://www.google.com.np
O1 - Hosts: 66.180.173.39 http://www.google.com.pa
O1 - Hosts: 66.180.173.39 http://www.google.com.pe
O1 - Hosts: 66.180.173.39 http://www.google.com.ph
O1 - Hosts: 66.180.173.39 http://www.google.com.pk
O1 - Hosts: 66.180.173.39 http://www.google.com.pr
O1 - Hosts: 66.180.173.39 http://www.google.com.py
O1 - Hosts: 66.180.173.39 http://www.google.com.sa
O1 - Hosts: 66.180.173.39 http://www.google.com.sg
O1 - Hosts: 66.180.173.39 http://www.google.com.sv
O1 - Hosts: 66.180.173.39 http://www.google.com.tr
O1 - Hosts: 66.180.173.39 http://www.google.com.tw
O1 - Hosts: 66.180.173.39 http://www.google.com.ua
O1 - Hosts: 66.180.173.39 http://www.google.com.uy
O1 - Hosts: 66.180.173.39 http://www.google.com.vc
O1 - Hosts: 66.180.173.39 http://www.google.com.vn
O1 - Hosts: 66.180.173.39 http://www.google.de
O1 - Hosts: 66.180.173.39 http://www.google.dj
O1 - Hosts: 66.180.173.39 http://www.google.dk
O1 - Hosts: 66.180.173.39 http://www.google.es
O1 - Hosts: 66.180.173.39 http://www.google.fi
O1 - Hosts: 66.180.173.39 http://www.google.fm
O1 - Hosts: 66.180.173.39 http://www.google.fr
O1 - Hosts: 66.180.173.39 http://www.google.gg
O1 - Hosts: 66.180.173.39 http://www.google.gl
O1 - Hosts: 66.180.173.39 http://www.google.gm
O1 - Hosts: 66.180.173.39 http://www.google.hn
O1 - Hosts: 66.180.173.39 http://www.google.ie
O1 - Hosts: 66.180.173.39 http://www.google.it
O1 - Hosts: 66.180.173.39 http://www.google.kz
O1 - Hosts: 66.180.173.39 http://www.google.li
O1 - Hosts: 66.180.173.39 http://www.google.lt
O1 - Hosts: 66.180.173.39 http://www.google.lu
O1 - Hosts: 66.180.173.39 http://www.google.lv
O1 - Hosts: 66.180.173.39 http://www.google.mn
O1 - Hosts: 66.180.173.39 http://www.google.ms
O1 - Hosts: 66.180.173.39 http://www.google.mu
O1 - Hosts: 66.180.173.39 http://www.google.mw
O1 - Hosts: 66.180.173.39 http://www.google.nl
O1 - Hosts: 66.180.173.39 http://www.google.no
O1 - Hosts: 66.180.173.39 http://www.google.off.ai
O1 - Hosts: 66.180.173.39 http://www.google.pl
O1 - Hosts: 66.180.173.39 http://www.google.pn
O1 - Hosts: 66.180.173.39 http://www.google.pt
O1 - Hosts: 66.180.173.39 http://www.google.ro
O1 - Hosts: 66.180.173.39 http://www.google.ru
O1 - Hosts: 66.180.173.39 http://www.google.rw
O1 - Hosts: 66.180.173.39 http://www.google.se
O1 - Hosts: 66.180.173.39 http://www.google.sh
O1 - Hosts: 66.180.173.39 http://www.google.sk
O1 - Hosts: 66.180.173.39 http://www.google.sm
O1 - Hosts: 66.180.173.39 http://www.google.td
O1 - Hosts: 66.180.173.39 http://www.google.tm
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\CHOWAN~1\LOCALS~1\Temp\jyzibcrytel.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe -Show
O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [s3rk3sU] cht71.exe
O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\System32\snuninst.exe
O4 - HKLM\..\Run: [bjzvdll] C:\WINDOWS\bjzvdll.EXE
O4 - HKLM\..\Run: [bjzvenc] C:\WINDOWS\bjzvenc.EXE
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
O4 - HKLM\..\Run: [7rtbip08] C:\WINDOWS\System32\7rtbip08.exe
O4 - HKLM\..\Run: [thpcre] c:\windows\system32\fsdxdwl.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\System32\scrsvc.exe
O4 - HKLM\..\Run: [bootpd.exe] C:\WINDOWS\System32\bootpd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteckj32.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vnrznp.exe reg_run
O4 - HKLM\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [dmdskres] C:\WINDOWS\System32\dmdskres.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [d00qRiY5j] ccfkcs32.exe
O4 - HKCU\..\Run: [Arun] C:\Program Files\ortr\ntst.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] scvvhost.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/c ... /kt4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/part ... nstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17.hotmail.msn.com/act ... Atchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspott ... nstall.cab
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\l6l6lg3s16.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\lznnsvc.exe
skeeterc920
Active Member
 
Posts: 2
Joined: June 21st, 2005, 1:31 am
Advertisement
Register to Remove

Unread postby njustice » June 21st, 2005, 7:21 am

*IMPORTANT* Be sure you know how to VIEW HIDDEN FILES


Download and unzip http://metallica.geekstogo.com/MADEbyOSC.zip
Run the file by doubleclicking metallica.bat
and post the log.
Do not reboot until someone has looked at your log and given you the next step.
If you have to reboot repeat this part when you are back online.
njustice
Regular Member
 
Posts: 108
Joined: February 24th, 2005, 2:55 pm

Unread postby Nellie2 » July 13th, 2005, 2:53 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware