Jump to content

Queen Kiesha

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral

About Queen Kiesha

  • Birthday 12/27/1982

Profile Information

  • Location
    Props Sity
  1. Queen Kiesha
    I love this game!!!
  2. Queen Kiesha
    Okie dokie. I just looked at the article. Yikes. I have not been home in a few days but will uninstall this evening and post the new logs. Luckily I'm not having any more issues but am aware that items can still lurk. Thanks so much and i'll have those logs to you a little later.
  3. Queen Kiesha
    No, I do not use net meeting, but I do use frostwire. Is that a bad thing? Also, if I uninstall, can I put it back on in the future?
  4. Queen Kiesha
    Hi. So sorry for the delay. I've attached combofix log first and hijack second. Thanks for your help!!! ComboFix 09-01-21.04 - Owner 2009-01-22 23:34:25.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.862 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\temp\1cb c:\temp\1cb\syscheck.log c:\temp\FT62 c:\temp\FT62\teTU.log c:\winnt\IE4 Error Log.txt c:\winnt\system32\amurihuj.ini c:\winnt\system32\ap c:\winnt\system32\cooyiuc.dat c:\winnt\system32\cooyiuc.exe c:\winnt\system32\cooyiuc_nav.dat c:\winnt\system32\cooyiuc_navps.dat c:\winnt\system32\dPI19 c:\winnt\system32\hmzirayx_navtmp.dat c:\winnt\system32\hpowiax7.dll c:\winnt\system32\ikutujah.ini c:\winnt\system32\TDSSmtve.dat c:\winnt\system32\tim c:\winnt\system32\tmp.reg c:\winnt\system32\vd2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys ((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 ))))))))))))))))))))))))))))))) . 2009-01-13 05:52 . 2009-01-13 05:52 <DIR> d-------- c:\program files\Avira 2009-01-13 05:52 . 2009-01-13 05:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-12 19:53 . 2009-01-12 19:53 <DIR> d-------- c:\program files\Trend Micro 2009-01-10 13:56 . 2009-01-14 05:41 <DIR> d-------- c:\program files\RogueRemover FREE 2009-01-10 13:45 . 2009-01-10 13:44 33,846 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.bmp 2009-01-10 13:45 . 2009-01-10 13:45 11,473 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat 2009-01-10 13:44 . 2009-01-10 13:44 33,846 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp WavPack Codec.bmp 2009-01-10 13:44 . 2009-01-10 13:44 33,846 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp 2009-01-10 13:44 . 2009-01-10 13:44 33,846 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.bmp 2009-01-10 13:44 . 2009-01-10 13:46 33,846 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp 2009-01-10 13:44 . 2009-01-10 13:44 33,846 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp Dalet Codec.bmp 2009-01-10 13:44 . 2009-01-10 13:44 3,153 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat 2009-01-10 13:44 . 2009-01-10 13:46 3,107 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat 2009-01-10 13:44 . 2009-01-10 13:44 3,065 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat 2009-01-10 13:44 . 2009-01-10 13:44 3,008 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat 2009-01-10 13:44 . 2009-01-10 13:44 1,206 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp Dalet Codec.dat 2009-01-10 13:43 . 2009-01-10 13:46 33,846 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp 2009-01-10 13:43 . 2009-01-10 13:46 33,846 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.bmp 2009-01-10 13:43 . 2009-01-10 13:46 2,987 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat 2009-01-10 13:43 . 2009-01-10 13:46 2,843 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat 2009-01-10 13:29 . 2009-01-10 13:28 27,958 --a------ c:\winnt\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp 2009-01-10 13:29 . 2009-01-10 13:29 17,871 --a------ c:\winnt\system32\SpoonUninstall-dBpowerAMP Music Converter.dat 2009-01-10 13:28 . 2009-01-10 13:28 <DIR> d-------- c:\documents and settings\Owner\Application Data\AccurateRip 2009-01-10 11:51 . 2009-01-10 13:38 33,846 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp 2009-01-10 11:51 . 2009-01-10 13:38 10,210 --a------ c:\winnt\system32\SpoonUninstall-dBpoweramp DSP Effects.dat 2009-01-03 14:47 . 2009-01-03 14:47 <DIR> d-------- c:\program files\Lavasoft 2009-01-03 14:47 . 2009-01-03 14:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-01-03 14:45 . 2009-01-03 14:45 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-02 23:13 . 2009-01-02 23:15 <DIR> d-------- c:\documents and settings\Owner\Application Data\ArcSoft 2009-01-02 22:50 . 2009-01-02 22:51 <DIR> d-------- c:\documents and settings\Owner\Application Data\Nikon 2009-01-02 22:47 . 2009-01-02 22:47 <DIR> d-------- c:\program files\Nikon 2009-01-02 22:47 . 2009-01-02 22:51 <DIR> d-------- c:\program files\Common Files\Nikon 2009-01-02 22:47 . 2009-01-02 22:47 <DIR> d-------- c:\program files\Common Files\muvee Technologies 2009-01-02 22:47 . 2009-01-02 22:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nikon 2009-01-02 22:46 . 2009-01-02 22:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ultima_T15 2009-01-02 22:46 . 2009-01-02 22:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\EnterNHelp 2009-01-02 22:46 . 2009-01-02 22:51 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2008-12-31 05:07 . 2008-12-31 05:12 1,488 --a------ c:\winnt\system32\BIN_STRSBW.SPT 2008-12-27 16:27 . 2008-12-27 17:24 <DIR> d-------- c:\documents and settings\Owner\Application Data\Media Player Classic 2008-12-26 06:29 . 2009-01-22 23:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\HPAppData 2008-12-26 02:11 . 2008-12-26 02:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG 2008-12-26 02:09 . 2008-12-26 20:00 <DIR> d-------- c:\documents and settings\Owner\Application Data\HP 2008-12-26 02:06 . 2008-12-26 02:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2008-12-26 02:06 . 2007-10-20 18:25 118,272 --a------ c:\winnt\system32\hpz3l5mu.dll 2008-12-26 02:01 . 2008-12-26 02:01 <DIR> d-------- c:\program files\Hewlett-Packard 2008-12-26 02:01 . 2008-12-26 02:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant 2008-12-26 02:01 . 2009-01-04 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP 2008-12-26 02:00 . 2008-12-26 02:00 <DIR> d-------- c:\program files\Common Files\HP 2008-12-26 02:00 . 2008-12-26 02:00 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard 2008-12-26 01:59 . 2008-12-26 02:08 <DIR> d-------- c:\program files\HP 2008-12-26 01:59 . 2007-10-22 02:45 581,632 --a------ c:\winnt\system32\hpotscl6.dll 2008-12-26 01:59 . 2007-10-30 19:25 372,736 --a------ c:\winnt\system32\hppldcoi.dll 2008-12-26 01:59 . 2007-10-30 19:25 309,760 --a------ c:\winnt\system32\difxapi.dll 2008-12-26 01:59 . 2007-10-22 02:45 303,104 --a------ c:\winnt\system32\hpovst15.dll 2008-12-26 01:59 . 2007-11-09 01:56 271,704 --a------ c:\winnt\system32\hpzids01.dll 2008-12-26 01:59 . 2007-10-30 19:25 49,920 --a------ c:\winnt\system32\drivers\HPZid412.sys 2008-12-26 01:59 . 2007-10-30 19:25 21,568 --a------ c:\winnt\system32\drivers\HPZius12.sys 2008-12-26 01:59 . 2007-10-30 19:25 16,496 --a------ c:\winnt\system32\drivers\HPZipr12.sys 2008-12-26 01:56 . 2008-12-26 02:09 157,452 --a------ c:\winnt\hpoins28.dat 2008-12-26 01:56 . 2007-12-13 12:59 932 --------- c:\winnt\hpomdl28.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-23 04:28 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-01-17 04:41 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-14 21:11 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys 2009-01-14 21:11 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys 2009-01-14 11:01 --------- d-----w c:\program files\Windows Live 2009-01-14 10:59 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-14 10:58 --------- d-----w c:\program files\Creative 2009-01-10 19:37 --------- d-----w c:\documents and settings\Owner\Application Data\FrostWire 2009-01-10 18:52 --------- d-----w c:\program files\Free Video Converter 2008-12-31 10:06 --------- d-----w c:\documents and settings\Owner\Application Data\McAfee 2008-12-31 06:30 --------- d-----w c:\program files\FrostWire 2008-12-20 09:35 --------- d-----w c:\program files\Common Files\Adobe 2008-12-20 05:03 --------- d-----w c:\program files\PHM 2008-12-11 10:57 333,952 ----a-w c:\winnt\system32\drivers\srv.sys 2008-12-06 21:38 --------- d-----w c:\program files\Java 2008-11-30 01:25 --------- d-----w c:\program files\ThemeGenerator 2008-11-29 21:01 --------- d-----w c:\program files\Audible 2008-11-29 10:32 --------- d-----w c:\program files\CA Yahoo! Anti-Spy 2008-11-29 10:32 --------- d-----w c:\program files\AIM 2008-11-27 04:57 --------- d-----w c:\program files\Microsoft ActiveSync 2008-11-27 03:44 --------- d-----w c:\documents and settings\Owner\Application Data\Astraware 2005-06-22 05:37 45,568 -csha-r c:\winnt\system32\cygz.dll 2008-08-03 17:33 32,768 -csha-w c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080320080804\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-13 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-03 116040] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-09 289064] "CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "IgfxTray"="c:\winnt\system32\igfxtray.exe" [2005-01-23 155648] "HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2005-01-23 126976] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "CHotkey"="mHotkey.exe" [2002-01-07 c:\winnt\mHotkey.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2005-01-23 11:31 126976 c:\winnt\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2005-01-23 11:36 155648 c:\winnt\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] -ra--c--- 2001-07-09 05:50 155648 c:\winnt\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-04-01 13:49 36352 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINNT\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-05-17 24652] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66b415f0-7f86-11dd-a417-000cf18d549f}] \Shell\AutoRun\command - E:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee56afba-77ae-11dd-a412-000cf18d549f}] \Shell\AutoRun\command - E:\start.exe . Contents of the 'Scheduled Tasks' folder 2009-01-23 c:\winnt\Tasks\AE674AD09110FBE8.job - c:\docume~1\owner\applic~1\nurbpr~1\Antecampmp3.exe [] 2004-02-01 c:\winnt\Tasks\ISP signup reminder 1.job - c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12] 2004-02-09 c:\winnt\Tasks\ISP signup reminder 2.job - c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12] 2004-02-14 c:\winnt\Tasks\ISP signup reminder 3.job - c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12] . - - - - ORPHANS REMOVED - - - - BHO-{912df4e1-29cf-4b0d-896b-e3589c1bd7e6} - (no file) BHO-{9F915C11-80B1-0D85-C24D-E561E204ECDD} - (no file) HKCU-Run-Aim6 - (no file) HKLM-Run-cooyiuc - c:\winnt\system32\cooyiuc.exe MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe MSConfigStartUp-Desktop Weather 3 - c:\progra~1\THEWEA~1\THEWEA~1.EXE MSConfigStartUp-Excite Private Messenger Pipe - c:\program files\Excite\PrvtMsgr\bin\x8IMPipe.exe MSConfigStartUp-Gateway Ink Monitor - c:\program files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe MSConfigStartUp-kuekifyrdzmf - c:\winnt\System32\kaqstl.exe MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\MsnMsgr.Exe MSConfigStartUp-NAV CfgWiz - c:\program files\Common Files\Symantec Shared\CfgWiz.exe MSConfigStartUp-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\cdaEngine0400.dll . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore Trusted Zone: internet Trusted Zone: mcafee.com DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1laoj3oa.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p= FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p= FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://*.mcafee.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing) O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9755 bytes
  5. Queen Kiesha
    Hello. I've had multiple pop ups. I ran malware and sometimes it shows items, sometimes no but the popups are still there. It appears that my mcafee is not functioning. It looks ok until I click on it or try to run a scan, the window is just blank. Nothing there. I did dowload Avira and found several viruses at the beginning of the month. Malwarebytes didn't find anything this time and Avira only found one virus. Sigh Malwarebytes' Anti-Malware 1.33 Database version: 1659 Windows 5.1.2600 Service Pack 3 1/17/2009 12:02:54 AM mbam-log-2009-01-17 (00-02-54).txt Scan type: Quick Scan Objects scanned: 63640 Time elapsed: 17 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:08:20 AM, on 1/17/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINNT\system32\CTsvcCDA.exe C:\WINNT\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://*.mcafee.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - http://offers.e-centives.com/cif/download/bin/actxcab.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab O20 - AppInit_DLLs: C:\WINNT\system32\karna.dat c:\winnt\system32\gakemojo.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 12153 bytes
  6. Queen Kiesha
    Hello! About 1 1/2 months ago I was infected with Antivirus 2009. I got rid of that but have inherited a new problem. POPUPS! All different types of sites (lottery, registry errors, antivirus, spyguard and many more). I log onto firefox and within one minute, I have a pop up of some sort. Malwarebytes doesn't locate anything. Adaware did but the popups were back on the next reboot. I would like to add, one day my mcafee went haywire and kept shutting down, the only way I could get it to come back was to restart. That was on New Years Eve, no problems with the program since since. This also does the same thing in IE. Any help would be appreciated.
  7. Queen Kiesha
    I've been running myself insane for the past three hours. Every helpful website I attempted to go to could not be found. I was able to download your software from download.com but it would not execute. Finally I decided to disconnect from the net *just until I knew what it was* and run a virus scan. I also came to this website on my treo 800 and found your fix. IT WORKS!!!!!!!!!!!!!!!! Thanks so much!!! I'm a happy camper now :-)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.