| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 79344 | 2007-05-16 22:36:00 | Online Poker | JailCrackers (12274) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 550445 | 2007-05-16 22:36:00 | Hi Guys, I play online poker allot - every day on more that one site - bodog and paddypower . I am recently having difficulty at game play . I keep disconnecting but web pages are always displaying fine so my internet connection is not down . It may freeze for 20 seconds every 5 minutes . It only started happening the last 2/3 days . I haven’t changed anything . I have 2 PCs at home desktop (Vista) and laptop (XP) . I can’t play on either machine because it keeps disconnecting and folding my hand (1 in 100) on both PCs and even both poker sites . I contacted Paddy power and the guy really couldn't help as he was not a technical guy but told me that nothing has changed on their end . It might not be related but all I know is that since the last couple of days I keep disconnecting from both poker sites all night and it’s really annoying . I just want to know if anyone can tell me what’s up . I ran CWShredder and found a Trojan - CWS . MSCONFIG . Here is a log from SmitfraudFix . cmd Scan done at 22:38:30 . 29, 16/05/2007 Run from C:\Documents and Settings\Administrator . TFFS\Desktop\SmitfraudFix\S mitfraudFix OS: Microsoft Windows XP [Version 5 . 1 . 2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Windows Defender\MsMpEng . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\system32\inetsrv\inetinfo . exe C:\Program Files\Network Associates\Common Framework\FrameworkService . exe C:\Program Files\Network Associates\VirusScan\Mcshield . exe C:\Program Files\Network Associates\VirusScan\VsTskMgr . exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM . EXE C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Network Associates\VirusScan\SHSTAT . EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Windows Defender\MSASCui . exe C:\Program Files\RealVNC\VNC4\WinVNC4 . exe C:\WINDOWS\system32\ctfmon . exe C:\WINDOWS\system32\wscntfy . exe C:\WINDOWS\system32\dllhost . exe C:\Program Files\Internet Explorer\iexplore . exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK . EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD . EXE E:\Master\PC Clean up\CWShredder\cwshredder\cwshredder . exe C:\WINDOWS\system32\cmd . exe C:\Program Files\Internet Explorer\iexplore . exe »»»»»»»»»»»»»»»»»»»»»»»» hosts hosts file corrupted ! 127 . 0 . 0 . 1 hk . digitaltrends . com 127 . 0 . 0 . 1 microsoft . com . org #[IE-SpyAd] 127 . 0 . 0 . 1 www . www . microsoft . com . org »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator . TFFS »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator . TFFS\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1 . TFF\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS . exe by S!Ri Search SharedTaskScheduler's . dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon . System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport DNS Server Search Order: 62 . 231 . 32 . 10 DNS Server Search Order: 62 . 231 . 32 . 11 HKLM\SYSTEM\CCS\Services\Tcpip\ . . \{121360CC-1D18-4CFE-B802-7F1FC30EE224}: NameServer=62 . 231 . 32 . 10,62 . 231 . 32 . 11 HKLM\SYSTEM\CCS\Services\Tcpip\ . . \{20F72595-8574-467C-A75B-AB13D852F786}: NameServer=62 . 231 . 32 . 10,62 . 231 . 32 . 11 HKLM\SYSTEM\CCS\Services\Tcpip\ . . \{6A286F69-2153-4D2C-864D-EEE8D8601361}: DhcpNameServer=192 . 168 . 1 . 100 HKLM\SYSTEM\CCS\Services\Tcpip\ . . \{85D1B8D1-6BB3-4206-B328-16905247A9B0}: NameServer=62 . 231 . 32 . 10,62 . 231 . 32 . 11 HKLM\SYSTEM\CS1\Services\Tcpip\ . . \{121360CC-1D18-4CFE-B802-7F1FC30EE224}: NameServer=62 . 231 . 32 . 10,62 . 231 . 32 . 11 HKLM\SYSTEM\CS1\Services\Tcpip\ . . \{20F72595-8574-467C-A75B-AB13D852F786}: NameServer=62 . 231 . 32 . 10,62 . 231 . 32 . 11 HKLM\SYSTEM\CS1\Services\Tcpip\ . . \{6A286F69-2153-4D2C-864D-EEE8D8601361}: DhcpNameServer=192 . 168 . 1 . 100 HKLM\SYSTEM\CS1\Services\Tcpip\ . . \{85D1B8D1-6BB3-4206-B328-16905247A9B0}: NameServer=62 . 231 . 32 . 10,62 . 231 . 32 . 11 HKLM\SYSTEM\CS2\Services\Tcpip\ . . \{121360CC-1D18-4CFE-B802-7F1FC30EE224}: NameServer=62 . 231 . 32 . 10,62 . 231 . 32 . 11 HKLM\SYSTEM\CS2\Services\Tcpip\ . . \{20F72595-8574-467C-A75B-AB13D852F786}: NameServer=62 . 231 . 32 . 10,62 . 231 . 32 . 11 HKLM\SYSTEM\CS2\Services\Tcpip\ . . \{6A286F69-2153-4D2C-864D-EEE8D8601361}: DhcpNameServer=192 . 168 . 1 . 100 HKLM\SYSTEM\CS2\Services\Tcpip\ . . \{85D1B8D1-6BB3-4206-B328-16905247A9B0}: NameServer=62 . 231 . 32 . 10,62 . 231 . 32 . 11 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet . dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Thanks for you help greatly appreciated! |
JailCrackers (12274) | ||
| 550446 | 2007-05-16 22:51:00 | Im honestly not too sure about what the PCs saying through that log, Speedy may be able to assist there. What happens if you take your laptop to a friends for the night? This would immediately rule out the possibility its an issue with your connection, meaning something has gone amiss on both your desktop & your laptop PC. Welcome to PressF1 Cheers Chill. |
Chilling_Silence (9) | ||
| 550447 | 2007-05-16 23:16:00 | I would get trojan remover, rogueremover and hijackthis in my sig below . Make sure TR and RR and up to date and do a scan . Then in TR select the 3rd - 7th option under the utilities menu . This should fix the hosts prob . And reset a few things . And post a HJT log . |
Speedy Gonzales (78) | ||
| 550448 | 2007-05-17 01:22:00 | Hi Guys, Thanks again for you help. I ran adaware and it encounters an error just as it seems to finish (350000 files) 45 minutes. The error said that I should run chkdsk as the file in location "C:\Documents and Settings\Administrator.TFFS\Local Settings\Temp\AAWTMP\C14885674\1D3B0B". RR didn’t find anything. TF prompted for me to stop firedaemon.exe and network.exe. Should I stop them??? Also as well as MSCONFIG I also found a virus 3 days old called oagain.exe and I removed it. I will run adaware now and see if it can work correctly this time. Thanks allot. HiJackThis Log Logfile of HijackThis v1.97.7 Scan saved at 01:16:29, on 17/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\mspaint.exe E:\Master\PC Clean up\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Captain Cooks Poker (HKLM) O9 - Extra button: Attach Web page to ACT! contact (HKLM) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... (HKLM) O9 - Extra button: Research (HKLM) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM) O9 - Extra button: Bodog Poker (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - www-307.ibm.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - support.fujitsu-siemens.de O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - activex.microgaming.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload.macromedia.com O17 - HKLM\System\CCS\Services\Tcpip\..\{121360CC-1D18-4CFE-B802-7F1FC30EE224}: NameServer = 62.231.32.10,62.231.32.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{20F72595-8574-467C-A75B-AB13D852F786}: NameServer = 62.231.32.10,62.231.32.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{85D1B8D1-6BB3-4206-B328-16905247A9B0}: NameServer = 62.231.32.10,62.231.32.11 O17 - HKLM\System\CS1\Services\Tcpip\..\{121360CC-1D18-4CFE-B802-7F1FC30EE224}: NameServer = 62.231.32.10,62.231.32.11 O17 - HKLM\System\CS2\Services\Tcpip\..\{121360CC-1D18-4CFE-B802-7F1FC30EE224}: NameServer = 62.231.32.10,62.231.32.11 |
JailCrackers (12274) | ||
| 550449 | 2007-05-17 02:20:00 | Get the latest version of HJT and post another log (the whole log) . The version of HJT you have is out of date . |
Speedy Gonzales (78) | ||
| 550450 | 2007-05-17 02:28:00 | Sorry about that Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 02:34:41, on 17/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator.TFFS\Desktop\HiJackThis_v2. exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttach File - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Captain Cooks Poker - {3545A8F5-EE6B-4c4a-AD88-9C437639A73D} - C:\Program Files\captaincooksMPP\MPPoker.exe O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - e:\Program Files\Bodog Poker\BPGame.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - www-307.ibm.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - support.fujitsu-siemens.de O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - activex.microgaming.com O17 - HKLM\System\CCS\Services\Tcpip\..\{121360CC-1D18-4CFE-B802-7F1FC30EE224}: NameServer = 62.231.32.10,62.231.32.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{20F72595-8574-467C-A75B-AB13D852F786}: NameServer = 62.231.32.10,62.231.32.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{85D1B8D1-6BB3-4206-B328-16905247A9B0}: NameServer = 62.231.32.10,62.231.32.11 O17 - HKLM\System\CS1\Services\Tcpip\..\{121360CC-1D18-4CFE-B802-7F1FC30EE224}: NameServer = 62.231.32.10,62.231.32.11 O17 - HKLM\System\CS2\Services\Tcpip\..\{121360CC-1D18-4CFE-B802-7F1FC30EE224}: NameServer = 62.231.32.10,62.231.32.11 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: Serv-U (laguna) - Cat Soft - c:\WINDOWS\system32\MemCheck.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: SalesLogix Server (SalesLogix Server Service) - Best Software, Inc. - C:\Program Files\SalesLogix\SLXServer.exe O23 - Service: SalesLogix SpeedSearch (SlxSearch) - Best Software, Inc. - C:\Program Files\SalesLogix\SpeedSearch\Bin\SLXSearchService. exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 9378 bytes |
JailCrackers (12274) | ||
| 550451 | 2007-05-17 02:48:00 | Ok, run hijackthis again tick these entries and tick fix checked. Close browser/s. O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttach File - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" Or disable these in trojan remover. O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) Everything else looks ok. I would also get ccleaner (http://www.ccleaner.com) And Spybot S&D (www.spybot.info) And the detection updates as well. Install both then do a scan. |
Speedy Gonzales (78) | ||
| 550452 | 2007-05-17 08:58:00 | Hi, I am in currently in the middle on a MTT (and doing well) and then buttons started clicking and i am still lagging. All of a sudden VNC(as i forgot i have it install AND NO PASSWORD) starts flashing and buttons start clicking all by themselves. I then clicked on VNC and clicked disconnect clients and open Task Manager i saw a process called a.exe and i killed it. What should i do now ASAP please? Thanks again! |
JailCrackers (12274) | ||
| 550453 | 2007-05-17 09:39:00 | Wouldnt have a clue what a.exe is. Could be anything. Search for it on the hard drive. Where is it on the hdd? If you're connected directly to the net, I wouldnt bother using VNC. If you' want to use it, I suggest u put a password on it. |
Speedy Gonzales (78) | ||
| 550454 | 2007-05-17 12:05:00 | Here it is in case anyone else gets it www.webmasterforums.com Its a tricky one alright, Thanks for you help guys! |
JailCrackers (12274) | ||
| 1 | |||||