| Author |
cycovision - pc help thread |
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
You've got a worm! Ok, take out the ones in bold
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.netscape.co.uk
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [winupdates] C:Program Fileswinupdateswinupdates.exe /auto
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
O8 - Extra context menu item: &Download with &DAP - C:PROGRA~1DAPdapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:PROGRA~1DAPdapextie2.htm
O8 - Extra context menu item: Send To &Bluetooth - C:Program FilesMSIBToes Bluetooth Softwarebtsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesMSIBToes Bluetooth Softwarebtsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesMSIBToes Bluetooth Softwarebtsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com[....]sengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-</B><!-- BBCode End -->server1.bt.com/broadband/MotivePreQual.cab
<!-- BBCode Start --><B>O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab</B><!-- BBCode End -->
<!-- BBCode Start --><B>O17 - HKLMSystemCCSServicesTcpip..{176FFE7E-C545-4241-B210-378D43210992}: NameServer = 80.225.252.178 80.225.252.186
O17 - HKLMSystemCS2ServicesTcpip..{176FFE7E-C545-4241-B210-378D43210992}: NameServer = 80.225.252.178 80.225.252.186
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-[8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:WINDOWSsystem32btxppanel.dll
O20 - Winlogon Notify: WB - C:PROGRA~1StardockOBJECT~1WINDOW~1fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
_________________
'He who laughs last, laughs longest. Or didn't get the joke...'
[ This Message was edited by: Cycovision on 2005-12-12 18:00 ] |
|
|
lamont
Joined: Mar 27, 2005
Posts: > 500
From: Manchester, UK
PM |
Done it! This is my new log:
Logfile of HijackThis v1.99.1
Scan saved at 18:10:19, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
C:WINDOWSsystem32devldr32.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesStardockObject DesktopWindowBlindswbload.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Documents and SettingsnickDesktophijackthisHijackThis.exe
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = www.netscape.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
O8 - Extra context menu item: &Download with &DAP - C:PROGRA~1DAPdapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:PROGRA~1DAPdapextie2.htm
O8 - Extra context menu item: Send To &Bluetooth - C:Program FilesMSIBToes Bluetooth Softwarebtsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesMSIBToes Bluetooth Softwarebtsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesMSIBToes Bluetooth Softwarebtsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com[....]sengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O17 - HKLMSystemCCSServicesTcpip..{176FFE7E-C545-4241-B210-378D43210992}: NameServer = 80.225.252.178 80.225.252.186
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
Hows it look? cheers for your help!!
[ img ] http://a-zott.com/images/A-ZoTT%20Userbar%20Gold.gif [ /img ]
|
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
Much better! The winupdates.exe file (gaobot worm) isn't in the startup anymore which is the main thing.
Now you need to update your AVG (if necessary), restart in safe mode and do a full virus scan. Follow that by running whichever spyware apps you use (spybot s+d, adaware etc.) again making sure that they're fully updated first 
|
lamont
Joined: Mar 27, 2005
Posts: > 500
From: Manchester, UK
PM |
kewl, cheers mate ill do that now! thanks again for your help! |
dude_se
Joined: Dec 16, 2004
Posts: > 500
From: Evesham, UK
PM |
woah thats a lot of crap you have there!
@cyco, usb pci card should be with me tomorrow so i will let you know how i get on
dude_se
10 +'ve feedback's, 0 -'ves
--------------------------- |
p900 lover
Joined: Jan 08, 2004
Posts: > 500
From: London
PM |
Quote:
|
On 2005-12-12 18:31:26, Cycovision wrote:
@p900
1. Your desktop PC needs only a PCI wireless card. It slots into any spare PCI slot actually inside your computer (you have to take the side off to fit it!). The PCI slots are the ones where your dial-up modem (if you have one) are fitted.
2. Yes, viruses can spread over networks. All PCs on the network should have their own antivirus program running.
3. Some routers allow you to impose cap limits for each client on the network via the router's control panel.
@Lamont
I eat hijack this logs for breakfast 
|
|
Thanks a lot, regarding number 1 is there an external option cos im not very good with inside computer bits?
How would i know if my router lets me set a limit?
Thanks again.
|
lamont
Joined: Mar 27, 2005
Posts: > 500
From: Manchester, UK
PM |
@dude_se - please will you name some of this shit please?  i think 95% of the stuff is needed!
[ img ] http://a-zott.com/images/A-ZoTT%20Userbar%20Gold.gif [ /img ]
|
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
@p900
Yes, you can get wireless USB dongles, similar to bluetooth dongles, if you don't fancy taking the side off your PC. You can buy them from amazon if I remember correctly. The only thing is, the new PC must support USB 2.0 (which it will if it's brand new  )
As for the router, you'll have to read (download it from the manufacturer's web site if necessary) the documentation I'm afraid since each router is different. Router control panels are always accessed via your web browser, usually by typing in it's IP address (10.0.0.2 is a common router IP address) and entering the required username and password.
|
p900 lover
Joined: Jan 08, 2004
Posts: > 500
From: London
PM |
Thanks a lot mate, will order a Dongle ASAP and read up on the router.
Oh and 1 more question (iv aleady asked you this but cant find it, sorry) where can i get a slightly longet Ethernet cable and the cable that conects the router to the phone socket? |
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
Nickknows!
http://www.nickknows.com/browse.php?category=471&desc=Cables
Should be able to get your dongle from there as well, don't know how the prices compare to other sites though!
|
p900 lover
Joined: Jan 08, 2004
Posts: > 500
From: London
PM |
Thanks
edit: Cat5E or Cat6E Cable? and what is the cable that conect to the phone socket called?
[ This Message was edited by: p900 lover on 2005-12-12 19:38 ] |
dude_se
Joined: Dec 16, 2004
Posts: > 500
From: Evesham, UK
PM |
@lamont what u mean?
any pci device is easy to fit. take case off. put in an available socket (just pushes in). a blind person could do it
dude_se
10 +'ve feedback's, 0 -'ves
--------------------------- |
p900 lover
Joined: Jan 08, 2004
Posts: > 500
From: London
PM |
What about drivers? And will there deffinitley be a PCI slot free? |
dude_se
Joined: Dec 16, 2004
Posts: > 500
From: Evesham, UK
PM |
most pcs should have atleast 1 free as standard. just take your case off now and have a look. will be ok as long as you dont touch anything. its just a white rectangle. there should be at least 3 of them in a quite modern pc. some devices do not need drivers as pc will install it automatically although some will need the os cd (eg windows xp cd, or a driver cd). should be easy to get drivers off internet if it doesnt come with any
dude_se |
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
Cat5E cable and a DSL modem cable is what you need (I sound like Yoda there )
The wireless card, PCI or USB, will come with a driver disk. In the case of USB, you put the cd in first and install the software before plugging the dongle in. For the PCI card, you put the card in first with the pc switched off, turn the PC on, cancel the 'found new hardware wizard' and stick the CD in then.
|
|
|
Posted: 2005-12-12 18:59
