Jump to content


Advanced Member
  • Content Count

  • Joined

  • Last visited

About pete_c

  • Rank

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Location
  1. hi jon, utorrent is installed but never used on this computer,it has no dvd writer so i only use it on my desktop pc-but i take your concerns about p2p .i have uninstalled it from here and also ran atf cleaner and malwarebytes-all clean. i guess my pc is back to how it was a month ago-many thanks for your help. i said about the hard drive on the way out as it was so slow and seagate tools for dos found 7 missing sectors,as i say i defraged it and things sped up a touch. its now as i say ok for now-i understand its not the fastest pc but its only for surfing the web. cheers again
  2. GMER - http://www.gmer.net Rootkit scan 2010-09-11 06:39:29 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\winxp\LOCALS~1\Temp\fwgoqpod.sys ---- System - GMER 1.0.15 ---- SSDT F7C8AF1E ZwCreateKey SSDT F7C8AF14 ZwCreateThread SSDT F7C8AF23 ZwDeleteKey SSDT F7C8AF2D ZwDeleteValueKey SSDT F7C8AF32 ZwLoadKey SSDT F7C8AF00 ZwOpenProcess SSDT F7C8AF05 ZwOpenThread SSDT F7C8AF3C ZwReplaceKey SSDT F7C8AF37 ZwRestoreKey SSDT F7C8AF28 ZwSetValueKey ---- EOF - GMER 1.0.15 ----
  3. DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 6/22/2009 1:48:30 AM System Uptime: 9/11/2010 3:09:22 AM (0 hours ago) Motherboard: TOSHIBA | | Portable PC Processor: Intel® Celeron CPU 1066MHz | uFC-PGA2 Socket | 1062/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 9 GiB total, 4.788 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Video Controller (VGA Compatible) Device ID: PCI\VEN_1023&DEV_8820&SUBSYS_00011179&REV_82\4&122A2372&0&0008 Manufacturer: Name: Video Controller (VGA Compatible) PNP Device ID: PCI\VEN_1023&DEV_8820&SUBSYS_00011179&REV_82\4&122A2372&0&0008 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Device ID: ACPI\TOS6202\2&DABA3FF&0 Manufacturer: Name: PNP Device ID: ACPI\TOS6202\2&DABA3FF&0 Service: ==== System Restore Points =================== RP95: 9/4/2010 3:34:26 PM - Removed SeaTools for Windows RP96: 9/4/2010 3:41:08 PM - Restore Operation RP97: 9/10/2010 10:51:32 AM - System Checkpoint ==== Installed Programs ====================== Adobe Acrobat 5.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Shockwave Player 11.5 µTorrent Avira AntiVir Personal - Free Antivirus Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows XP (KB954550-v5) Java Auto Updater Java 6 Update 21 Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox (3.5.11) MSVCRT MSXML 6.0 Parser (KB933579) SANYO Screen Capture 1.1 Segoe UI SIW version 2009-05-12 Toshiba Soft Modem AMR Veetle TV 0.9.16 viDrop WebFldrs XP Windows Imaging Component Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows PowerShell 1.0 Windows XP Service Pack 3 WinRAR archiver Yahoo! Messenger ZyXEL G-202 Wireless Adapter Utility ==== Event Viewer Messages From Past Week ======== 9/4/2010 4:19:52 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 9/4/2010 3:22:37 AM, error: Dhcp [1002] - The IP address lease for the Network Card with network address 0019CB2E63AD has been denied by the DHCP server (The DHCP Server sent a DHCPNACK message). 9/4/2010 10:40:21 AM, error: Service Control Manager [7022] - The Avira AntiVir Guard service hung on starting. 9/10/2010 8:24:01 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/10/2010 8:24:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. ==== End Of File =========================== DDS (Ver_10-03-17.01) - NTFSx86 Run by winxp at 3:19:48.40 on Sat 11„/09/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.495.148 [GMT -7:00] AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\winxp\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://uk.ask.com?o=15153&l=dis uSearch Page = hxxp://search.live.com mDefault_Search_URL = hxxp://www.google.com/ie mSearchAssistant = hxxp://search.live.com/sphome.aspx BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\winxp\applic~1\mozilla\firefox\profiles\ekj7ko4u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-10 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-10 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-10 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-10 60936] R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [2009-7-28 40320] R3 ousb2hub;OrangeWare USB 2.0 Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2009-7-28 54784] R3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver;c:\windows\system32\drivers\WlanUZXP.SYS [2009-7-14 437760] S3 EL3C589;3Com Megahertz LAN PC Card Driver;c:\windows\system32\drivers\el589nd5.sys [2009-7-15 26141] S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;c:\windows\system32\ZDCndis5.sys [2009-6-24 19072] =============== Created Last 30 ================ 2010-09-05 07:21:24 0 d-----w- C:\desktop 2010-09-04 22:43:29 0 d-----w- c:\windows\system32\wbem\Repository 2010-09-04 22:42:19 0 d-----w- c:\program files\common files\Wise Installation Wizard 2010-09-04 10:50:31 0 d-----w- c:\program files\Trend Micro 2010-09-03 16:53:57 0 d-----w- c:\program files\Seagate 2010-08-29 15:59:42 0 d-----w- c:\windows\system32\NtmsData ==================== Find3M ==================== 2010-07-17 12:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll ============= FINISH: 3:21:32.19 ===============
  4. jontom i have done a defrag and cleared out all temp files etc with ccleaner..am now going to follow your steps-will post back,sorry for delay have been away. pete. p.s pc is running a lot smoother now,will still do your tests thou
  5. hi, 3 days ago booted pc up and it took an age,while typing this i cannot see the font untill a few seconds after i enter it...all is not well...may be a hard drive on the way out..had to close avira virus check as it had done 12% in 3 hours! ok heres my log.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:01:04, on 4ä/09/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com?o=15153&l=dis R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 3861 bytes
  6. yup i have done that-and it picked up the netgear signal -showing connected signal strength excellent.
  7. ok guys thx for replys i will see what firewall is on there. to powerchucker..connecting to router isnt a problem-says signal is excellent..just wont connect to web..chucked in a ethernet cable and no probs -got connected straight away. device manager says her dell wireless card is fine-updated drivers and they were most recent-lappy is only 3 months old anyway. but....why would she get a wireless signal at her dads no probs and then have trouble back home..obviously i can see the netgear may be at fault but 2 other puters in house connect without problem.? i did attempt to remove the connection then reboot and add it all again but it connected straight away to router. also repaired did nout. one thing i did notice was the small button on side that turns laptop to wireless,it lit up blue but then went out-is this light meant to stay on permanent while you are connected wirelessly. to many questions..sorry guys..next rounds on me
  8. hi im posting this on behalf of a friend so if some info is missing i apologise. laptop is a dell running vista home, she took it to her dads for the weekend-worked fine on his wireless router, on returning home she has had trouble getting it online to the netgear router,says in network connections it is connected and signal is excellent but it does not connect to the internet. mocrosft has a few problem solving things they tried but none worked. thanks in advance pete
  9. thanks doug,i notice on the hp site there is a firware download for xp july 09 for problems with install-and some other bits i can install. 1 thing not sure why they dont mention my actual model 6300..mention every other 63-- models so rather confused what software i need? http://search.hp.com/query.html?lang=en&am...p;charset=utf-8 "select a product" 6300 isnt mentioned but thats what it says on my box!
  10. bear, hp instructions say to set up wireless first-any reason why they would say this if known conflicts occur? i will try the usb way and hopefully have some joy. cheers
  11. i have set it up wirelessly,disabled anti virus and spyware tools as told to. when i put in installation cd it starts to install but then hangs at 1% and i get no further. any ideas? win xp sp3 thx in advance
  12. well we had it bad-i think things are maybe looking up in a few years as the PM has said he wants the whole of uk on broadband with fibre optic high speed connections-it wont happen,it will be out in june next year at latest,politics is another story but heres the link badbinary if you want to see how we gonna rule the world! http://www.telegraph.co.uk/finance/newsbys...ed-service.html 8210guy.... i download a few shows a week (lost until it ended,dexter,csi miami ) also maybe 2 films a week and in between any decent albums that come out,virgin havent been on my case yet-maybe thats not classed as a heavy downloader? mmm thinking about it a movie is only 700mb,a tv show 400ish maybe im within the law so to speak(the virgin law) ...al so virgin now have free technical support which used to be £1 a minute, i have rung em a few times pretending my speed was low n then i get a quick unrelated question in-they say they shouldnt really answer it but they tend to "suggest stuff" that helps. im ok with virgin -bransons a good guy gonna stick with em.
  13. yup NTL were pure it has to be said,i was with em from the start and had many issues with there phone services. then again i had a nice chipped cable box and got all channels free so there were good points to them being so bad..i.e they never sussed
  14. im with virgin media-had no probs with them, in fact when i complained that my medium broadband package was dearer than tiscali a few months ago i was upgraded free of charge to there xl package-i now enjoy speeds of 18mb for £20 a month....tiscali and talk talk are among the worst isps in uk u need to get cable!
  15. juliet, this log is for said women i told you about in previous posts-things didnt look so bad yesterday did they-a few symantec preobs-nout to serious--today it took on another level!!! thx again
  • Create New...