Jump to content

mikeh

Members
 View Profile  See their activity

  • Posts

    39

  • Joined

  • Last visited

About mikeh

  • Birthday 6/6/1962

Tech Info

  • Experience
    some_experience
  • System: windows_7_professional

mikeh's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. mikeh
    Thanks Ken, I have given this some more thought, and tried what you suggested. However I actually think it's a fault with the monitor. For example I had the same "image persistance" with a pdf I'd only had open for a couple of minutes. I could also see the image persistance flickering while doing some other tasks, and it didn't make sense that the effect was only visible on the left side of the screen - the right side is 100% normal. I will try to take it up with HP - the monitor is only 18months old. Thanks again.
  2. mikeh
    Thanks for the suggestions Ken. I haven't got a second monitor to try unfortunately. The monitor I have uses a "DP" cable. The PC is an HP Z440 workstation. I have just reinstalled the monitor driver and graphics card drivers with the most up to date ones, but no change. I'm not sure if I've described the issue very well, but the attached photo shows the screen during start up - and you can just see the "ghosting" of my browser bookmarks on the left side, while the right side is black. You can clearly see the difference between left and right sides. It seems odd that even during start up, the image of my browser and the desktop icons is visible.
  3. mikeh
    Hello, I have a HP E272q monitor, and for a few months I've been noticing that there appears to be a central division in the display, with the left hand side showing a degree of transparency that is most noticeable on dark backgrounds. For example if using Autocad with a black background, I can see a "ghosting" of other windows behind (eg like a browser), but only on the left side of the monitor centreline. I'm not sure but this may have only started after upgrading to Win 10. It was originally Win 7. Is this something anyone else has experienced?
  4. mikeh
    Ok well I managed to unzip it with WinRar. It is a huge text file - 3.6Gb, which is a bit of a problem, but one I think I can deal with.
  5. mikeh
    I've downloaded a big zipped file which contains a point cloud survey. The zipped file is 600,000kb. I've tried to unzip it but get the error code 0x80004005. I downloaded 7 zip and tried with that but still no joy (it unzipped it but made it a txt file and recorded an error. Can anyone suggest any ideas? I'm using windows 10, 64 bit. Thanks for any suggestions.
  6. mikeh
    Thanks for your help Nev. I contacted the vendor and they first sent a replacement charger. That didn't work, so I sent the laptop back to them. I've now had it returned - different battery and charger - and no problems. Not sure if that's all they did, but thanks again for your help.
  7. mikeh
    The laptop works fine without the battery. But it shuts down immediately if the mains is unplugged (but it is only on 7%). So does that really mean the battery has suddenly died, even though the energy report suggests it should be ok?
  8. mikeh
    I bought my daughter a second hand laptop a couple of months back - Dell Latitude E6510. All was well until a couple of weeks ago when I noticed the battery light flashing. It's stuck at 7%, and I haven't been able to resolve the problem. I produced an "Energy Report" through the command prompt, which indicates it should have around 80% of the original capacity (Capacity 48840, Last Full Charge 39694). However in the bios it says the battery needs replacing (it's not a Dell battery). At the moment I'm thinking it's a software issue, and I've tried following many of the YT vids to sort it (uninstalling battery, shutting down, reinstalling battery etc etc). Can anyone suggest any more reliable methods to identify the problem? Thanks for any tips.
  9. mikeh
    There's more?? This is great!!
  10. mikeh
    OK here's the ComboFix log. How's it looking now? omboFix 12-04-12.03 - admin 12/04/2012 20:33:40.1.2 - x86 Running from: c:\users\admin\Downloads\Combo-Fix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\GuffinsEI . . ((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 ))))))))))))))))))))))))))))))) . . 2012-04-12 12:29 . 2012-04-12 12:29 722070 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2012-04-09 20:40 . 2012-04-09 20:40 -------- d-----w- c:\users\admin 2012-04-08 14:10 . 2012-04-08 14:10 -------- d-----w- c:\program files\Common Files\Java 2012-04-08 14:05 . 2012-04-08 14:04 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-04-08 12:41 . 2012-04-08 12:41 -------- d-----w- c:\program files\7-Zip 2012-04-08 08:00 . 2012-04-08 08:00 -------- d-----w- c:\program files\ESET 2012-04-07 18:57 . 2012-04-07 18:57 -------- d-----w- C:\_OTL 2012-04-06 19:46 . 2012-04-06 19:46 -------- d-----w- c:\users\Mike Hewitt\AppData\Roaming\Malwarebytes 2012-04-06 19:46 . 2012-04-06 19:46 -------- d-----w- c:\programdata\Malwarebytes 2012-04-06 19:45 . 2012-04-06 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-06 19:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:55 . 2012-03-29 08:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-16 10:50 . 2012-03-16 10:50 -------- d-----w- C:\8431013cc9a129c787eeee0744 2012-03-16 09:36 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-03-16 09:22 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-03-16 09:22 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-03-16 09:22 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-03-16 09:22 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-03-16 09:22 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-03-16 09:22 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-03-16 09:22 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2012-03-16 09:22 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll 2012-03-16 09:22 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll 2012-03-16 09:22 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2012-03-16 09:22 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll 2012-03-16 09:21 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2012-03-16 09:21 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll 2012-03-16 09:21 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll 2012-03-16 09:21 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll 2012-03-16 09:19 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2012-03-16 09:19 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-16 09:19 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll 2012-03-16 09:19 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-03-16 09:19 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll 2012-03-16 09:19 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax 2012-03-16 09:19 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-03-16 09:19 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2012-03-16 09:18 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll 2012-03-16 09:18 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2012-03-16 09:18 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2012-03-16 09:18 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2012-03-16 09:17 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2012-03-16 09:17 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2012-03-16 09:17 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-03-16 09:17 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-16 09:17 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-16 09:17 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-16 09:17 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-16 09:17 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-16 09:17 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-16 09:17 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-03-16 09:17 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-16 09:17 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-16 09:16 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll 2012-03-16 09:14 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll 2012-03-16 09:14 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll 2012-03-16 09:14 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll 2012-03-16 09:13 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-16 09:13 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-08 14:04 . 2011-01-05 23:29 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-29 08:55 . 2011-05-20 18:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-30 13:59 . 2012-03-30 13:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "4oD"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Skytel"="Skytel.exe" [2007-04-04 1822720] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-10 68592] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-05-25 273544] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2008-11-17 263456] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mavis Beacon Teaches Typing Deluxe Version 11.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Mavis Beacon Teaches Typing Deluxe Version 11.lnk backup=c:\windows\pss\Mavis Beacon Teaches Typing Deluxe Version 11.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater] 2011-09-15 14:24 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-09-12 17:00 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mchInjDrv . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:55] . 2012-04-12 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-05 14:24] . 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 10:40] . 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 10:40] . 2011-09-10 c:\windows\Tasks\User_Feed_Synchronization-{A6EDA759-7985-4AFC-9FE1-16A4C9E3856B}.job - c:\windows\system32\msfeedssync.exe [2012-03-16 12:17] . . ------- Supplementary Scan ------- . uStart Page = hxxp://support.thetechguys.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\a94r7txh.default\ . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-Remove Duplicate Files - c:\program files\Remove Duplicate Files\RemoveDuplicateFiles.exe MSConfigStartUp-SSDMonitor - c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe AddRemove-BearShare 2 MediaBar - c:\program files\BearShare Applications\MediaBar\Datamngr\ToolBar\uninstallTB.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-12 20:43 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(4252) c:\program files\ThreatFire\TFWAH.dll . - - - - - - - > 'lsass.exe'(624) c:\program files\ThreatFire\TFWAH.dll . - - - - - - - > 'Explorer.exe'(4988) c:\program files\ThreatFire\TFWAH.dll . Completion time: 2012-04-12 20:48:04 ComboFix-quarantined-files.txt 2012-04-12 19:48 . Pre-Run: 92,834,865,152 bytes free Post-Run: 92,798,128,128 bytes free . - - End Of File - - E26E6673C6F6BEE389BC17F6155C6D7A
  11. mikeh
    Thanks for all your replies. I am away most of this week but will do the Combofix thing on my return. Many thanks.
  12. mikeh
    Starbuck, You are a star, the system is running better and the redirection appears to be gone. I understand more about the user accounts and have created one for the kids use without administrator privileges. Maybe this will ensure they can't let malware onto the system? I crave a better understanding and so have some questions to help me avoid this situation in the future..... (if you haven't anything better to do) Was there any one particular "thing" causing the redirection? Does the "google redirect virus" actually exist? Can you suggest ways in which this malicious software has got onto the system, bearing in mind the kids use it for simple internet games, downloading music (they assure me these are legal sites), school projects research, skype and windows live messenger? Would they be aware or would their consent be needed before anything is downloaded (ie if a game tells them they need to download and install something and they just say yes to everything) Is skype ok to use? What is Bearshare and where does it come from. Is it bad? Thanks for reminding me of the need to keep things updated. Windows itself had not updated for several months, though I didn't realise. It only updated a couple of weeks ago when I used a long cable from the router instead of wireless. Windows Defender is not able to update at the moment, I think it might be because of the wireless too. What would you advise for the best free anti spyware/malware at the moment? Thanks for your invaluable help. A master of your trade indeed.
  13. mikeh
    Ok here's the ESET scan log: C:\ProgramData\Microsoft\Windows\DRM\D44E.tmp Win32/Olmarik.AYD trojan cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch103.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch105.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch106.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch110.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch111.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch115.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch209.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch211.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch212.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch217.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch307.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch309.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch310.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch314.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch315.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch317.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch326.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch357.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch447.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch449.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch450.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch454.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch455.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch457.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch466.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch496.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch559.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\_OTL\MovedFiles\04072012_195750\C_Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined I nervously await your judgment.
  14. mikeh
    Ok, the OTL scan worked on the third time: All processes killed ========== OTL ========== No active process named datamngrUI.exe was found! Error: No service named Elsaupdxpsms was found to stop! Service\Driver key Elsaupdxpsms not found. File File not found not found. Error: No service named FXDrv32 was found to stop! Service\Driver key FXDrv32 not found. File E:\FXDrv32.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ not found. File C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\x-sdch not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found. File C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\x-sdch\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1759355-3EEC-4C1E-B0F1-B719FE26E377}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll deleted successfully. File C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll deleted successfully. File C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06204a1b-bab6-11e0-9260-00016c1a3731}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06204a1b-bab6-11e0-9260-00016c1a3731}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06204a1b-bab6-11e0-9260-00016c1a3731}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06204a1b-bab6-11e0-9260-00016c1a3731}\ not found. File K:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cc7b42b-75df-11dc-a95a-00016c1a3731}\ not found. File F:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found. File K:\LaunchU3.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\RegistryMechanic\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{9D22C01D-2852-4E37-95A0-59F37A6D2612}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{53A3E412-CE33-4397-9B05-23FFCE6A8976}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{C45BDD2B-062F-4FA7-A401-65FD6F79617E}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{C6472648-DCB9-437D-985E-6A1E148C3CD9}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{055B2CD7-561B-46D1-BAC3-AA52949D4E76}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{CCDA17DB-CBD0-4BFD-BCE3-5DE1CF12BBA4}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{7DFAC83E-855D-465F-8B39-A1081DA4E95B}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{FC3DAF89-BACD-402D-AD0D-63BD18006E9F}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{59A71971-7912-4227-AB75-CA379B089444}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{8D429943-4783-448A-B608-7CFDC0685109}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{19E70709-F4A8-4954-996B-5EBF0A3C9D5A}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{CD77B86A-CFE4-4DDE-BC46-6D5CBCD72877}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{B04FD849-2BBB-4413-AD46-7D6407448275}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{0EA2B240-81FB-4495-8D23-53107B491CA3}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{8893DCF1-A14A-490B-B90A-F128EC2E1F25}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{856F713A-C85C-406A-B4A2-88BEA825C698}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{307AC2E7-05D3-434B-8E81-077F1152E20B}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{E22607B3-42E1-4C87-8D9A-6F285F873EEE}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{B9F16C53-A464-425A-82F5-137A638A1233}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{8F05698B-1798-43BD-AD63-FA87AEE0D959}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{85B8BF0A-29CE-4774-8685-F63459553BBD}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{AC049ABA-834F-4255-BD2F-AC1B95A715D4}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{2378C28F-F3DC-491F-9669-96454EC27189}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{B8A8C684-9411-448E-9D87-4D176B49008C}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{4A1CA775-7EDD-41A0-BFA8-E276A1FD4A99}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{BFB1B0EE-E116-4F2C-A857-7E546F96D51F}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{75A78621-9CA3-4693-A6F7-028E6725CAC4}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{8384171D-10FE-44EC-AD2F-204F21E42022}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{97372039-F26A-41D9-A476-36C0BB1FCD55}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{17F53CC8-F3EC-4472-8C0F-AF4297F39574}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{007BA13D-3534-4A65-8B19-25E4AD21682A}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{F18CAFD4-A628-41EA-9E2C-AAF16A30105E}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{60812FD7-7178-4E64-8C88-D70A05F0CFAF}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{710B5B3A-1B36-48D9-A66D-C7791F4673B8}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{EFBE2FE4-1DED-46D7-8889-E0072272DEC7}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{D09E72D8-A46C-4EE1-BCEA-7F1D5D07F4AD}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{BB298A6A-25B8-4FDE-AEA9-A5742F784266}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{EC17CD5D-7D31-427D-A12F-391384CC86CB}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{60EB7B98-1013-42BE-AC5F-B11C64B87AC8}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{BE789E8F-BB3B-4C6A-9AB3-606F9C1082C2}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{C862B12D-8C9E-44E7-BCA8-05B994323FE0}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{C5A0E09B-9E77-41C7-8520-A0E3979CF586}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{BC6EBD3D-D64D-419F-83E3-1182F913F5F5}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{404BD956-CB18-4C66-9D02-ABDE263E4444}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{8C3E2E9D-ADF9-4B50-92AD-3B4DBDF6F959}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{82CCE1F3-29E1-49D0-A6FB-338C63A793B9}\ not found. Folder C:\Users\Mike Hewitt\AppData\Local\{F61C9F00-FF7F-4226-9E9D-9E1BA6BADFDD}\ not found. Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 . Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 . Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 . ADS C:\ProgramData\TEMP:1CA73D29 deleted successfully. Unable to delete ADS C:\ProgramData\TEMP:45FE2B4E . ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Mike Hewitt\Downloads\cmd.bat deleted successfully. C:\Users\Mike Hewitt\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User User: Mike Hewitt ->Temp folder emptied: 225135 bytes ->Temporary Internet Files folder emptied: 43914 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 12481105 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 15439345 bytes RecycleBin emptied: 8620694262 bytes Total Files Cleaned = 8,248.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.39.2 log created on 04082012_083742 Files\Folders moved on Reboot... Registry entries deleted on Reboot... The Eset scan is currently running, will add to next reply. Thanks.
  15. mikeh
    Well that didn't go to plan. I did as you said with Spybot. The OTL scan started, Threatfire interrupted a couple of times but I let OTL continue, then a windows box with "OTL has stopped working". I ended up doing a forced reboot. The log file only says "Files/Folders moved on reboot, Registry entries deleted on reboot." Should I try OTL again? Should the settings be the same as you stated in your first response? So I'm a little confused about this P2P. We use Skype, and Windows Live Messenger, but are there others on our system that are less trustworthy? Thanks.
×
×
  • Create New...