Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Comp running too slow, locking up [Solved]

Started by jester1525 , Aug 19 2012 12:09 AM

This topic is locked

#16
jester1525

Posted 11 September 2012 - 02:07 PM

Member

Topic Starter
Member
21 posts

Just tried logging out and did get a file - '252' for what it's worth..

Other than that, I'll open up Photoshop and Illustrator and see what happens tonight and let you know.. just home for lunch and don't have time to play with it at the moment..

Once again, thanks for all the help!

B

Logs:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ not found.
HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1606980848-1417001333-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ not found.
Registry key HKEY_USERS\S-1-5-21-1606980848-1417001333-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\lib folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\chrome folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\conduit.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-1606980848-1417001333-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Adam
->Temp folder emptied: 170319 bytes
->Temporary Internet Files folder emptied: 103618138 bytes
->Java cache emptied: 176985 bytes
->Flash cache emptied: 60824 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56543 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 477215 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 40536 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: temp

User: User
->Temp folder emptied: 73944850 bytes
->Temporary Internet Files folder emptied: 8292866 bytes
->Java cache emptied: 9102528 bytes
->FireFox cache emptied: 97850683 bytes
->Google Chrome cache emptied: 21209757 bytes
->Flash cache emptied: 57730 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 195654 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 320100 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 301.00 mb

OTL by OldTimer - Version 3.2.58.1 log created on 09102012_205209

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.11.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: DEN [administrator]

Protection: Enabled

9/11/2012 4:30:08 AM
mbam-log-2012-09-11 (04-30-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264660
Time elapsed: 15 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2cfaea179e78204f8194be8c21c85aff
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-11 05:57:59
# local_time=2012-09-10 11:57:59 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 16777214 0 2 68620566 68620566 0 0
# compatibility_mode=5891 16776533 42 92 0 14444700 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=410231
# found=4
# cleaned=4
# scan_time=9113
C:\Documents and Settings\User\Application Data\fdmer.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DA844029-A6CF-47A5-85DF-D840D386CF61}\RP1570\A0204368.exe a variant of Win32/Adware.Moonshle.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DA844029-A6CF-47A5-85DF-D840D386CF61}\RP1570\A0204369.exe a variant of Win32/Adware.Moonshle.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DA844029-A6CF-47A5-85DF-D840D386CF61}\RP1580\A0207698.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Edited by jester1525, 11 September 2012 - 02:12 PM.

#17
blmadara

Posted 13 September 2012 - 01:58 PM

Trusted Helper

Malware Removal
767 posts

Hi jester1525,

Once again, thanks for all the help!

You're welcome!!

Step One: OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[createrestorepoint]

:OTL
[2012/09/09 23:24:55 | 000,008,184 | ---- | M] ()(C:\Documents and Settings\User\??j) -- C:\Documents and Settings\User\漀ѽj
[2012/09/09 23:24:43 | 000,008,283 | ---- | M] ()(C:\Documents and Settings\User\??z) -- C:\Documents and Settings\User\�Ѹz
[2012/08/08 20:17:23 | 000,000,759 | ---- | M] ()(C:\WINDOWS\System32\??p) -- C:\WINDOWS\System32\脀Ѹp
[2012/08/08 20:17:22 | 000,000,792 | ---- | M] ()(C:\WINDOWS\System32\??r) -- C:\WINDOWS\System32\脀Ѹr
[2012/08/08 20:17:21 | 000,000,759 | ---- | M] ()(C:\WINDOWS\System32\??h) -- C:\WINDOWS\System32\漀ѽh
[2012/08/08 20:17:20 | 000,000,825 | ---- | M] ()(C:\WINDOWS\System32\??x) -- C:\WINDOWS\System32\Ѹx
[2012/08/08 20:16:44 | 000,001,947 | ---- | M] ()(C:\WINDOWS\System32\??z) -- C:\WINDOWS\System32\�Ѹz
[2012/07/18 22:32:19 | 000,000,528 | ---- | M] ()(C:\Documents and Settings\User\??x) -- C:\Documents and Settings\User\Ѹx
[2010/08/26 07:44:32 | 000,000,033 | ---- | M] ()(C:\WINDOWS\System32\??j) -- C:\WINDOWS\System32\漀ѽj
[2010/08/26 07:44:31 | 000,000,033 | ---- | C] ()(C:\WINDOWS\System32\??j) -- C:\WINDOWS\System32\漀ѽj
[2010/08/16 09:35:39 | 000,000,792 | ---- | C] ()(C:\WINDOWS\System32\??r) -- C:\WINDOWS\System32\脀Ѹr
[2010/08/16 09:35:39 | 000,000,759 | ---- | C] ()(C:\WINDOWS\System32\??p) -- C:\WINDOWS\System32\脀Ѹp
[2010/08/16 09:35:38 | 000,000,825 | ---- | C] ()(C:\WINDOWS\System32\??x) -- C:\WINDOWS\System32\Ѹx
[2010/08/16 09:35:38 | 000,000,759 | ---- | C] ()(C:\WINDOWS\System32\??h) -- C:\WINDOWS\System32\漀ѽh
[2010/08/16 09:35:38 | 000,000,528 | ---- | C] ()(C:\Documents and Settings\User\??x) -- C:\Documents and Settings\User\Ѹx
[2010/08/15 20:12:04 | 000,001,947 | ---- | C] ()(C:\WINDOWS\System32\??z) -- C:\WINDOWS\System32\�Ѹz
[2010/08/11 00:54:35 | 000,008,184 | ---- | C] ()(C:\Documents and Settings\User\??j) -- C:\Documents and Settings\User\漀ѽj
[2010/08/11 00:54:34 | 000,008,283 | ---- | C] ()(C:\Documents and Settings\User\??z) -- C:\Documents and Settings\User\�Ѹz

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"3246:TCP"=-
"7629:TCP"=-
"3389:TCP"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"3246:TCP"=-
"7629:TCP"=-
"3389:TCP"=-

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Two: Hard-Drive Maintenance

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial here and follow the instructions for Graphical Mode if you so wish.

Click Start >> Run... then type in CMD and click on OK.
At the Command Prompt C:\ > type the following:
CD C:\ and hit the Enter/Return key.
Now type in DEFRAG C: -F
A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
This may take some time, when completed the Command Prompt C:\ > will appear.
Now type in CHKDSK C: /R and hit the Enter/Return key.
When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

Hit the Y key then at the Command Prompt C:\ >
Type in EXIT and and hit the Enter/Return key.
Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Step Three: How is your computer running?

Let me know if you are still getting the crashes you mentioned and if you are still getting the random file message when logging out.

What I need in your next post:
1. The log from the OTL fix.
2. Let me know what problems remain.

#18
jester1525

Posted 17 September 2012 - 07:50 AM

Member

Topic Starter
Member
21 posts

Oops - came on to see if you had replied to my last post.. and realized I had forgotten to post..

Computer is running MUCH faster.. smoother..

Still get the odd file not closing thing, but who knows what that is.. My coworker who is our IT director said that Microsoft Security Essentials might sometimes create temp files that are just random names and that might be it. He didn't seem to sure of that, but I figured I'd pass it on.

OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Documents and Settings\User\漀ѽj moved successfully.
File C:\Documents and Settings\User\�Ѹz not found.
C:\WINDOWS\system32\脀Ѹp moved successfully.
C:\WINDOWS\system32\脀Ѹr moved successfully.
C:\WINDOWS\system32\漀ѽh moved successfully.
C:\WINDOWS\system32\Ѹx moved successfully.
File C:\WINDOWS\System32\�Ѹz not found.
C:\Documents and Settings\User\Ѹx moved successfully.
C:\WINDOWS\system32\漀ѽj moved successfully.
File C:\WINDOWS\System32\漀ѽj not found.
File C:\WINDOWS\System32\脀Ѹr not found.
File C:\WINDOWS\System32\脀Ѹp not found.
File C:\WINDOWS\System32\Ѹx not found.
File C:\WINDOWS\System32\漀ѽh not found.
File C:\Documents and Settings\User\Ѹx not found.
File C:\WINDOWS\System32\�Ѹz not found.
File C:\Documents and Settings\User\漀ѽj not found.
File C:\Documents and Settings\User\�Ѹz not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\65533:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\52344:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2479:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3246:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\7629:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\65533:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\52344:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2479:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3246:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7629:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adam
->Temp folder emptied: 2995 bytes
->Temporary Internet Files folder emptied: 48014880 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 877 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 32404 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: temp

User: User
->Temp folder emptied: 285349 bytes
->Temporary Internet Files folder emptied: 7918077 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35606166 bytes
->Google Chrome cache emptied: 9986430 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 763428 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4137 bytes

Total Files Cleaned = 98.00 mb

OTL by OldTimer - Version 3.2.58.1 log created on 09142012_074341

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#19
blmadara

Posted 17 September 2012 - 07:19 PM

Trusted Helper

Malware Removal
767 posts

Hi jester1525,

Step One: Kaspersky Security Scan

Go to here
Click the download button under Kaspersky Security Scan
Download and run the file
It will start to download the Kaspersky Security Scan program data
Once downloaded the installer will begin
Click Next
Accept the License Agreement
Click Install
The program will now install
Click Finish
Kaspersky Security Scan will now start
Click the Full Scan button
The scan will take about an hour or two depending on the amount of data on your hard drive
If the scan detects problems it will open a Problems found window
Click Details to generate a scan results report
Once the scan is complete do the following:
- For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
  For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
- Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
- Attach the HtmlReport zipped folder to your next post
You can now close Kaspersky Security Scan

What I need in your next post:
1. Please attach HTMLReport.zip to your next post.

#20
jester1525

Posted 18 September 2012 - 01:30 PM

Member

Topic Starter
Member
21 posts

That wasn't attached.. let me try again

Attached Files

HtmlReport.zip 317.81KB 85 downloads

Edited by jester1525, 18 September 2012 - 01:31 PM.

#21
jester1525

Posted 18 September 2012 - 01:31 PM

Member

Topic Starter
Member
21 posts

Here is the file

Thanks

Edited by jester1525, 18 September 2012 - 01:31 PM.

#22
blmadara

Posted 20 September 2012 - 11:01 AM

Trusted Helper

Malware Removal
767 posts

Hi jester1525,

Congratulations, your logs appear clean again! Now we have some cleanup and maintenance to do.

Clean up with ComboFix

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

Clean up with OTL

Open OTL to run it.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the Cleanup button
Say Yes to the prompt and then allow the program to reboot your computer.

Note: If any logs/tools remain on your desktop > right click and delete them.

Update Adobe Reader

It's very important that you keep your computer updated with the latest Adobe updates.

Open Adobe Reader.
Click Help on the menu at the top.
Click Check for Updates.
Allow any updates to be downloaded and installed.

Update Mozilla Thunderbird

Your version of Thunderbird is not up to date. Download the latest version here, save it to your desktop, and install it.

Install the Enhanced Mitigation Experience Toolkit (EMET)

Follow these instructions to install the Enhanced Nitigation Experience Toolkit.

Disable Java in your Web Browser

Follow these instructions to disable JAVA in your web browser.

Preventative Programs

Anti Spyware

I recommend updating and scanning with MalwareBytes Anti-Malware once a week to rid your system of spyware.

Personal Firewalls

It is very important that you use a firewall on your computer in addition to an anti-virus program. For a tutorial on using and understanding firewalls, please go here. Please download and install one of the following free firewalls if you do not already have one installed.

Anti-Virus Software Advice

Your anti-virus software, Microsoft Security Essentials, is setup to download and install updates as they become available. I also advise that you run a full scan weekly, to further protect yourself.

Temp File Cleaner

Finally, it is a good idea to clear out all your temp files every now and then. This will help keep your computer from slowing down and it can also assist in getting rid of files that may contain malicious code that could re-infect your computer.

TFC is a great tool to clean temporary files.

Update Windows

It is important to keep your operating system updated. To enable Automatic Updates so that updates are downloaded and installed automatically, click here.

Update JAVA

It's very important that you keep your computer updated with the latest version of JAVA.

Go to this website, and click on Do I have Java?.
This will check your current version of Java and offer you an update if one is available.

Finally, to learn more about how to protect yourself while on the internet read How did I get infected in the first place?

I will keep this thread open for a few days, so if you have any further problems post another reply here.

#23
jester1525

Posted 23 September 2012 - 07:58 PM

Member

Topic Starter
Member
21 posts

Thanks so much! Certainly running better than before. Now to just make it to January and my new system!

#24
blmadara

Posted 24 September 2012 - 10:15 AM

Trusted Helper

Malware Removal
767 posts

You're welcome!! Good luck!!

#25
Dakeyras

Posted 24 September 2012 - 10:44 AM

Anti-Malware Mammoth

Expert
9,772 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.