Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Difficulty running laptop

Started by dowsp , Mar 12 2011 06:41 PM

Page 5 of 17
3
4
5
6
7

Please log in to reply

#61
dowsp

Posted 03 April 2011 - 09:17 PM

Member

Topic Starter
Member
543 posts

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
C:\WINDOWS\SWXCACLS.exe moved successfully.
C:\WINDOWS\SWREG.exe moved successfully.
C:\WINDOWS\SWSC.exe moved successfully.
C:\WINDOWS\NIRCMD.exe moved successfully.
C:\ComboFix folder moved successfully.
C:\Documents and Settings\P\Desktop\ComboFix folder moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32 folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\ folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot.
C:\Qoobox folder moved successfully.
C:\Documents and Settings\P\My Documents\comb fix folder moved successfully.
C:\Documents and Settings\P\Desktop\CB fix folder moved successfully.
C:\32788R22FWJFW\N_ folder moved successfully.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
C:\Documents and Settings\P\Desktop\cfix folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 35954 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 348 bytes

User: P
->Temp folder emptied: 521425 bytes
->Temporary Internet Files folder emptied: 35843702 bytes
->Java cache emptied: 98879058 bytes
->FireFox cache emptied: 49695666 bytes
->Flash cache emptied: 1970425 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 199828 bytes
%systemroot%\System32 .tmp files removed: 2832913 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 159849 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 182.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: P
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 04052011_032427

Files\Folders moved on Reboot...
File\Folder C:\Qoobox\BackEnv not found!
C:\Documents and Settings\P\Local Settings\Temporary Internet Files\Content.IE5\H440TMXQ\CAKH8TCR.php moved successfully.
C:\Documents and Settings\P\Local Settings\Temporary Internet Files\Content.IE5\7VCUJ1RR\xd_proxy[1].php moved successfully.

Registry entries deleted on Reboot...

#62
dowsp

Posted 03 April 2011 - 09:20 PM

Member

Topic Starter
Member
543 posts

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
ESET Online Scanner
OneCare Advisor (Windows Live Toolbar)
PC Tools Firewall Plus 5.0
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player 9.0.151.0
Adobe Reader 7.0.9
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.16)
Mozilla Thunderbird (1.5.) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
PC Tools Firewall Plus FWService.exe
PC Tools Firewall Plus FirewallGUI.exe
``````````End of Log````````````

#63
Salagubang

Posted 03 April 2011 - 09:31 PM

Trusted Helper

Malware Removal
3,891 posts

Hi dowsp,

Go go control panel > add/remove programs then look for these applications and uninstall them. They may add additional protection but eats portion of your machine's minimal resources (RAM).

Windows Defender MSMpEng.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe

++++++++++++++++++++++++++++

Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 20 .
Click the JDK 6 Update 23 (JDK or JRE) "Download JRE" button to the right.
Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation ( jre-6u23-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u23-windows-i586.exe and select "Run as an Administrator.")

[/LIST]

#64
dowsp

Posted 03 April 2011 - 09:50 PM

Member

Topic Starter
Member
543 posts

Hi Salagubang,

Ok... many thanks for helping me this far..

My Machine is certainly running much better and at least so far I am not getting
webpages freezing up or the Hour glass taking a long time to open pages etc.

I still have at least one combofix.exe file on my desk top under a folder
just called combo...

I suspect that I may be able to create or use a simmilar program as you wrote before
for OTL and delete it..

I did try doing it under start - run... combo /uninstall but it still would not
delete / uninstall.

I have to go to bed shortly, so I will complete the next stage later..

Speak later...

dowsp

#65
Salagubang

Posted 03 April 2011 - 09:57 PM

Trusted Helper

Malware Removal
3,891 posts

I suspect that I may be able to create or use a simmilar program as you wrote before
for OTL and delete it..

Just point the mouse, right click then choose delete - that should take care of it.

#66
dowsp

Posted 03 April 2011 - 10:15 PM

Member

Topic Starter
Member
543 posts

Hi Sal..

I just tried it and it seems to have deleted ok.. I just wasnt sure if it may
leave a program still on my system.

The reason that we missed it was because that was created last year ..a long time ago,
and well over 30 days history..

All being well they have all been deleted .

I will try and see if I can upload another new version later.

Gotto get some zzzzs in..

#67
Salagubang

Posted 03 April 2011 - 10:18 PM

Trusted Helper

Malware Removal
3,891 posts

K get some rest.

#68
dowsp

Posted 03 April 2011 - 10:26 PM

Member

Topic Starter
Member
543 posts

just found I had not deleted combo from my waste basket..but have now done so.

I just tried to reupload a copy and I still get a message saying cannot copy , access denied.
make sure disc is not full or write protected and that file is not currently in use.

So I may or it seems that I have something on my system that is still preventing me downloading a new copy.

Will try again later in 12 hrs or so.

#69
dowsp

Posted 03 April 2011 - 10:26 PM

Member

Topic Starter
Member
543 posts

#70
dowsp

Posted 04 April 2011 - 05:37 PM

Member

Topic Starter
Member
543 posts

Hi Salagubang,

When I look in control panel / add / remove programms..

I can only see ONE program under ThreatFire... Not Two as you suggest.
and it doesnt say if its TF tray or TF service exe !

Also I can only see a program titled Windows defender.....
but it doesnt say...MSMpEng.exe.. I assume it is still the progam to delete.

My Computer is still doing some of the problems that I had before,
such as If I try and close a webpage, I find that the page often wont close
easily... and I often get the Close box above ( ie where the above top right hand side of the webpage page shows a close red box, and mimimise box /expand restore box..
often the middle box gets greyed out...and I get a box appear that I have to click on
to close a page....I can also still tell that the curser is flickering.

thank you

Dowsp
======================

Hi dowsp,

Go go control panel > add/remove programs then look for these applications and uninstall them. They may add additional protection but eats portion of your machine's minimal resources (RAM).

Windows Defender MSMpEng.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe

#71
dowsp

Posted 04 April 2011 - 05:41 PM

Member

Topic Starter
Member
543 posts

Also , I thought that I had updated Java only recently.

Unless there is yet another update since then !

I assume if I say had updated jave using Firefox, that It also was updated
for IE6 as well.. or Vice versa..

#72
Salagubang

Posted 04 April 2011 - 05:46 PM

Trusted Helper

Malware Removal
3,891 posts

You may uninstall these two from the add/remove program under the control panel.

Windows Defender
ThreatFire

I assume if I say had updated jave using Firefox, that It also was updated
for IE6 as well.. or Vice versa..

For Java, you need to uninstall the old versions also using the add/remove programs in your control panel. Then download and reinstall an updated version using the link provided in my last post.

#73
dowsp

Posted 04 April 2011 - 05:57 PM

Member

Topic Starter
Member
543 posts

I was going to delete windows defender and just started to do so,

BUT As I go through tha process, I am getting a message saying that if I do delete
it, that I risk several other programs NOT working properly..some are programmes
that I value highly..

so I am not sure if It is worth the risk.

#74
Salagubang

Posted 04 April 2011 - 06:10 PM

Trusted Helper

Malware Removal
3,891 posts

Hi,

BUT As I go through tha process, I am getting a message saying that if I do delete
it, that I risk several other programs NOT working properly..some are programmes
that I value highly..

so I am not sure if It is worth the risk.

Alright, you may keep Defender. What about my other suggestions?

#75
dowsp

Posted 04 April 2011 - 06:21 PM

Member

Topic Starter
Member
543 posts

Hi Salagubang,

I will try / do the other things that you suggest. Delete and replace Java etc

I just wondered if you also had any thoughts on what I described below.

It doesnt happen every time I want to close a webpage, but It is still
happening quite often..

===============

My Computer is still doing some of the problems that I had before,
such as If I try and close a webpage, I find that the page often wont close
easily... and I often get the Close box above ( ie where the above top right hand side of the webpage page shows a close red box, and mimimise box /expand restore box..
often the middle box gets greyed out...and I get a box appear that I have to click on
to close a page....I can also still tell that the curser is flickering.