Attached is the new OTL file. (I take it it overwrites the previous one?) I don’t see the gigantic file anymore, but my hard drive is still in the red. There are now all sorts of ghosty files on my desktop and in my folders. I assume those will disappear with the next ccleaner cycle or avast! run?
What is the next step from here?
PS - I do thank you for all your help, essexboy, and am glad that I came here instead of trying to wrangle (and likely bungle) this on my own.
And new screencaps of my C folder and hard disc.
It is past midnight here so i guess Essexboy is gone for the night…
check back tomorrow, Essexboy usually logs in late UK time
Pardon! The internet tends to shrink the world and it’s easy to lose sight that we may be continents apart!
Thanks, Pondus.
Will check in tomorrow.
Trouble sleeping. Decided to go online to check weather and e-mail. Could not immediately get online and had to restart my modem twice. This happened several times yesterday and I really didn’t think much of it. Have had finicky days in the past. But just to be on the safe side, I downloaded and ran the FSS and SystemLook programs from the helpful log page linked by Pondus.
Here are the respective logs:
Farbar Service Scanner Version: 01-03-2012 Ran by Mamba (administrator) on 05-03-2012 at 03:56:17 Running from "C:\Users\Mamba\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal ****************************************************************Internet Services:
Connection Status:
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.Windows Firewall:
Firewall Disabled Policy:
File Check:
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit**** End of log ****
and
SystemLook 30.07.11 by jpshortstuff Log created at 03:42 on 05/03/2012 by Mamba Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.========== regfind ==========
Searching for “data.js”
No data found.-= EOF =-
FSS report looks okay. Tried to find the program called SystemLook_x64, but all the links referred to virus/spyware issues. Will await further instructions. In the meantime, is it okay to continue to use my laptop normally? Safe to update my system, run maintenance programs, download and/or delete and/or move files? I’m tempted to do housecleaning - I routinely organize and arrange/rearrange folders and files for easy access, and copy many other files to disc and then delete them from my hard drive, keeping the slate as clear as possible. I have always kept at least 60-75% of my C drive free and, until now, have never had to use my D drive at all. I guess the good news is that if I end up having to restore my system, I won’t lose anything important. It’s already backed up onto CDs/DVDs. Okay to continue to do so?
The ghost files are system files that OTL revealed as it did its work - we will restore them to a hidden state later
Do you know what files are taking up the most space on your drive ?
Or would you like to analyse them
Download and run Windirstat http://windirstat.info/
Once the little pac men have done their thing it will show you which type of files are filling your drive
And should enable you to determine which ones to back up
Attached are screencaps from the WinDirStat run. As you can see, the real space hog is that unknown file in the Moved Files subdirectory of the _OTL folder. It is truly huge. If I didn’t have that second partitioned drive, I’d have no hard drive to speak of. Guess that must be the goal of this beastie. Gluttonous file, that. Fortunately, I really do try to keep a clean computer, so all my files are already backed up. Just wish I knew where this thing came from and how to avoid it in the future…
What’s next?
OK lets move the OTL quarantine folder to your d drive… Or if you have experienced no anomolies since its removal we could delete it now
Your choice
To totally delete it run OTL and hit the cleanup button
If you don’t think I’m being too hasty, I’ll opt to delete. Haven’t had any further issues. Need to reboot after the OTL cleanup? Should I do any post-delete checks and post the logs here, or are we pretty much done?
If you have no further problems then we will leave it there for now
A usefull tool to have is TFC as a temp file cleaner. As opposed to any other cleaner this just empties the temporary files/caches and nothing else
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Nice! All back to normal.
Thank you so very much, essexboy, for guiding me through this to a successful removal. And thanks to the rest of you for your help as well. Hope this virus, or whatever it is, doesn’t become widespread.
You are all virus-fighting superstars!
euthenia, you have the best companion to get clean: essexboy. Welcome!
My pleasure ;D