janninparis

Thanks for looking at my log. That's good news that it's clean. I did a windows update to service pack 2 and the SP2 patches on Sunday, in fact. Seems to have gone smoothly, but damn it takes a lot of space! About getting rid of running processes that probably slow my machine as you point out, I'm sort of at a loss as to what I HAVE to be running. Some of what you saw were new programs I've added this weekend because of being panicked over trojans and worms having implanted all those files (apparently not: is it imaginable that some kind of MS updating function is what did it--mine is set to ask if I'd like to update and not to download anything unless I say, but who knows what might have happened when I was dithering with a restore point to replace the corrupt uxtheme.dll file). Now frankly I don't know what I can get rid of and what not. I do know how to look at my start-up configuration and how to google the elements to decide which are "important or not" but is there some "pro forma" well-protected way to go? Also can I let CCleaner do the "advanced" user functions without worry--and what will it be cleaning if I do? (is it the same thing as the "clean registry" function in Easy Cleaner--which I haven't used either but saw reviews that gave it high marks along with the "clean unnec files" function that I did use so successfully). Any thoughts would be gratefully appreciated. All the best and thanks again for looking over my HJ log. Jann

Thanks for the info. My computer continues to function "normally" .... all new scans are fine. Thanks for your help this weekend! All the best, Jann

Thanks for the dos command semiotics. I suspected they were relatively simple parameters that I should have been able to find in a Dos-for-Dummies handbook if I still had one around. I have to admit that every time there's something like this that goes wicky-wacky on my computer, I miss Dos just a little bit more. Looking at all those files that "Easy Cleaner" fished out yesterday (things I'd politely named .bk for the final "book" version or "dmp" for what I cut when I transformed something from long article into shorter article), I was reminded that the non-technically inclined like me used to have such nice pleasant control over what we did with our computers--or maybe that's just misplaced luddite nostalgia. Question: If one is going to use Dos batch commands on an XP, does one do so from Safe Boot with Command Prompt or just from Regular Safe Mode-- or even w/o safe mode--going into the "Command Prompt" "program" under Start then Accessories? On the source: I really don't think it's a windows-generated thing. The fact that 20,000+ files appeared within 20 minutes the day of a computer crash sounds toi me like there is either a relation to what caused the crash OR that the slightly large opening I made to run the Panda Virus scan after it crashed during the first attempt let something strange in. The thing I've been worried about, actually, is that all these temp files were actually things on my hard drive that were being transformed into equal-sized temp files, kind of like what might happen when a file allocation table (?) is lost and the computer can no longer find all that data but it's still there, like a bunch of bones in a cemetery swept away by a flood. (the image, culled from an earlier unpleasant crash, does seem a little too close to the home of reality this fall) I'll keep you posted if there are new developments on this. I'm especially grateful for the quick reply and for the invitation to be courageous about hitting delete on all those files. Amazing how much faster my computer runs this morning after its available space went back up to nearly 7 gigs. Plus I've learned about all kinds of helpful utilities (eg both CCleaner and EasyClean, not to mention Hijack this)! All best, Jann

Posting Hijackthislog with thanks in advance for asking and being willing to look at this. This is the log post-deletion (eg this early afternoon GMT + 1). I deleted last night, then ran Trend Micro online. Nothing found there either... Thanks for seeing if there's anything else on my machine. All best, Jann

Do you have any thoughts on what caused this or what I might do to avoid a replay? Is there anything I should look for in the way of residue of other malware that might allow this to happen again or else bring back the unpleasant temp bomb? The IBM techie I called today said he'd never heard of anything like this and he runs Panda scans all the time. He seemed to think that one should DOWNLOAD panda or else try using House call from Trend Micro downloaded instead as a supplement to Norton. But doesn't Norton conflict with anything one downloads? I ran a Trojan Hunter scan by the way, after I wrote this earlier email, and still haven't turned ANYTHING up as malware on my computer. Any other thoughts on how this happened would be gratefully appreciated. For those working on CCleaner updates -- thanks for a great program even if it didn't do the final step of cleaning out the unnecessary temp bomb. Thanks much, Janninparis

I'd be grateful for help. A week ago my otherwise happy-to-date Thinkpad Windows XP with all updated patches, up-to-date Norton Virus, and a firewall turned up pretty high (but not upgraded to SP 2) announced at startup that I had an Explorer.exe error, unable to locate component: uxtheme.dll was not found. Spybots and Adawares (and XP cleanmgr recently run showed nothing problematic). I restored to a point a week before that. My computer worked normally again. Suspecting a virus, trojan, or worm might have caused the crash, I tried to run a Panda on-line scan in addition to the Norton resident scan. It crashed out the first time, so I opened up my firewall somewhat to let the ActiveX scans run. Something strange happened. I could see the scan hanging at the 244th file scanned. I could see my disk going on actively doing something. Was it scanning but not showing the scan? I didn't stop it, close down the internet connection, but within an hour or so I could see that my disk space available had gone from about 6.5 Gigs of a 40 Gig hard drive to under a gigabyte--700 mg even! I took some music off Itunes and spent the work week getting unhappy disk-full complaints. Otherwise the computer ran fine. Weekend came with time to spare, so last night I ran a disk search including hidden files and located all the files modified since 3 Oct. There were thousands of temp files in c:\windows\system32. I google-searched to see if anyone else had had similar problems and located one case on this forum and another on Geeks to Go that sounded vaguely similar. I downloaded and ran the Cclean program which seems great. But it didn't get rid of any of these temp files. Neither does cleanmgr on Windows. Windows Antispy didn't find anything new. CW Shredder didn't either. New updated runs of Spybot and Ad-aware turned up nothing new. But obviously there were still all the temp files clogging my drive. How to get rid of them? A program called System Cleaner made by Pointstone claims to do so but seems suspicious, and user reviews are awful. I'm fearful of Killbox -- it seems rather draconian to use with *.tmp. It sounded like I could delete the temp files, so I set out to do so manually. I've deleted about 1/3: nearly 10K of the temp files (2 gigs). I've done this in Safe mode. The files seem quite gone after a few boots. HOURS later, I'm fed up with manual deleting. So here are my questions: is there a way to configure CCleaner to get these? (I haven't used the part that alters your Windows Registry because it didn't seem relevant to the tmp file problem--and I couldn't see any restore/backup point). Is there some other way to get these or some reliable utility that will zap them, let me move them to a zip file until I'm sure they really are irrelevant? Is there any way to know what put these there? (I've run all kinds of google searches looking for similar cases but I wind up swimming in accounts of viruses that I don't have and that aren't similar. There's no error message that I can use to delimit the search. "windows/system32" and "tmp files" or "thousands of temp files" doesn't do the trick!). Has anyone ever heard of anything like this--an attack while one's firewall was somewhat lowered while trying to use an on-line scan? Is there anything else I need to clean out besides the temp files? Currently I have no UNHIDDEN temp files on my computer, but there are a couple of old .tmp files in windows/system32 that date from earlier moments, one a file called config.tmp that is from (!) 2001, 3 years before this computer, but maybe it migrated over from the person who configured this computer from the thinkpad that preceded it. There's also a file called oldifi.tmp that seems to date from last January (there was no crash in january, only one previous glitch which was when my sound drivers got unstable back in July). All the temp files, by the way, are things like 24B6.tmp or FFE.tmp or 4402.tmp. They each have an identical 340 KB and all seem to have arrived on my disk in the same 10 minutes on Monday 3 October. They take up currently about 5 gigs of space in over 15,000 files under windows/system32. I've probably manually erased 5000-10,000 already, but that took hours. I have a Hijack this log which I haven't posted because I wasn't sure it was relevant to this specific problem. If I should have done so, my apologies. Hope that this is clear enough that someone can help. I'd be very grateful. I'll be away-from-computer as of an hour from now for a few hours, and back around 18:00 EST. Thanks much. Janninparis