Solved Computer Slow/Locking up - spam found in temporary folder !!

[STU9000]

I waited a few days before running adwcleaner and performing a clean and it seem temporary folders in IE are still filling up with this spam, also CCleaner found about 700MB of crap in chrome's temporary folders even though I apparently cleaned it out only the other day. Will see if any more turn up. I might have to do a full restore at this point.

# AdwCleaner v3.212 - Report created 18/06/2014 at 13:10:07
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-VAIO
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xltmmy9p.default-1384281180295\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatealbrechto_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatealbrechto_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-GB)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xltmmy9p.default-1384281180295\prefs.js ]

Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxps://mail.google.com/mail/ca/u/0/?shva=1#inbox

*************************

AdwCleaner[R0].txt - [2737 octets] - [13/06/2014 17:37:37]
AdwCleaner[R1].txt - [2465 octets] - [14/06/2014 01:47:03]
AdwCleaner[R2].txt - [2525 octets] - [14/06/2014 13:09:40]
AdwCleaner[R3].txt - [2603 octets] - [18/06/2014 13:08:56]
AdwCleaner[S0].txt - [2560 octets] - [18/06/2014 13:10:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2620 octets] ##########

 

[Jacee]

Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forum and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

 

[STU9000]

I will do that, soon.

Something I have neglected to mention so far is that I've begun to notice that there is always a program running when I shut down and it always prompts me, then usually it either shut it down or I click force shut down. It never tells me what it is though.

Looks like I have been infected with something for a few months at least now, so need to get onto it and find out what it is and if I can't get to the bottom I guess it'll have to be restore disks time. All my data is thoroughly backed up or at least 99% of what matters.

Thanks for the help.

 

[STU9000]

I ran this program and it deleted 110MB. This is what it said.

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kiosk
->Temp folder emptied: 1371303 bytes
->Temporary Internet Files folder emptied: 3252817 bytes
->Flash cache emptied: 56958 bytes

User: Owner
->Temp folder emptied: 1523454 bytes
->Temporary Internet Files folder emptied: 133 bytes
->Java cache emptied: 21464439 bytes
->FireFox cache emptied: 18066401 bytes
->Google Chrome cache emptied: 26220942 bytes
->Flash cache emptied: 57478 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6474 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 747 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42412177 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 110.00 mb

___________________________

Everything seems to work really fast as soon as it finished running and so then I restarted even though it didn't ask me to. When it restarted things seemed slower again so I ran it again and it removed another 11MB and produced this. Now running faster again.

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kiosk
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 21185 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 11470857 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 11.00 mb

 

[STU9000]

Going a bit faster, but locking up still sometimes. I ran CCleaner again and only 1kb in IE temp folder, but >100MB in chrome again??? That can't be right, and there shouldn't be anything in IE folders not even 1kb! Really considering doing a full restore right now. It's what it's there for...

 

[STU9000]

I'm becoming strongly in favour of a full system restore here. It's not so bad but some things go really slow and the fan makes a lot of noise when streaming videos, maybe it just needs cleaned or maybe NVidia's new update is bloatware. It's all a conspiracy to get me to buy the latest model.

 

[STU9000]

I've run every cleaner there is, even updated CCleaner which I should have done months ago and still there is spam filling up my temp folders in IE, even though I uninstalled the latest version. can't see where to uninstall it completely..

So I guess the only thing I can do at this point now is restore?

 

[STU9000]

Things in general seem to be running a bit less laggy, clickety click and there it is, not wait while my supposedly fast as fast 7th gen 8 core chip churns 25MB of data. I am not tolerating this anymore. Still considering a complete restartfrom the begin.

 

[STU9000]

It's running slick now like before, like it should. none of this click on something and it takes 5 seconds, 10 seconds, to respond. Am I better going with this or doing a full restore and reinstalling everything?

 

[Jacee]

Let's take a look at your computer with DDS....


Download DDS from one of these links:
DDS.com
DDS.pif

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next post.

 

[STU9000]

It says to zip them and attach them, but I'm not sure how to do that. They are small files anyway, have attached them. I can post the content in the post if you like but it says not to. Anyway, I'm not sure if I have script blocking protection on or not but I ran it and here is the result as requested.

I also backed up a load of files, deleted a load of stuff and ran a boot time defrag with puran last night when I went out, and it seems to be running better so far but will obviously keep an eyes on it.

 

[Jacee]

Please download VEW by Vino Rosso http://images.malwareremoval.com/vino/VEW.exe
and save it to your desktop


Double click it to start it Note: If running Windows Vista or Windows 7 you will need to right click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt.


Click the check boxes next to Application and System located under Select log to query on the upper left
Under Select type to list on the right click the boxes next to Error and Warning Note: If running Windows Vista or Windows 7 also click the box next to Critical (not XP).
Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run


Once it finishes it will display a log file in notepad
Please copy and paste its entire contents into your next reply

 

[STU9000]

OK I ran the program as administrator, but no prompt to click continue or allow, it's just opened. Ran it exactly like you said (with Chrome still running not sure if am better to run it without) and this is what it produced, quite a lot of errors and warnings in here, hopefully it will shed light on the problem...

Also, there was too much text so I have uploaded it as a txt file.

 

[Jacee]

Copy and paste these lines in Note pad.


@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop. Right click on the flush.bat file and choose to run as Administrator. Your computer will reboot itself.


Tell me how your computer is running now.

 

[STU9000]

To be honest it is running better but I am still concerned about thes temporary files appearing in IE which I never use. Hang on..

 

[STU9000]

OK I did that, it rebooted and I ran CCleanr again before doing anything. Like I say it has been running a bit better, although it did lock up a few times when I was putting together some HDR panoramic photography in photoshop.

I'll let you know how it goes, probably run another defrag and keep my eye on any more spam filling up temporary folders.

Does it sound like I might have/have had some malware/spyware or something? I'm going to change all my passwords soon.

 

[Jacee]

Perform a 'clean' boot and tell me how your computer is running after doing so.
How to perform a clean boot in Windows

 

[STU9000]

I did that. Not much difference in the performance that I can tell...

 

[STU9000]

Is it normal to have files turning up in internet explorer if you never use it? Still running fine, but maybe the root of the problem if still waiting to rear it's ugly spammy head again.

 

[STU9000]

It's still running better, had some warning on 4od plugin about drm or something, I followed the instructions and it fixed itself. Still 0>kb in temp folders of progs I never use though so will keep an eye on that and get back.