Massive Content.ie5 folder

Hey there, I badly need some assistance with this. I’m cleaning up this win7 computer and this is what happened.

I ran Mbam, Spybot S&D etc. I went to run a Avast boot scan and left it overnight. I come back the next morning to it still running and at the same percentage (63%) I left it at. First thought was maybe the hard drive has some issues, I wrote that off after some tests. So I’m doing some searching and I see that it hung up in a certain folder. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5. I go to look in it and it hangs while trying to open. I look to see how big it is and it got to atleast 40 gigs when my jaw dropped. So I’ve googled and tried to find ways to delete this massive folder to no avail. Which I now know is at least over 90GB. I’ve used cmd prompt and I just can’t tell if it’s making a dent, besides a few gigs here and there being freed on the hard drive. I finally caught a glimpse of what was inside. A ton of .js files with the title anx_async_usersync_000000. With different sets of numbers. With the size being under 5KB I believe.

I’ve tried ccleaner and it didn’t do anything. And any scans I try to do get stuck scanning that folder. I put an exemption on avast full scan for the folder but than it just gets hung up on lsm.exe.

Any advice?

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Here’s the logs.

Good job, now you’ve to wait a bit…

Be advised that this programme may appear to become non responsive as the temp files will take a while to clear, let it continue to run

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM-x32\...\Run: [] => [X] HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-581310276-1093699521-47977366-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION! Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - No File CHR DefaultSearchKeyword: Default -> EE451872366B6C378371439B58A39D07DD92CF55AC74C27CD076B224C036F424 CHR DefaultSearchURL: Default -> 631EF262D8E85493AF4DEB56D5BE5B2E299623AE8509254CF9630C17428548C1 2014-08-13 11:11 - 2014-08-13 11:11 - 00000000 ____D () C:\ProgramData\3ae851 2014-08-07 12:04 - 2014-08-26 10:24 - 00000030 _____ () C:\Users\Lisa\AppData\Roaming\1978259122 2014-08-07 11:56 - 2014-08-26 11:15 - 00000004 _____ () C:\Users\Lisa\AppData\Roaming\3215442677 2014-08-07 11:56 - 2014-08-26 11:12 - 00000004 _____ () C:\Users\Lisa\AppData\Roaming\1164009213 2014-08-07 11:56 - 2014-08-07 11:56 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\3ae851 2014-08-07 11:54 - 2014-08-26 10:32 - 00000004 _____ () C:\Users\Lisa\AppData\Roaming\2132222612 2014-08-07 11:54 - 2014-08-07 11:55 - 49308698 _____ () C:\Users\Lisa\AppData\Roaming\1833397407 2014-08-26 10:32 - 2014-08-07 11:54 - 00000004 _____ () C:\Users\Lisa\AppData\Roaming\2132222612 2014-08-26 10:24 - 2014-08-07 12:04 - 00000030 _____ () C:\Users\Lisa\AppData\Roaming\1978259122 2014-08-25 20:42 - 2014-04-16 16:58 - 00000069 _____ () C:\Windows\system32\gqnnd.qkh 2014-08-07 11:56 - 2014-08-07 11:56 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\3ae851 2014-08-07 11:55 - 2014-08-07 11:54 - 49308698 _____ () C:\Users\Lisa\AppData\Roaming\1833397407 Task: {13CFE63A-A43D-4B44-92A3-C57F0F343260} - \ArcadeParlor No Task File <==== ATTENTION EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

Alright here’s the FRST log. I was able to delete the content.ie5 folder with cmd prompt before this.

How is the computer now … Any problems ?

It’s good. Avast bootscan came back clean. Seems everything is good.

Thanks!

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave: