I'd be grateful for help.
A week ago my otherwise happy-to-date Thinkpad Windows XP with all updated patches, up-to-date Norton Virus, and a firewall turned up pretty high (but not upgraded to SP 2) announced at startup that I had an Explorer.exe error, unable to locate component: uxtheme.dll was not found. Spybots and Adawares (and XP cleanmgr recently run showed nothing problematic).
I restored to a point a week before that. My computer worked normally again.
Suspecting a virus, trojan, or worm might have caused the crash, I tried to run a Panda on-line scan in addition to the Norton resident scan. It crashed out the first time, so I opened up my firewall somewhat to let the ActiveX scans run.
Something strange happened. I could see the scan hanging at the 244th file scanned. I could see my disk going on actively doing something. Was it scanning but not showing the scan? I didn't stop it, close down the internet connection, but within an hour or so I could see that my disk space available had gone from about 6.5 Gigs of a 40 Gig hard drive to under a gigabyte--700 mg even!
I took some music off Itunes and spent the work week getting unhappy disk-full complaints. Otherwise the computer ran fine.
Weekend came with time to spare, so last night I ran a disk search including hidden files and located all the files modified since 3 Oct. There were thousands of temp files in c:\windows\system32. I google-searched to see if anyone else had had similar problems and located one case on this forum and another on Geeks to Go that sounded vaguely similar.
I downloaded and ran the Cclean program which seems great. But it didn't get rid of any of these temp files. Neither does cleanmgr on Windows. Windows Antispy didn't find anything new. CW Shredder didn't either. New updated runs of Spybot and Ad-aware turned up nothing new. But obviously there were still all the temp files clogging my drive.
How to get rid of them? A program called System Cleaner made by Pointstone claims to do so but seems suspicious, and user reviews are awful.
I'm fearful of Killbox -- it seems rather draconian to use with *.tmp.
It sounded like I could delete the temp files, so I set out to do so manually. I've deleted about 1/3: nearly 10K of the temp files (2 gigs). I've done this in Safe mode. The files seem quite gone after a few boots. HOURS later, I'm fed up with manual deleting.
So here are my questions: is there a way to configure CCleaner to get these? (I haven't used the part that alters your Windows Registry because it didn't seem relevant to the tmp file problem--and I couldn't see any restore/backup point).
Is there some other way to get these or some reliable utility that will zap them, let me move them to a zip file until I'm sure they really are irrelevant?
Is there any way to know what put these there? (I've run all kinds of google searches looking for similar cases but I wind up swimming in accounts of viruses that I don't have and that aren't similar. There's no error message that I can use to delimit the search. "windows/system32" and "tmp files" or "thousands of temp files" doesn't do the trick!).
Has anyone ever heard of anything like this--an attack while one's firewall was somewhat lowered while trying to use an on-line scan?
Is there anything else I need to clean out besides the temp files?
Currently I have no UNHIDDEN temp files on my computer, but there are a couple of old .tmp files in windows/system32 that date from earlier moments, one a file called config.tmp that is from (!) 2001, 3 years before this computer, but maybe it migrated over from the person who configured this computer from the thinkpad that preceded it. There's also a file called oldifi.tmp that seems to date from last January (there was no crash in january, only one previous glitch which was when my sound drivers got unstable back in July).
All the temp files, by the way, are things like 24B6.tmp or FFE.tmp or 4402.tmp. They each have an identical 340 KB and all seem to have arrived on my disk in the same 10 minutes on Monday 3 October. They take up currently about 5 gigs of space in over 15,000 files under windows/system32. I've probably manually erased 5000-10,000 already, but that took hours.
I have a Hijack this log which I haven't posted because I wasn't sure it was relevant to this specific problem. If I should have done so, my apologies.
Hope that this is clear enough that someone can help.
I'd be very grateful. I'll be away-from-computer as of an hour from now for a few hours, and back around 18:00 EST.
Thanks much. Janninparis