• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
mattyl

Temp files won't delete

9 posts in this topic

I've been having a problem with two files (~DF6D1.tmp and ~DFF54D.tmp) that I can't delete from the temp folder (%temp%). I get the error message "Cannot Delete 'file': It is being used by another person or program." when I attempt to delete them. However, in safe mode I do not get this message and am successful in deleting the files. Upon reboot though they reappear in the %temp% folder. This happens everytime after I delete them in safe mode and reboot.

 

I have CCleaner which I've run and it is able to delete everything but these two files as well. Both files are 16KB. I submitted them to kaspersky virus scan and it came up clean. Although they are most likely not harmful, I'm just confused as to why they come back and what program could be using them? (I'm the only person on the computer). Though it may seem a bit extreme and paranoid, it really bothers me that these files keep coming back for no apparent reason. Any ideas or suggestion would be appreciated. Thanks a lot...

 

Matt

Share this post


Link to post
Share on other sites

Can it be that they are just valid .tmp files? If you are really concerned about these files, download HijackThis.

http://209.133.47.12/~merijn/files/HijackThis.exe

http://www.mjc1.com/mirror/hjt/

http://downloads.net-integration.net/HijackThis.exe

http://www.computercops.biz/downloads-file-328.html

 

Unzip to a folder other than your Desktop or the Temp folder. Then, doubleclick HijackThis.exe, and click "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that and copy and paste its contents in this thread. When you post, I will ask a mod/admin to move this thread to Malware Removal.

 

Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results.

Share this post


Link to post
Share on other sites

Thanks for the response. I'm not sure if they are valid temp files? I believe valid temp files are deletable though because every other file put in the temp file I've been able to delete. I'll post a hijackthis log below. Thanks for your help.

 

Logfile of HijackThis v1.98.2

Scan saved at 1:43:01 PM, on 10/6/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Network Associates\VirusScan\avsynmgr.exe

C:\WINDOWS\System32\ibmsmbus.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\PREVX\Prevx Home\PXAgent.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\WINDOWS\System32\RegSrvc.exe

C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe

C:\WINDOWS\System32\sdpasvc.exe

C:\Program Files\Network Associates\VirusScan\VsStat.exe

C:\Program Files\Network Associates\VirusScan\Vshwin32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Network Associates\VirusScan\Avconsol.exe

C:\Program Files\Network Associates\VirusScan\Webscanx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PREVX\Prevx Home\SAGUI.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\System32\wisptis.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\T40 USER\Desktop\New Folder (3)\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [storageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"

O4 - HKLM\..\RunOnce: [indexWipe] C:\Program Files\iISystem Wiper\IndexWipe.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Shortcut to tfswctrl.lnk = C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Prevx Home.lnk = C:\Program Files\PREVX\Prevx Home\SAGUI.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com/pc/support/IbmEgath.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0BE52E60-8109-4CA0-8363-6E5B20F28D5A}: Domain = union.edu

O17 - HKLM\System\CCS\Services\Tcpip\..\{0BE52E60-8109-4CA0-8363-6E5B20F28D5A}: NameServer = 149.106.160.3,149.106.160.14

O17 - HKLM\System\CS1\Services\Tcpip\..\{0BE52E60-8109-4CA0-8363-6E5B20F28D5A}: NameServer = 149.106.160.3,149.106.160.14

 

Matt

 

***I've placed the restrictions on IE.

Edited by mattyl

Share this post


Link to post
Share on other sites

Hi mattyl,

 

I believe valid temp files are deletable though because every other file put in the temp file I've been able to delete.
They would be, unless they're in use. When you open a program like Microsoft Word you'll automatically have a few temp files. These should be gone when Word closes though.

 

As far as I can see your log is clean. I think that the temp files are harmless...

When you've restarted your computer, can you delete the contents of the directory?

 

If not, can you post a HijackThis log from when you've safe booted. Maybe we can find a difference in what is actually started...

Share this post


Link to post
Share on other sites

Hey Bobbi,

 

It does make sense that if a program is in use I can't delete the files. However, I have tried to delete the files when the computer is first booted and have had no luck so I'm guessing it’s not a program that I start myself after boot up. It must be one of the programs that are set to automatically start up... good thinking! I'll go into safe mode and make a scan and then post the results. Hopefully we can find a difference and figure out which program is using these temp files. Thanks a lot for the help! I'll post back shortly with the safe mode scan.

 

mattyl

Share this post


Link to post
Share on other sites

Those temp files may have been generated by Spyware Guard. It generates temp files (and doesn't clean up after itself). Try temporarily shutting down Spyware Guard and see if those undeletable temp files will delete.

 

-- LB

Share this post


Link to post
Share on other sites

LB,

 

Absolutely correct! Wow... thanks a lot. That’s been bugging me for a while now. Do you think I should still have Spyware Guard if I'm now running prevx?

 

Bobbi, never got to make the safe mode scan because vashondude posted right after my post. Thanks for the help though. I'm glad I've finally found out where those temp files belonged.

 

Thanks again,

 

mattyl

Share this post


Link to post
Share on other sites
LB,

 

Absolutely correct! Wow... thanks a lot. That's been bugging me for a while now. Do you think I should still have Spyware Guard if I'm now running prevx?

 

Bobbi, never got to make the safe mode scan because vashondude posted right after my post. Thanks for the help though. I'm glad I've finally found out where those temp files belonged.

 

Thanks again,

 

mattyl

128184[/snapback]

You're welcome. I don't use Spyware Guard so I wouldn't have thought of it anyway... The safe mode scan would have shown that Spyware Guard wasn't running, so eventually we would have drawn the same conclusion.

 

As for running prevx and Spyware Guard, I don't think it would hurt. If there are no objections, let them run together... I run a lot of protection software together too. :D

 

Thanks, LB!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0