Solved

cannot remove tmp file jet****.tmp

Posted on 2004-08-31
4
2,187 Views
Last Modified: 2012-06-27
Hi,
I've been doing computer maintainence and have come across a temp file in
c:documents and settings\owner\local settings\temp\ that i cannot remove. Norton (current virus definitions up to date) did not find it. I receive an error that says "...is being used by a another person or program...". The worring thing about this file is it keeps changing its name. The first 3 letters are always JET but then the last 4 charactors change and the extension is always tmp. JET17Af9.tmp, JET861E.tmp etc. If a window is open on the file folder for an extended period the file disappears only to come back again with a different name. I have started the computer with just system files, ini files, but it will not let me delete it. I have tried in dos. A search of the internet doesn't bring up anything. Can anyone tell me what this is? I run a single PC with Windows XP, Zone Alarm and Adaware.
Thanks very much
Liz
0
Comment
Question by:lgrace00
  • 2
4 Comments
 
LVL 4

Expert Comment

by:gemchest
ID: 11942667
hi Liz,

does this tmp file affects your running of the computer? like slow down or hang? cos this file doesnt seem a virus...
since you're have adaware, then it shouldn't be an adware either. *.tmp is a temp file... actually (hopefully) not disturbing  you greatly?

I'm sorry that there're so many tmp files around and this doesnt ring a bell... :)

cheers,
Luis
0
 
LVL 6

Accepted Solution

by:
akboss earned 500 total points
ID: 11944064
Hello lgrace00,

Download and run  HijackThis and post the log here. Sounds to me that you might have picked up some spyware.
http://www.tomcoyote.org/hjt/

0
 

Author Comment

by:lgrace00
ID: 11949602
Thx
Here tis
Logfile of HijackThis v1.98.2
Scan saved at 4:39:18 PM, on 1/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\phpdev\Apache\Apache.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\phpdev\Apache\Apache.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\More Programs\RFA\rfagent.exe
C:\hp\drivers\keyboard\PS2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RFAgent] C:\More Programs\RFA\rfagent.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] c:\hp\drivers\keyboard\PS2.EXE
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.iprimus.com.au
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/141b03fd236b5632d223/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15EC238D-AEDB-4716-8A1F-99FB951A1AC3}: NameServer = 203.134.24.70 203.134.26.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{15EC238D-AEDB-4716-8A1F-99FB951A1AC3}: NameServer = 203.134.24.70 203.134.26.70
0
 
LVL 6

Expert Comment

by:akboss
ID: 11965532
Here is what needs to be looked at.
C:\More Programs\RFA\rfagent.exe
Do you know what this program is? If you do then leave it alone.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au    (NOTE! if this is your ISP then do not delete.)
O4 - HKLM\..\Run: [RFAgent] C:\More Programs\RFA\rfagent.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/141b03fd236b5632d223/netzip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15EC238D-AEDB-4716-8A1F-99FB951A1AC3}: NameServer = 203.134.24.70 203.134.26.70    (NOTE! if this is your ISP then do not delete.)

O17 - HKLM\System\CS1\Services\Tcpip\..\{15EC238D-AEDB-4716-8A1F-99FB951A1AC3}: NameServer = 203.134.24.70 203.134.26.70     (NOTE! if this is your ISP then do not delete.)


Also Ad-aware SE is a great program but not an ends to itself. I personally use and use on client machines Ad-aware SE, Spybot S&D 1.3 , CWShredder. Between the 3 of these I can keep spyware out of the machine with ease.



0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Is this evidence of a rootkit?  (Pic) 10 100
Set fee firewall penn test? 2 49
Reading a syslog for a botnet 12 65
Vulnerability scanning tools! 5 111
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now