lgrace00
asked on
cannot remove tmp file jet****.tmp
Hi,
I've been doing computer maintainence and have come across a temp file in
c:documents and settings\owner\local settings\temp\ that i cannot remove. Norton (current virus definitions up to date) did not find it. I receive an error that says "...is being used by a another person or program...". The worring thing about this file is it keeps changing its name. The first 3 letters are always JET but then the last 4 charactors change and the extension is always tmp. JET17Af9.tmp, JET861E.tmp etc. If a window is open on the file folder for an extended period the file disappears only to come back again with a different name. I have started the computer with just system files, ini files, but it will not let me delete it. I have tried in dos. A search of the internet doesn't bring up anything. Can anyone tell me what this is? I run a single PC with Windows XP, Zone Alarm and Adaware.
Thanks very much
Liz
I've been doing computer maintainence and have come across a temp file in
c:documents and settings\owner\local settings\temp\ that i cannot remove. Norton (current virus definitions up to date) did not find it. I receive an error that says "...is being used by a another person or program...". The worring thing about this file is it keeps changing its name. The first 3 letters are always JET but then the last 4 charactors change and the extension is always tmp. JET17Af9.tmp, JET861E.tmp etc. If a window is open on the file folder for an extended period the file disappears only to come back again with a different name. I have started the computer with just system files, ini files, but it will not let me delete it. I have tried in dos. A search of the internet doesn't bring up anything. Can anyone tell me what this is? I run a single PC with Windows XP, Zone Alarm and Adaware.
Thanks very much
Liz
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thx
Here tis
Logfile of HijackThis v1.98.2
Scan saved at 4:39:18 PM, on 1/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\driver s\dcfssvc. exe
C:\phpdev\Apache\Apache.ex e
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3 2.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchos t.exe
C:\phpdev\Apache\Apache.ex e
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
C:\WINDOWS\system32\ZoneLa bs\vsmon.e xe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex e
C:\More Programs\RFA\rfagent.exe
C:\hp\drivers\keyboard\PS2 .EXE
C:\WINDOWS\System32\spool\ DRIVERS\W3 2X86\3\fpp dis2a.exe
C:\windows\system\hpsysdrv .exe
C:\Windows\system32\HpSrvU I.exe
C:\WINDOWS\System32\spool\ DRIVERS\W3 2X86\3\fpd isp5a.exe
C:\Program Files\Hewlett-Packard\Digi tal Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\msiexe c.exe
C:\PROGRA~1\Symantec\LIVEU P~1\LUCOMS ~1.EXE
C:\Program Files\hijackthis\HijackThi s.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.iprimus.com.au
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCt r\System\p anels\blan k.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH elper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2 09B6AD74AC C} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex e"
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\colo real.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RFAgent] C:\More Programs\RFA\rfagent.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD .EXE
O4 - HKLM\..\Run: [PS2] c:\hp\drivers\keyboard\PS2 .EXE
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\ DRIVERS\W3 2X86\3\fpp dis2a.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTr ay.dll,NvT askbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh eck.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio \ISStart.e xe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv .exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvU I.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd. exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\ DRIVERS\W3 2X86\3\fpd isp5a.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digi tal Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0 0aa003c157 a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0 0aa003c157 a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A 9046DEA8A2 1} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O14 - IERESET.INF: START_PAGE_URL=http://www.iprimus.com.au
O16 - DPF: {41F17733-B041-4099-A042-B 518BB6A408 C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0 050DA18DE7 1} (RdxIE Class) - http://207.188.7.150/141b03fd236b5632d223/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4 DFAD1796A8 D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{1 5EC238D-AE DB-4716-8A 1F-99FB951 A1AC3}: NameServer = 203.134.24.70 203.134.26.70
O17 - HKLM\System\CS1\Services\T cpip\..\{1 5EC238D-AE DB-4716-8A 1F-99FB951 A1AC3}: NameServer = 203.134.24.70 203.134.26.70
Here tis
Logfile of HijackThis v1.98.2
Scan saved at 4:39:18 PM, on 1/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\driver
C:\phpdev\Apache\Apache.ex
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchos
C:\phpdev\Apache\Apache.ex
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\WINDOWS\system32\ZoneLa
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
C:\More Programs\RFA\rfagent.exe
C:\hp\drivers\keyboard\PS2
C:\WINDOWS\System32\spool\
C:\windows\system\hpsysdrv
C:\Windows\system32\HpSrvU
C:\WINDOWS\System32\spool\
C:\Program Files\Hewlett-Packard\Digi
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\msiexe
C:\PROGRA~1\Symantec\LIVEU
C:\Program Files\hijackthis\HijackThi
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\colo
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RFAgent] C:\More Programs\RFA\rfagent.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD
O4 - HKLM\..\Run: [PS2] c:\hp\drivers\keyboard\PS2
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTr
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCh
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvU
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digi
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O14 - IERESET.INF: START_PAGE_URL=http://www.iprimus.com.au
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {8E0D4DE5-3180-4024-A327-4
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
Here is what needs to be looked at.
C:\More Programs\RFA\rfagent.exe
Do you know what this program is? If you do then leave it alone.
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCt r\System\
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.iprimus.com.au (NOTE! if this is your ISP then do not delete.)
O4 - HKLM\..\Run: [RFAgent] C:\More Programs\RFA\rfagent.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0 050DA18DE7 1} (RdxIE Class) - http://207.188.7.150/141b03fd236b5632d223/netzip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{1 5EC238D-AE DB-4716-8A 1F-99FB951 A1AC3}: NameServer = 203.134.24.70 203.134.26.70 (NOTE! if this is your ISP then do not delete.)
O17 - HKLM\System\CS1\Services\T cpip\..\{1 5EC238D-AE DB-4716-8A 1F-99FB951 A1AC3}: NameServer = 203.134.24.70 203.134.26.70 (NOTE! if this is your ISP then do not delete.)
Also Ad-aware SE is a great program but not an ends to itself. I personally use and use on client machines Ad-aware SE, Spybot S&D 1.3 , CWShredder. Between the 3 of these I can keep spyware out of the machine with ease.
C:\More Programs\RFA\rfagent.exe
Do you know what this program is? If you do then leave it alone.
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
O4 - HKLM\..\Run: [RFAgent] C:\More Programs\RFA\rfagent.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
Also Ad-aware SE is a great program but not an ends to itself. I personally use and use on client machines Ad-aware SE, Spybot S&D 1.3 , CWShredder. Between the 3 of these I can keep spyware out of the machine with ease.
does this tmp file affects your running of the computer? like slow down or hang? cos this file doesnt seem a virus...
since you're have adaware, then it shouldn't be an adware either. *.tmp is a temp file... actually (hopefully) not disturbing you greatly?
I'm sorry that there're so many tmp files around and this doesnt ring a bell... :)
cheers,
Luis