• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
Need help

I'm very worried, please help me.

3 posts in this topic

Hi, and thanks for creating Ad-Aware.

 

1) There is a type of file in my windows temp folder that's undeletable, and it keeps generating; the size of the file is always the same (144kb) and it changes it's name (~DFB25C.tmp, etc.).

 

2) The WhoLockMe software says those files are being locked by the Winlogon process.

 

3) I have tried almost all antiviruses (Trendmicro's housecall, Panda Activescan, Norton Internet Security, AVG, BitDefender), and some of the greatest anti-spyware software (Ad-Aware and Spybot S&D), but none of detects what software is creating those undeletable temp files.

I'm most worried because I know that when a file is locked and it keeps generating, it's sure it is a virus or spyware; I formatted Windows two times, and the virus or spyware keeps infecting my PC.

 

4) I have Ad-Aware and HijackThis logs:

4.1) Ad-Aware:

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Martes, 25 de Abril de 2006 12:16:41

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R104 21.04.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

25-04-2006 12:16:41 - Scan started. (Full System Scan)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

 

#:2 [csrss.exe]

 

#:3 [winlogon.exe]

 

#:4 [services.exe]

 

#:5 [lsass.exe]

 

#:6 [svchost.exe]

 

#:7 [svchost.exe]

 

#:8 [svchost.exe]

 

#:9 [explorer.exe]

 

#:10 [nvsvc32.exe]

 

#:11 [notepad.exe]

 

#:12 [msmpeng.exe]

 

#:13 [wholockme.exe]

 

#:14 [maxthon.exe]

 

#:15 [ad-aware.exe]

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 0

 

 

12:18:46 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:02:05.579

Objects scanned:82283

Objects identified:0

Objects ignored:0

New critical objects:0

 

4.2) HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 11:46:09, on 25-04-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Archivos de programa\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nvidia.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_11\bin\npjpi142_11.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_11\bin\npjpi142_11.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145942387281

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EBCA6A46-F5C9-4FC7-866E-45BC4B042C62}: NameServer = 200.50.96.90

O20 - Winlogon Notify: WBSrv - C:\ARCHIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

If you know something about what is infecting my system please tell me, I would be very grateful, thanks.

 

***Update: WindowBlinds was creating those files. I don't know if that's normal or not.

Share this post


Link to post
Share on other sites

Hi Need help.,

 

***Update: WindowBlinds was creating those files. I don't know if that's normal or not.

 

Have you resolved the problem, sounds like you've figured out what was courseing the file... yes it would be perfectly normal for applications such as WindowBlinds to create and use temporary files whilst it is running, if you want to be on the safe side, reboot your computer into safe mode and try deleteing them from that...

 

Thanks Chris Fry

www.lavasoft.de

Share this post


Link to post
Share on other sites

The process attached to Winlogon is Stardock for changing the taskbar... was this an intentional install? if it was, then you have nothing to worry about here....

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0