services.exe creating multiple temp files

G

Guest

unfortunately i cannot pinpoint when date this issue started but its
beginning to bug me...

every ten seconds a IME*.tmp file will be written to my windows\temp folder,
i initially thought it would be a rouge application however i've scanned my
computer numerous times with various scanners and there is nothing out of the
blue...

i got the file monitor software provided by sysinternals and its showing
that services.exe is creating these files...

could anyone tell me why? has it become infected? i have just used the
comp(are) command against the system32 version and the one in my i386 folder
but they compare ok

i'm at a loss and would appreciate any input!
 
P

Pennywise

cs02cwc said:
unfortunately i cannot pinpoint when date this issue started but its
beginning to bug me...

every ten seconds a IME*.tmp file will be written to my windows\temp folder,
i initially thought it would be a rouge application however i've scanned my
computer numerous times with various scanners and there is nothing out of the
blue...

i got the file monitor software provided by sysinternals and its showing
that services.exe is creating these files...

could anyone tell me why? has it become infected? i have just used the
comp(are) command against the system32 version and the one in my i386 folder
but they compare ok

i'm at a loss and would appreciate any input!
Click to expand...

Next thing would be to
download and run Process Explorer
http://www.sysinternals.com/Utilities/ProcessExplorer.html

Double Click on the services and see what they are and what directory
they are running from.
 
G

Guest

[email protected] said:
Next thing would be to
download and run Process Explorer
http://www.sysinternals.com/Utilities/ProcessExplorer.html

Double Click on the services and see what they are and what directory
they are running from.
Click to expand...

thanks for your quick reply!

i downloaded the application and ran it, i'm not too sure what i'm looking
for and so i have uploaded an image of the running application:

http://img97.imageshack.us/img97/3662/processexpux1.jpg

all of the services seem to be running either from ..\system32\ or
...\program files\ and i do not see anything out of the ordinary...

many thanks again!
 
M

Malke

cs02cwc said:
thanks for your quick reply!

i downloaded the application and ran it, i'm not too sure what i'm looking
for and so i have uploaded an image of the running application:

http://img97.imageshack.us/img97/3662/processexpux1.jpg

all of the services seem to be running either from ..\system32\ or
..\program files\ and i do not see anything out of the ordinary...
Click to expand...

Good job with the image. I don't see anything untoward. Perhaps there is a
conflict between Ewido and BlackIce since BlackIce has been problematic for
many people.

Take the machine off the Internet so you will be protected and do a
clean-boot. I'm guessing that either Ewido or BlackIce is the culprit and a
clean-boot will help narrow that down. If neither is running and the .tmp
files aren't created, then add one of those programs and test...etc.

Clean boot in Windows XP - http://support.microsoft.com/kb/310353
Clean-boot advanced troubleshooting in Windows XP -
http://support.microsoft.com/kb/316434

Malke
 
G

Guest

Malke said:
Good job with the image. I don't see anything untoward. Perhaps there is a
conflict between Ewido and BlackIce since BlackIce has been problematic for
many people.

Take the machine off the Internet so you will be protected and do a
clean-boot. I'm guessing that either Ewido or BlackIce is the culprit and a
clean-boot will help narrow that down. If neither is running and the .tmp
files aren't created, then add one of those programs and test...etc.

Clean boot in Windows XP - http://support.microsoft.com/kb/310353
Clean-boot advanced troubleshooting in Windows XP -
http://support.microsoft.com/kb/316434

Malke
--
MS-MVP Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"
Click to expand...

although i cannot tell you exactly when this began happening, i can tell you
that it was prior to the installaion of ewido and black ice but i will try
your advice...

the temp files are written whilst i am offline as well so i assume it is
something resident on my computer...

it may help to know i've had to replace explorer.exe as it was infected a
while back as it was limiting my bandwidth by recursively emailing heaven
knows who! may it be fallout from that issue?

i've booted in safe mode, no files are written to the folder under safe mode
so i've also tried shutting down services that run in normal mode, but its
still occuring...

as suggested, i will limit my startup applications and get back to you, and
then will continue with the advanced techniques - however it may take some
time to go through all the steps!

many thanks!
 
G

Guest

whats really strange is its seemed to have solved itself...

thanks for all your help!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

No new temp files?? 1
Temp File 3
Two temp files which can't be deleted 10
Temp files 3
How to kill the zipped files in C:\Document and Settings\LogginName\Temp\ using code for this strang 2
Mystery 12
log files in TEMP folder 2
Opening Temp files 1

Top