need a logging program

[Bear_Hunter]

Does anyone know of a logging program that I can have log files written to a certain directory?
Need to be able to choose file type (*.tmp) and directory (C:\Windows\Temp).
I have an unknown program writing 0kb tmp files. Want to find out what program is doing it.

[DavidR]

Rather that do that why not track down the program first in another way. If it is writing *.tmp files it must be running:

What is your OS ?
Are there any strange programs in Task Manager or Ctrl+Alt+Del ?
If so google the process name and see what that brings. Check those programs and see where it places temp files.

What is common about the temp file names it is creating ?

[Bear_Hunter]

Rather that do that why not track down the program first in another way. If it is writing *.tmp files it must be running:

What is your OS ?
Are there any strange programs in Task Manager or Ctrl+Alt+Del ?
If so google the process name and see what that brings. Check those programs and see where it places temp files.

What is common about the temp file names it is creating ?

That's the problem. Nothing wierd in task manager.
Not sure, but I think it's a updating process. For what I don't know.
Have tried watching processes and the folder at the same time. Can't pin-point the source. That's why the tracking/logging program need.
Checked the registry, nothing there mentioning the folder, or the tmp files.
Restore not an option either. Had to shut down restore for the drive to delete a bug. Full system scan Windows running and at boot is clean.
Scanned with Adaware and Spybot S&D, clean.
Only one program I suspect, but not sure. Program is Skype. Wife uses it to talk to her father...his idea...can't seem to get the hang of Paltalk, or programs of that sort...lol.

[igor]

What are the names of the "empty" files?

[Bear_Hunter]

What are the names of the "empty" files?

Can't remember right now, and need to put a new monitor on the PC to find out. Just my luck. Monitor finaly went out totally...lol Not to worry have a garage full...lol
I did do a search via google for the name of the file, came up empty.
Seen the one on here about the virus/worm that people were having problems with. Not the same.
each one is numbered, and if deleted and restart right away they start out at 1 again, no restart they keep going from the last one even if deleted.
Did a full system scan with avast and etrust, both came up clean, as did adaware and spybot s&d. I have noticed that avast gives  false poitives on a few files, file that i know are clean. noot on that computer though.
Just Put Monitor on computer....Filles are win*.tmp the * being a number
Just deleted over 4000 of the buggers.

[sebon]

I googled  0kb" tmp files " and found this

http://www.pcuser.com.au/pcuser/hs2.nsf/lookup+1/64DADF93131BB0D0CA256C530021857F



http://www.microsoft.com/technet/archive/community/columns/inside/techan21.mspx

[Bear_Hunter]

I googled  0kb" tmp files " and found this

http://www.pcuser.com.au/pcuser/hs2.nsf/lookup+1/64DADF93131BB0D0CA256C530021857F



http://www.microsoft.com/technet/archive/community/columns/inside/techan21.mspx

Thanks but the files that are bugging me are win*.tmp the * being a number
I still think I need a logging program that will log what writes files to that folder.
It's wierd nothing happens in the Ctrl+Alt+Del Processes window. What I mean is that there are no spikes of usage or anything that shows that anything happens, the files just appear 3 to 4 at a time. They are all 0Kb files, and sent to notepad and nothing in them at all.
I think I got a ghost...

[igor]

How about File Monitor - would it show anything useful?
(I suggest to set a filter on the expected filenames, otherwise you'll get an enormous amount of records.)

[Bear_Hunter]

How about File Monitor - would it show anything useful?
(I suggest to set a filter on the expected filenames, otherwise you'll get an enormous amount of records.)

Thank you.
Exactly what I was looking for.
WOW Avast sure leaves a lot behind when uninstalled. Particularly in the Registry, Deep in the Root. A few can't be deleted. Even the cleaner I downloaded will not get rid of those. It likes to gety nasty when you uninstall it. Wouldn't even let me install another antivirus program at first. Had to reinstall and then remove with the cleaner.
Funny the uninstall via Add/Remove doesn't work. Reminds me of Norton, even has the false detections. It does take things out that other AVs wouldn't even find though.
Thanks again

[Lisandro]

Funny the uninstall via Add/Remove doesn't work.

The Control Panel should be used BEFORE the Cleaner. Otherwise, it won't work... 

[Bear_Hunter]

Funny the uninstall via Add/Remove doesn't work.

The Control Panel should be used BEFORE the Cleaner. Otherwise, it won't work... 

Tried that and it screwed up my whole system.
Had to reinstall and use the cleaner aswclear.exe, in order to even get to my-etrust.com.
When Uninstalled via Add/Remove (Control Panel) it deleted files for Zone Zlarm and blocked acess to some websites, initially couldn't even get on the internet. It had turned on the Windows firewall, which I had disabled years before installing Avast.
By the way found that Logon.exe was causeing the win*.tmp files. Took a while but traced the problem to some *.tmp files in the Windows folder and if I remember right the either System or system32 folders, if not both. Well thought that was it. Seems I'm still getting the darn files. About ready to reformat.

[Lisandro]

The Control Panel should be used BEFORE the Cleaner. Otherwise, it won't work... 
Tried that and it screwed up my whole system.

I'm sure this will only occur if you have another antivirus installed, if you had in the past and did not uninstall it to install avast, you've manually deleted or messed your avast installation.
Control Panel should work if you don't mess it. But, if you do it, the uninstall tool should do the work.

Had to reinstall and use the cleaner aswclear.exe, in order to even get to my-etrust.com.

Sure... you're trying to use a second antivirus...

When Uninstalled via Add/Remove (Control Panel) it deleted files for Zone Zlarm

It shouldn't... which files?

and blocked acess to some websites, initially couldn't even get on the internet.

Well... avast does not block anything, it's not a firewall. ZoneAlarm does, it is a firewall. So if the configuration of ZA, after avast uninstall should be changed to reflect you new system state, so the problem was on ZA configuration...

It had turned on the Windows firewall, which I had disabled years before installing Avast.

This is not true... avast can't do that... ZA does...

By the way found that Logon.exe was causeing the win*.tmp files. Took a while but traced the problem to some *.tmp files in the Windows folder and if I remember right the either System or system32 folders, if not both. Well thought that was it. Seems I'm still getting the darn files. About ready to reformat.

Did you run an avast scanning or not?

[Bear_Hunter]

The Control Panel should be used BEFORE the Cleaner. Otherwise, it won't work... 
Tried that and it screwed up my whole system.

I'm sure this will only occur if you have another antivirus installed, if you had in the past and did not uninstall it to install avast, you've manually deleted or messed your avast installation.
Control Panel should work if you don't mess it. But, if you do it, the uninstall tool should do the work.

Had to reinstall and use the cleaner aswclear.exe, in order to even get to my-etrust.com.

Sure... you're trying to use a second antivirus...

When Uninstalled via Add/Remove (Control Panel) it deleted files for Zone Zlarm

It shouldn't... which files?

and blocked acess to some websites, initially couldn't even get on the internet.

Well... avast does not block anything, it's not a firewall. ZoneAlarm does, it is a firewall. So if the configuration of ZA, after avast uninstall should be changed to reflect you new system state, so the problem was on ZA configuration...

It had turned on the Windows firewall, which I had disabled years before installing Avast.

This is not true... avast can't do that... ZA does...

By the way found that Logon.exe was causeing the win*.tmp files. Took a while but traced the problem to some *.tmp files in the Windows folder and if I remember right the either System or system32 folders, if not both. Well thought that was it. Seems I'm still getting the darn files. About ready to reformat.

Did you run an avast scanning or not?

Yes I had eTrust AV installed. and Zone Alarm on this computer and my sons.
eTrust was diabled while Avast was installed.
they got along just fine.
When I uninstalled via the control panel Avast uninstall deleted files for both eTrust and Zone Alarm.
On my sons computer I uninstalled using aswclear.exe and had no problems.
why does avast install into the root of the regestry, entries that can not be deleted, and the uninstall via control panel nor aswclear.exe get rid of?
Reason for uninstalling = Too aggressive, found too many things that were not actually a threat(false possitves).
Finally gave up and reformated the wifes computer.
Yes I did full system scans at boot and in windows. I think when a problem was deleted,avast, adaware, and spybot s&d never got everything....(miised a reg entry somewhere) that left winlogon creating the temp entries.

[Lisandro]

Yes I had eTrust AV installed. and Zone Alarm on this computer and my sons.
eTrust was diabled while Avast was installed.

Most of the times, this is not enough... sooner or later, low level drivers, system files, services... will conflict.
Disable is not enough. You could, sometimes, install a second antivirus in the same computer IF you do NOT install any resident or plugin.
avast is NOT a good second, non resident, antivirus... We can suggest others to be the second...

why does avast install into the root of the regestry, entries that can not be deleted, and the uninstall via control panel nor aswclear.exe get rid of?

A lot of applications do that. You're probably refering to legacy entries of the Registry. You can try AVG from Grisoft, McAfee, Norton... and you'll see legacy entries in the registry (which access is only for system and not for any user or administrator).

Reason for uninstalling = Too aggressive, found too many things that were not actually a threat(false possitves).

Well... sometimes avast detects a false positive... it's not that often... But, are you sure they're false positives?

I think when a problem was deleted,avast, adaware, and spybot s&d never got everything....

Can you rephrase? Do you mean that after correcting (cleaning) a problem, avast does not detect it again? Isn't it a good thing?

(miised a reg entry somewhere) that left winlogon creating the temp entries.

Do you mean that some malware was not correctly cleaned by avast?
Be sure to use specific antitrojan or antirootkits applications to do so. avast is *only* an antivirus.

[igor]

why does avast install into the root of the regestry, entries that can not be deleted, and the uninstall via control panel nor aswclear.exe get rid of?

It doesn't. The legacy entries are created by the operating system itself - and when the operating systems "decides" that they should disappear, they will (which is not necessarily at the moment you uninstall avast!). So, these entries were not directly created by avast!, and they are not supposed to be removed by the user.