Inactive A hidden file is manipulating my laptop-fan!?

rogerthat69

Posts: 57   +0
(Hi again Broni,)

You helped me earlier(a few days ago) with som malware-removal. You also pointed out that I may have OS-errors due to cpu overheating because of irregular fan-functionality.

Now I have discovered that a strange hidden file could be correlating to the fan-problem. This file has
a hexadecimal(it looks like that by the letters/numbers but have not calculated the name for a test) name and it´s filetype is dmk. A search on internet gives no result except a few short notices and some kind of malware-indication! On the other hand I found that certain virtual disk programs handles certain dmk-files! But I have not installed any Virtual Disks! There is only a service named Virtual Disk in Vista for handling of disks, volumes and filesystems under the normal Disk Management(Control panel).

Every day when I log in I check my WinPatrol/Scotty for changes in the file-system incl hidden files. Every time when my fan is not working this above mentioned file shows up in WinPatrol as hidden. I then delete it via WinPatrol on next boot-up and my fan starts working again and rather perfect after a while. Temp is 41-52dgrs C with maximum 58 C. At the first boot-up after the file is deleted it could take one or a few hours until fan is working 100%. But this file keep coming back every 2-3 days. I have to find its origin! Help wanted!

The file is a temp-file as well placed under "Users\myself\Appdata\Local\Temp. Always the same temp-folder! Maybe there is a chance that this file is created because of a not fully un-installed program? Next time this hidden file appears, how shall I find its origin? What process is behind this
file?

Last time Broni helped me with malware this particular file disappeard. But I can not remember if
the deleting process/action was made by TFC-program(temp deleter). Possible!
 
It is not a desktop! A laptop and as far as I read temp betw 40-50 seems normal?.

I will give you the file-name when it pops up again. I hoped you had seen or heard about this file-type before! Maybe in the mean time you would be interested to look inside my system-file folder? Is there any program on the market that runs some
kind of systemfile-checking? Autorun says I.e that the file rdpclip is missing under
(log on):
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms".
According to timestamp the file has not been in use since nov 2013.
I have never manually used this program(filecopy) between any terminal server! Maybe it was a remote user? Should I install a new file? I have deactivated most unnecessary Remote-services due to my almost paranoid feeling since the computer once was hijacked(confirmed).

I renamed mobsync.exe because it tries to start. As I told you before "something" wants to be synchronized. I am not using IE6/7 at all (for offline-sync of webpages(or in FF)). Sync center in Control Panel shows "something" in action when mobsync.exe has started.
I have checked Task Scheduler. I have made some changes but I am not 100% sure about every task that is scheduled.

Otherwise Autorun-log looks ok to me!

What about these hidden files?:(I think they are legit)
C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
 
OK, this forum is designed for cleaning infected computers.
We checked your computer and it's clean.

I wish I had more time to take care of non-malware related issues but I don't.
Access to this forum is very limited (just you and me).
Your best bet is to create new topic in Windows forum.
 
Broni; Ok I do understand you have to deal with more urgent matters. No problem. Let´s close this topic. Maybe I will open a new one when this hidden dmk-file return
etc. My best ;)
 
p22003888.gif
 
Back