- May
- 13,747
- 209
This is way off-topic, but with all the experts here ...
On my home computer (Win7/32), **every** time I start an EXE which does not reside in the c:\Windows tree, I get the likes of this in the %TEMP directory.
The files are exactly 512K (2^19) in size and are owned by NT_AUTHORITY/SYSTEM. They allow no sharing so I can't read/copy them. I tried denying "SYSTEM" the delete privilege in %TEMP (so I could look at one) but they're deleted anyway.
This **never** happens on my work computer, also Win7/32, and set up quite similarly.
I tried stopping several services that I could do without; that made no difference.
Does anyone have any ideas what they are or how I might get a look at one?
On my home computer (Win7/32), **every** time I start an EXE which does not reside in the c:\Windows tree, I get the likes of this in the %TEMP directory.
Code:
20:40:57.996123 CREATE TMP000003B87C0F2266F9A64046
20:40:57.996288 MODIFY TMP000003B87C0F2266F9A64046
20:40:58.020166 DELETE TMP000003B87C0F2266F9A64046
This **never** happens on my work computer, also Win7/32, and set up quite similarly.
I tried stopping several services that I could do without; that made no difference.
Does anyone have any ideas what they are or how I might get a look at one?