Hi to everybody.
I have a problem in my desktop computer. I can see the hard disk led and I can hear the hard disk activity every 2 seconds, even when I'm not using the computer, and apparently there is nothing running in it, no cache, no CPU activity, no memory pages, nothing. I used WhatsRunning to see what processes, services and the like are working, and I stopped everything I could, and the disk activity continues.
I have Windows XP SP3 in spanish. with AVG free.
I tracked the problem down to the file C:\WINDOWS\system32\config\software.log, which gets updated (never grows too much in size, from 1kb to 28 kb or 64 kB only), but gets updated every 2 or 3 seconds. How do I know? I open the system clock, to see the system time seconds included, and I request /File/ Properties for that logfile. And the "Last Modified" time stamp is always 2 or 3 seconds old. If I request Properties at 18:30:17, the file is dated 18:30:15, I do that again at 18:30:45, and the file timestamp is 18:30:43. I can do that several times, always finding a freshly rewritten file The file is constantly being updated/rewritten.
But this is a file that, according to Microsoft, is only used when installing Software as a log for installation activity. It should be used only when I install software, not every 2 seconds. So I suspect a malware working on it. The file is still not readable, not copyable from other programs, as windows explorer or notepad. It is also hidden. Anything I want to do with the file gets the response "Can't access the file. It is being used by another process or user".
When I google the name of the file, I get a lot of responses, because the HJT log mentions this file as non-readable, skipped during some checklog. But I have found no references to this kind of problem.
I tried to reboot in safe mode, command prompt only. I was able to copy the file to a different name, or mark it readonly with old MSDOC 'attrib'. But once I reboot, the software.log file gets created and the 2 second updates start again.
I still can install software on the computer, and I can uninstall. Seems that the registry-linked operation of the file is still alive. I installed the tools recommended by you with no problems.
I carefully followed the steps in "What information should I add when submitting a question? "
http://www.computerhope.com/forum/index.php/topic,46313.0.htmland I'm attaching my log files here.
I'll appreciate any help you can give me.
Best regards.
John Lace
[attachment deleted by admin]
