A recent scan with TDS-3 showed c:\tmp0001.$$$ as a possible password stealer (Generic detection). I didn't recognize this file, so I tried to delete it (appears to be temporary anyway). I couldn't delete it though. So I tried to terminate it first using TDS, but it couldn't be terminated. So I figured I'd check it out with another process explorer (TaskInfo2002). It didn't show up as a running process. I clicked the tab to view all open files, and it showed up there, so I tried to figure out which process was using it. None of them showed up as using that file though. I went back to TDS and extracted strings from the file, (which could only be done through TDS [Bintext wouldn't work]). It took a while as the file was 2Mb. Anyway, the only readable text was in reference to Diamondcs and TDS-2, which is a version I never had. I've only used TDS-3. Odd. I rebooted the computer and tried to delete it again, but it still said it was in use by windows. Same as before. I checked various autostart methods, but couldn't figure out how it was starting up. So, I set my autoexec.bat file to delete it and rebooted. It's now gone, and everything seems to be exactly the same. But my problem is, I don't know what the file was, I don't know where it came from, or how it got there, and I don't know if it was somehow running invisibly, or if some other process was using it. If so, I couldn't seem to figure out which one.