Joined
·
318 Posts
System: WindowsME
As for spyware, ran upon it, got rid of it with Ad-aware and Spybot S&D.
The problem?
I'm not sure if it is the after effects of a spyware cleaning, or not... but I've been having a LOAD of trouble lately with internet explorer.
1.IE wants to download things to TEMP. Things such as EXE's are warned against, and there is no way to uncheck it to NOT warn me. If I hit open, it downloads to TEMP, and auto-opens. Zips, they didn't even ask me, they just auto downloaded to TEMP and opened. I fixed this however by uninstalling winzip 9.
2.Also, php files, I try to run a small apache server with php just for testing some code, and it wants to auto download php! I've tried opening the PHP files and setting them to open with IE, but it wont display, it just wants me to save the file instead of view it.
3.I try to uncheck the option to show the dialup monitors in the system tray, but they wont hide. The flashing is irritating
4.I've managed to delete the things in my TEMP directory, but there is one file that wont delete. It is called "~DFF93B.TMP" I've tried booting into safe mode to delete it, but it still is put back as soon as I do it. I'm thinking this might be the problem.. but it may be something safe. I really don't know.
All I want is to be able to download with IE without it telling me "FILES OF THIS ARE DANGEROUS..BLAHBLAH.." (the check is grayed out to tell it to stop asking me, so there is no way to change it).. and I wish that PHP files would not download instead of show in Internet Explorer.
Also, when I say TEMP, I mean c:/windows/temp/ not c:/windows/temporary internet files/
Like I said, I have scanned with both Ad-aware and Spyboy S&D. They were both fully updated too. I've also scanned with an up to date AVG Antivirus. Futher more, I've posted hijack this logs and been told what things I should remove.
So Adware, Spybot S&D, AVG, and hijack this logs seem to all be clean... maybe I've somehow messed up windows myself? I've also tried to both reinstall and repair IE.. the only thing I can think of as a last resort is reinstalling windows. =\
Does anybody out there have ANY ideas? I would be more than happy to hear them. Thanks in advance!
For refrence, here is my hijack this log:
Logfile of HijackThis v1.97.7
Scan saved at 5:03:02 PM, on 4/7/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CREATIVE ELEMENT POWER TOOLS\STARTUP.EXE
C:\PROGRAM FILES\CIDIAL\CIDIAL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
D:\PROGRAMS\HIJACK THIS\HIJACKTHIS 1.97.7.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - Startup: Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe
O4 - Startup: CiDial 2.3.lnk = C:\Program Files\CiDial\CiDial.exe
O4 - Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Open In &New Window - C:\WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.tui
O8 - Extra context menu item: View old version at &archives.org - C:\WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.tui
O8 - Extra context menu item: Zoom &In* - C:\WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomin.tui
O8 - Extra context menu item: Zoom &Out* - C:\WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomout.tui
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38079.0627546296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
As for spyware, ran upon it, got rid of it with Ad-aware and Spybot S&D.
The problem?
I'm not sure if it is the after effects of a spyware cleaning, or not... but I've been having a LOAD of trouble lately with internet explorer.
1.IE wants to download things to TEMP. Things such as EXE's are warned against, and there is no way to uncheck it to NOT warn me. If I hit open, it downloads to TEMP, and auto-opens. Zips, they didn't even ask me, they just auto downloaded to TEMP and opened. I fixed this however by uninstalling winzip 9.
2.Also, php files, I try to run a small apache server with php just for testing some code, and it wants to auto download php! I've tried opening the PHP files and setting them to open with IE, but it wont display, it just wants me to save the file instead of view it.
3.I try to uncheck the option to show the dialup monitors in the system tray, but they wont hide. The flashing is irritating
4.I've managed to delete the things in my TEMP directory, but there is one file that wont delete. It is called "~DFF93B.TMP" I've tried booting into safe mode to delete it, but it still is put back as soon as I do it. I'm thinking this might be the problem.. but it may be something safe. I really don't know.
All I want is to be able to download with IE without it telling me "FILES OF THIS ARE DANGEROUS..BLAHBLAH.." (the check is grayed out to tell it to stop asking me, so there is no way to change it).. and I wish that PHP files would not download instead of show in Internet Explorer.
Also, when I say TEMP, I mean c:/windows/temp/ not c:/windows/temporary internet files/
Like I said, I have scanned with both Ad-aware and Spyboy S&D. They were both fully updated too. I've also scanned with an up to date AVG Antivirus. Futher more, I've posted hijack this logs and been told what things I should remove.
So Adware, Spybot S&D, AVG, and hijack this logs seem to all be clean... maybe I've somehow messed up windows myself? I've also tried to both reinstall and repair IE.. the only thing I can think of as a last resort is reinstalling windows. =\
Does anybody out there have ANY ideas? I would be more than happy to hear them. Thanks in advance!
For refrence, here is my hijack this log:
Logfile of HijackThis v1.97.7
Scan saved at 5:03:02 PM, on 4/7/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CREATIVE ELEMENT POWER TOOLS\STARTUP.EXE
C:\PROGRAM FILES\CIDIAL\CIDIAL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
D:\PROGRAMS\HIJACK THIS\HIJACKTHIS 1.97.7.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - Startup: Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe
O4 - Startup: CiDial 2.3.lnk = C:\Program Files\CiDial\CiDial.exe
O4 - Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Open In &New Window - C:\WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.tui
O8 - Extra context menu item: View old version at &archives.org - C:\WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.tui
O8 - Extra context menu item: Zoom &In* - C:\WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomin.tui
O8 - Extra context menu item: Zoom &Out* - C:\WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomout.tui
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38079.0627546296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
