Smath74 All American 93281 Posts user info edit post |
pages keep opening with this address (or something similar): C:\Documents and Settings\Justin Smith\Local Settings\Temp\~wmvtmp7\index.html
Now, I have both Ad Aware and SS&D, and i keep running them, but they keep popping up... it's recently started since i've moved apartments and switched my internet... could this be the problem? is there some update i need to get?
thanks in advance for the help! 10/22/2005 8:31:45 PM |
brianj320 All American 9166 Posts user info edit post |
what kind of windows are opening? internet explorer windows or windows explorer windows? clear all histories (internet and computer), clean caches, delete temp files and folders. see if that does anythin. also, if u have hijackthis, run that to see if anythin abnormal is runnin in ur processes. 10/22/2005 9:12:48 PM |
Smath74 All American 93281 Posts user info edit post |
ummmm.... it's windows XP... I have IE. I'll do all that, thanks! 10/23/2005 12:49:50 PM |
statepkt All American 3592 Posts user info edit post |
might also be a virus.....run antivirus as well. 10/23/2005 1:11:26 PM |
Smath74 All American 93281 Posts user info edit post |
yeah i've run virus and spyware scans out the wazoo. 10/23/2005 3:08:39 PM |
DeputyDog All American 2059 Posts user info edit post |
anything weird in your program file list???? 10/23/2005 9:43:47 PM |
Smath74 All American 93281 Posts user info edit post |
i dunno 10/24/2005 2:38:58 AM |
moron All American 34190 Posts user info edit post |
http://www.apple.com/imac/
10/24/2005 2:47:35 AM |
gunzz IS NÚMERO UNO 68205 Posts user info edit post |
if you dont have hijack this i would suggest a DL of it it will pick up on shit that spybot and norton will not 10/24/2005 11:46:08 AM |
Smath74 All American 93281 Posts user info edit post |
ok, with hijack this, how do i know what to delete or whatever?
Quote : | "Logfile of HijackThis v1.99.1 Scan saved at 10:44:55 AM, on 10/26/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\PROGRA~1\Symantec\SAV8\DefWatch.exe C:\PROGRA~1\Symantec\SAV8\Rtvscan.exe C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\PROGRA~1\Symantec\SAV8\vptray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\nfomon\nfomon.exe C:\WINDOWS\system32\vidmon\vidmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\Common Files\WRAL DESKTOP WEATHER\TrueWeather.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Justin Smith\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec\SAV8\vptray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WRAL DESKTOP WEATHER.lnk = C:\Program Files\Common Files\WRAL DESKTOP WEATHER\TrueWeather.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/c2c/grinstall_c2c1002_sp2.cab O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Symantec\SAV8\DefWatch.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\Symantec\SAV8\Rtvscan.exe O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe " |
that's what i got.10/26/2005 10:47:10 AM |
brianj320 All American 9166 Posts user info edit post |
try removing these 2 and see what happens. i dont know that 1st plugin is and it might be causing the problems. same with the shopathome thing.
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/c2c/grinstall_c2c1002_sp2.cab 10/26/2005 11:43:07 AM |
Smath74 All American 93281 Posts user info edit post |
yeah, i removed those
they were the only ones i could see that struck me immediately as "SPYWARE" or "BAD"
i didn't know if any other ones should get the boot? thanks for the help! 10/26/2005 12:11:06 PM |