| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 66656 | 2006-03-03 00:12:00 | Weird temp files multiplying... | Mowi (9902) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 435133 | 2006-03-03 00:12:00 | Well, i'm running Windows XP Home SP2, with a Dell Optiplex with 40GB HD and 256MB RAM, on a 512k broadband connection . My problem is i somehow got this temp files called win1 . tmp, win1A . tmp and other similar forms that multiply exponentially from time to time, (while sometimes creating dialers that i can manually delete anyway) . Other thing is that they are the only temp files there are in the win/temp folder . The thing is, they don't look like they're doing any damage, and the process that fits with their name is not running anymore on the task manager, but i can't delete them tho they're temp (not even with Move On Boot) and it bothers me a lot that there's some kind of invisible threat . NAV doesn't detect it, neither did Panda and some others . I'm not sure, but I think it had to do with some activeX controls i installed sometime ('cause Windows firewall wouldn't stop popping up . . . ok, that was a lame move) . . . the thing is, i *don't* know which program is creating those files everytime i boot . You see, it may not really be a problem since there's no visible damage, but as i said, it bothers me a lot that i can't get rid of them . . . So thank you in advance! Edit: I already googled and did my research . . . with no luck . |
Mowi (9902) | ||
| 435134 | 2006-03-03 00:21:00 | I would download hijackthis (www.merijn.org) from here (www.spywareinfo.com) Unzip this file, then run it and click on scan & save the log. Then copy and paste the log here. |
Speedy Gonzales (78) | ||
| 435135 | 2006-03-03 00:22:00 | It would bother me a lot if I thought I had some constantly regenerating diallers on my machine. Have you done scan with Adaware and Spybot and maybe online at Housecall? There's an excellent FAQ about malware. Look it up. HTH..m | mark c (247) | ||
| 435136 | 2006-03-03 00:38:00 | Here's the log... and well, by the way i just discovered i got that Download.Trojan one... could i also ask for help with that, since it seems i can't remove it either? =/ Sorry for the inconvenience. Logfile of HijackThis v1.99.1 Scan saved at 6:36:17 PM, on 3/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\NORTON~1\navw32.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.2020search.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.2020search.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.2020search.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.2020search.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.i-lookup.com O15 - Trusted Zone: *.offshoreclicks.com O15 - Trusted Zone: *.teensguru.com O15 - Trusted Zone: *.xxxtoolbar.com O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
Mowi (9902) | ||
| 435137 | 2006-03-03 00:49:00 | Boot into safe mode, and run hjt again, tick these entries and tick fix checked. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.2020search.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.2020search.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.2020search.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.2020search.com O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll (file missing) O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.i-lookup.com O15 - Trusted Zone: *.offshoreclicks.com O15 - Trusted Zone: *.teensguru.com O15 - Trusted Zone: *.xxxtoolbar.com Dont know what this belongs to O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll This entry doesnt have to run on startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Then reboot. I would also get Trojan remover (dl.filekicker.com) from here (www.simplysup.com) Install and run, click on scan. Then select the 3rd - 7th option under the utilities menu. I would also get ccleaner (http://www.ccleaner.com) download / install it, and click on run cleaner. |
Speedy Gonzales (78) | ||
| 435138 | 2006-03-03 01:16:00 | Problem solved! Thank you very much, you're awesome! :) | Mowi (9902) | ||
| 435139 | 2006-03-03 01:31:00 | Good to hear its all OK now Mowi :) I would also update Itunes to 6.04 if this isnt the version you're using now. Or use Winamp 5.2 which now supports Ipods / Some creative players, and MS play for sure devices. Thats if u dont buy MP3's thru Itunes, or do / get podcasts. |
Speedy Gonzales (78) | ||
| 435140 | 2006-03-03 01:39:00 | Nice, i'll try it out. Now, i'm sorry to ask again... but after all this stuff and a new Norton scan (which now found the trojan and removed it) a Norton "can't repair, please reinstall" dialog popped up when i logged on Windows. Now i'm removing NAV, but, should i install it again? Or do i *really* have noticeably better options? :) Edit: some people recommend me nod32 instead of the usual "use AVG" i get... is it good? I'm sorry to ask ALL this stuff. :P |
Mowi (9902) | ||
| 435141 | 2006-03-03 01:56:00 | Hmm whatever was on your system may have corrupted some NAV files . I did try AVG a while ago, but it used to play up too much . . . . I had too many probs with it . It ran when it felt like it! I had Nortons too, but it was like running 11-12 processes in the background lol . So, I removed it too, and installed Zonealarm . Zonealarm will do for now . XP's firewall would be OK, but if u get nasties later on, it wont block nasties sending files over the net . XP's firewall only blocks incoming traffic . Not outgoing traffic . Some people say Nod32 is a good program, (I've never used it) some people if u want a firewall as well, say PC-Cillin Internet Security is a good program . Altho, none of these are free (Not too sure about Nod32 tho) . BUT I think u still have to pay for it . |
Speedy Gonzales (78) | ||
| 435142 | 2006-03-03 02:07:00 | Well, thank you very much, i'll take a look on that stuff. :) By the way... pretty cool forums you people got here, i'll be around :) | Mowi (9902) | ||
| 1 2 | |||||