Tmp2.tmp
I have a file in my temp folder, under my user name, and it will not go away. i have gone in safe mode, ersaed it, and it keeps coming back. I check for spyware every other day with ADAWARE SE, EMCO malaware bouncer, and spybots search and destroy, and they cannot get rid of this. even my trend micro PCCILLIN wont help. then i get popups, and it seems to have a mind of its own. i cannot do a single thing to get rid of this. when i click on the file itself, it dissapears, and like 3 more files pop up out of no where, and then they go away, and the tmp2.tmp file comes back. i opened the file and got this,,
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=1|720|300|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=2|739|300|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=4|750|350|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=5|700|500|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17180||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17280||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17280||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17280||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=1|720|300|0|17180||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=2|739|300|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=4|750|350|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=5|700|500|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17180||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17280||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17280||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17280||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=1|720|300|0|17180||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=2|739|300|0|50||||
I was reffered here by HAWK of Icrontic Forums.
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=1|720|300|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=2|739|300|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=4|750|350|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=5|700|500|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17180||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17280||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17280||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17280||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=1|720|300|0|17180||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=2|739|300|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=4|750|350|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=5|700|500|0|50||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17180||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17280||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17280||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=3|700|500|0|17280||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=1|720|300|0|17180||||
http://ads1.searchmiracle.com/ads/ad.php?country=1&pos=2|739|300|0|50||||
I was reffered here by HAWK of Icrontic Forums.
0
This discussion has been closed.
Comments
Dexter...
You're in good hands here, cellstar21. I'm sure Dexter can help you get your problem(s) solved.
The experts in this sort of thing will be sure and find the thread here and get you straightened out.
Logfile of HijackThis v1.99.1
Scan saved at 1:47:32 AM, on 4/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\applek.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCGUIDE.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Highjack This (Do Not Erase, JONATHAN)\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleK2] C:\WINDOWS\system32\applek.exe s
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteryx32.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Global Startup: CoreCenter.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{02A6A415-A3F5-400D-9948-7686BEF5D50F}: NameServer = 151.164.17.201 151.164.11.201
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
How to see hidden files in Windows
Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O4 - HKLM\..\Run: [AppleK2] C:\WINDOWS\system32\applek.exe s
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteryx32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Reboot your computer into Safe Mode
Then delete these files or directories (Do not be concerned if they do not exist):
C:\WINDOWS\system32\applek.exe
C:\windows\system32\eliteryx32.exe
Reboot your computer to go back to normal mode.
Please run at least two of these online scans.
Make sure they are set to clean automatically:
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.bitdefender.com/scan/licence.php
http://housecall.trendmicro.com/housecall/start_corp.asp
There will be files that these scans will not remove. Please include that information in your next post.
Reboot and post a new hijackthis log.
Scan saved at 3:36:21 PM, on 4/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\applek.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Highjack This (Do Not Erase, JONATHAN)\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleK2] C:\WINDOWS\system32\applek.exe s
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteryx32.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Global Startup: CoreCenter.lnk.disabled
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{02A6A415-A3F5-400D-9948-7686BEF5D50F}: NameServer = 151.164.17.201 151.164.11.201
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe