1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE wants to download to TEMP

Discussion in 'Earlier Versions of Windows' started by Krelian, Apr 5, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Krelian

    Krelian Thread Starter

    Joined:
    Mar 10, 2004
    Messages:
    300
    I've been having some problems lately, I stumbled upon a seriously bulky spyware site that installed some pretty nasty stuff on my computer. Since then, I've ran Ad-aware, Spybot S&D, Hijack This, CWShredder, and my Antivirus. (all up to date). I think I've got it all, but for some reason, my Internet Explorer keeps wanting to save to the TEMP directory, and then immediately open. It auto downloads, there isn't even a save as dialogue.

    Also, another problem, there is a strange file in my TEMP that wont delete, everytime I delete it it comes back.

    And while I'm on the boards, might as well throw another problem at you brilliant people you ;) ... whenever I use my HOST file it seems to d/c me from the internet. I'm thinking maybe its too large? Any advice would be appreciated! Thanks in advance! :cool:
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Unzip HijackThis to a permnent folder, run it and select "Scan". Then save the scanlog and copy/paste the results here.

    http://www.spywareinfo.com/~merijn/downloads.html

    Also open up Internet Options. Select the General page and then under Temporary Internet files, "Settings". What does it say for the location of your temporary internet folder?
     
  3. Krelian

    Krelian Thread Starter

    Joined:
    Mar 10, 2004
    Messages:
    300
    I already have hijack this, as I stated before, and I have ran it. Second of all, it says "Temporary Internet Files". It's not saving the files to the internet temp, it's saving them to the WINDOWS temp.

    Oddly enough though, hijack this freezes when I try to run it again, I was intending to paste the hijack this log right after my first post, but the stupid thing keeps freezing!
     
  4. Krelian

    Krelian Thread Starter

    Joined:
    Mar 10, 2004
    Messages:
    300
    Okay I managed to get it unfrozen...
    Here is my log, I put in "Safe" for the items I know are safe, and "?" for items I have no clue.




    Logfile of HijackThis v1.97.7
    Scan saved at 10:04:46 AM, on 4/5/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL Safe
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE Safe
    C:\WINDOWS\SYSTEM\mmtask.tsk Safe
    C:\WINDOWS\SYSTEM\MPREXE.EXE ?
    C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE Safe
    C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE Safe
    C:\WINDOWS\EXPLORER.EXE Safe
    C:\WINDOWS\TASKMON.EXE Safe
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE Safe
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE Safe
    C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE Safe
    C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE Safe
    C:\PROGRAM FILES\PYRENEAN\EDEXTER\EDEXTER.EXE Safe
    C:\PROGRAM FILES\CREATIVE ELEMENT POWER TOOLS\STARTUP.EXE Safe
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE Safe
    C:\WINDOWS\SYSTEM\WMIEXE.EXE ?
    C:\PROGRAM FILES\CIDIAL\CIDIAL.EXE Safe
    C:\WINDOWS\SYSTEM\RNAAPP.EXE ?
    C:\WINDOWS\SYSTEM\TAPISRV.EXE ?
    C:\WINDOWS\SYSTEM\DDHELP.EXE ?
    D:\PROGRAMS\HIJACK THIS\HIJACKTHIS 1.97.7.EXE Safe
    C:\PROGRAM FILES\GRISOFT\AVG7\AVGWB.DAT Safe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mikros0ft 1nt3r/\/et Xpl0r3r Safe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL Safe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX Safe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun Safe
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe Safe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe Safe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp Safe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP Safe
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE Safe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme Safe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe Safe
    O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" Safe
    O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE Safe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme Safe
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart Safe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background Safe
    O4 - Startup: eDexter.lnk = C:\Program Files\Pyrenean\eDexter\eDexter.exe Safe
    O4 - Startup: Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe Safe
    O4 - Startup: CiDial 2.3.lnk = C:\Program Files\CiDial\CiDial.exe Safe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present ?
    O8 - Extra context menu item: Open In &New Window - C:\WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.tui Safe
    O8 - Extra context menu item: View old version at &archives.org - C:\WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.tui Safe
    O8 - Extra context menu item: Zoom &In* - C:\WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomin.tui Safe
    O8 - Extra context menu item: Zoom &Out* - C:\WINDOWS\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomout.tui Safe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38079.0627546296 ?
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Safe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Safe
     
  5. Krelian

    Krelian Thread Starter

    Joined:
    Mar 10, 2004
    Messages:
    300
    Taadaa, I figured out what I was doing wrong, I hit open instead of save when the dialogue poped up. I can now save again with IE, yet it still gives me a warning about "exe" files. I'd like to disable this, because I'm pretty aware of the danger of exe files, but the checkbox option to take off the message is grayed out. Anybody know if this is native of IE to be grayed out? Anybody know any registry entries to change this?
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/217253

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice