|
DAL Computer Help
» Internet Security Help
» Spyware, Adware, Viruses and HijackThis Logs
»
HELP ! Computer creates random number.exe files !!!
HELP ! Computer creates random number.exe files !!!
Spyware, Adware, Viruses and HijackThis Logs
09-08-2006, 10:58 AM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Aug 2006
Posts: 2
|
|
|
HELP ! Computer creates random number.exe files !!!
I cought something, so my computer creates and tryies to execute some random number.exe files (for example 3375688.exe).
Here is my HIJACK THIS FILE:
Logfile of HijackThis v1.99.0
Scan saved at 11:19:14, on 9.8.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\shchostv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\msrdusrc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HIJACK THIS\HijackThis.exe
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\shchostv.exe
F3 - REG:win.ini: load=C:\WINDOWS\System32\shchostv.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\shchostv.exe
O2 - BHO: C:\WINDOWS\System32\304A4.dll - {855875B5-93F3-429D-FF34-660B206D897C} - C:\WINDOWS\System32\304A4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [win_drivr32] C:\WINDOWS\System32\shchostv.exe
O4 - HKLM\..\RunOnce: [win_drivr32] C:\WINDOWS\System32\shchostv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [win_drivr32] C:\WINDOWS\System32\shchostv.exe
O4 - HKCU\..\RunOnce: [win_drivr32] C:\WINDOWS\System32\shchostv.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Autodesk\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Autodesk\MDT6\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk\MDT6\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = letina.hr
O17 - HKLM\Software\..\Telephony: DomainName = letina.hr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = letina.hr
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = letina.hr
O20 - AppInit_DLLs: wmspfsus.dll lprhwmpl.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: CrbIGNMtWhDm - {24F2FF9F-8E58-5535-537E-EE6E5C0F82A1} - C:\WINDOWS\System32\jy.dll (file missing)
O23 - Service: Microsoft ASPI Manager - Unknown - C:\WINDOWS\System32\aspi76248.exe
O23 - Service: BitDefender Scan Server - Unknown - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Oraclecli2_homeClientCache - Unknown - c:\client2\BIN\ONRSD.EXE
O23 - Service: OracleClientCache80 - Unknown - C:\ow95\BIN\ONRSD80.EXE
O23 - Service: Oraclecli_homeClientCache - Unknown - c:\client\BIN\ONRSD.EXE (file missing)
O23 - Service: Prevx Agent - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: BitDefender Communicator - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
PLEASE HELP !
Thanks in advance !
|
10-08-2006, 03:03 PM
|
 |
Senior Member (Canada)
|
|
Join Date: Nov 2005
Posts: 3,439
|
|
|
Re: HELP ! Computer creates random number.exe files !!!
SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\shchostv.exe
F3 - REG:win.ini: load=C:\WINDOWS\System32\shchostv.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\shchostv.exe
O2 - BHO: C:\WINDOWS\System32\304A4.dll - {855875B5-93F3-429D-FF34-660B206D897C} - C:\WINDOWS\System32\304A4.dll
O4 - HKLM\..\Run: [WIN_DRIVR32] C:\WINDOWS\System32\shchostv.exe
O4 - HKLM\..\RunOnce: [WIN_DRIVR32] C:\WINDOWS\System32\shchostv.exe
O4 - HKCU\..\Run: [WIN_DRIVR32] C:\WINDOWS\System32\shchostv.exe
O4 - HKCU\..\RunOnce: [WIN_DRIVR32] C:\WINDOWS\System32\shchostv.exe
O20 - AppInit_DLLs: wmspfsus.dll lprhwmpl.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: CrbIGNMtWhDm - {24F2FF9F-8E58-5535-537E-EE6E5C0F82A1} - C:\WINDOWS\System32\jy.dll (file missing)
Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.
1) Please download the Killbox.
Unzip it to the desktop and run it.
2) Select " Delete on Reboot".
3) Then Click the " All Files" button.
4) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
Quote:
C:\WINDOWS\System32\msrdusrc.exe
C:\WINDOWS\System32\304A4.dll
C:\WINDOWS\System32\shchostv.exe
C:\WINDOWS\System32\wmspfsus.dll
C:\WINDOWS\System32\lprhwmpl.dll
C:\WINDOWS\System32\jy.dll
|
5) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
6) Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt. Click " Yes" to reboot next.
POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
__________________
Vincent P
MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|
 __ 
ASAP: promoting a high standard and quality of security support no matter where you seek help.
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
|
|
12-08-2006, 09:40 AM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Aug 2006
Posts: 2
|
|
|
Re: HELP ! Computer creates random number.exe files !!!
Hi!
Thanks for your help.
I have done described procedure, except I didnt find following files on the hard drive :
C:\WINDOWS\System32\wmspfsus.dll
C:\WINDOWS\System32\lprhwmpl.dll
C:\WINDOWS\System32\jy.dll
I also checked an entire hard drive with SEARCH tool and I didnt manage to find this files, but after reboot HIJACKTHIS was still listing them. So I found them and delete them from registry.
It look like things work OK for now, but I am using a PC only about a half an hour after cleaning. Here is a new HIJACKTHIS log file:
Logfile of HijackThis v1.99.0
Scan saved at 10:24:49, on 12.8.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aspi76248.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\HIJACK THIS\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Autodesk\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Autodesk\MDT6\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk\MDT6\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = letina.hr
O17 - HKLM\Software\..\Telephony: DomainName = letina.hr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = letina.hr
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = letina.hr
O23 - Service: Microsoft ASPI Manager - Unknown - C:\WINDOWS\System32\aspi76248.exe
O23 - Service: BitDefender Scan Server - Unknown - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Oraclecli2_homeClientCache - Unknown - c:\client2\BIN\ONRSD.EXE
O23 - Service: OracleClientCache80 - Unknown - C:\ow95\BIN\ONRSD80.EXE
O23 - Service: Oraclecli_homeClientCache - Unknown - c:\client\BIN\ONRSD.EXE (file missing)
O23 - Service: Prevx Agent - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: BitDefender Communicator - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
Thanks again, I will contact you again if problem will occur ...
Best regards!
|
12-08-2006, 10:48 PM
|
 |
Senior Member
|
|
Join Date: Sep 2005
Posts: 5,520
|
|
|
Re: HELP ! Computer creates random number.exe files !!!
Keep us posted, log looks good.
__________________
Stalking and killing Spyware
Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below
MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|
ASAP: promoting a high standard and quality of security support no matter where you seek help.
|
 |
Similar Threads
|
| Thread |
Thread Starter |
Forum |
Replies |
Last Post |
|
random number exe
|
arturk |
Spyware, Adware, Viruses and HijackThis Logs |
14 |
02-05-2009 11:35 PM |
|
Random Number exe files
|
tester3000 |
Spyware, Adware, Viruses and HijackThis Logs |
4 |
13-01-2009 10:49 PM |
|
Computer creates random number.exe files
|
CYMREIG |
Spyware, Adware, Viruses and HijackThis Logs |
17 |
10-01-2009 06:59 PM |
|
<Random Number>.exe Files
|
sjwoo |
Spyware, Adware, Viruses and HijackThis Logs |
6 |
15-02-2005 10:08 PM |
|
Random Number .exe
|
ozlegend |
Spyware, Adware, Viruses and HijackThis Logs |
1 |
03-02-2005 10:33 PM |
All times are GMT +1. The time now is 03:59 AM.
|
|
