Computer creates random number.exe files

CYMREIG · #11 (**permalink**) 28-12-2008, 08:05 PM

Kespersky found what i put on my comp, never used any of them but WPE so will go delete them anyway since i forgot they were there but doubt they would cause the current problem seeing as they have been there for about 6 months without any problem and when there all sealed up and have no rights to run on my comp

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 28, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 28, 2008 08:52:08
Records in database: 1523776
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 266237
Threat name: 4
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 05:13:27

File name / Threat name / Threats count
C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Hacking and hexing\kaboom3\kaboom3\kaboom!3.exe Infected: Email-Flooder.Win32.KaBoom.30 1
C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Hacking and hexing\wpeproalpha0_9a\WPE PRO.exe Infected: HackTool.Win32.Sniffer.WpePro.a 1
C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Hacking and hexing\wpeproalpha0_9a\wpeproalpha0_9a.rar Infected: HackTool.Win32.Sniffer.WpePro.a 1
C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Hacking and hexing\wpeproalpha0_9a\wpeproalpha0_9a.rar Infected: HackTool.Win32.Sniffer.WpePro.w 1
C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Hacking and hexing\wpeproalpha0_9a\WpeSpy.dll Infected: HackTool.Win32.Sniffer.WpePro.w 1
C:\Documents and Settings\Twiggy ^^\My Documents\My Received Files\kaboom3\kaboom!3.exe Infected: Email-Flooder.Win32.KaBoom.30 1
C:\Documents and Settings\Twiggy ^^\My Documents\My Received Files\kaboom3\kaboom3.exe Infected: Email-Flooder.Win32.KaBoom.30 1
C:\Documents and Settings\Twiggy ^^\My Documents\My Received Files\kaboom3.rar Infected: Email-Flooder.Win32.KaBoom.30 1
E:\Save to disk\Save to disk\brutus_aet2.zip Infected: not-a-virus:PSWTool.Win32.Brutus 1

The selected area was scanned.

New HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18

03, on 28/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Documents and Settings\Twiggy ^^\Desktop\RRT\RRT.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Trillian\trillian.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Twiggy ^^\Application Data\IMVUClient\IMVUClient.exe
C:\Documents and Settings\Twiggy ^^\Application Data\IMVUClient\IMVUQualityAgent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\Twiggy ^^\Desktop\RRT\RRT.exe auto
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecial Action
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Documents and Settings\Twiggy ^^\Application Data\IMVUClient\IMVUClient.exe
O4 - Startup: Trillian.lnk = C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Trillian\trillian.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Twiggy ^^\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1221866844328
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8609 bytes

Neal · #12 (**permalink**) 30-12-2008, 01:10 AM

Did you delete kaboom, it is a trojan!!

Read here:

kaboom.dll - kaboom - Process Information

Quote:

C:\Documents and Settings\Twiggy ^^\My Documents\My Received Files\kaboom3\kaboom!3.exe Infected: Email-Flooder.Win32.KaBoom.30 1
C:\Documents and Settings\Twiggy ^^\My Documents\My Received Files\kaboom3\kaboom3.exe Infected: Email-Flooder.Win32.KaBoom.30 1
C:\Documents and Settings\Twiggy ^^\My Documents\My Received Files\kaboom3.rar Infected: Email-Flooder.Win32.KaBoom.30 1

CYMREIG · #13 (**permalink**) 30-12-2008, 05:32 AM

Yea i deleted it, still got new exe's being made though

Neal · #14 (**permalink**) 31-12-2008, 01:02 AM

Write some of them down and post back here so I can see them.

* Click here to use the F-Secure Online Scanner

Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.

CYMREIG · #15 (**permalink**) 31-12-2008, 01:16 AM

The exe numbers range from 1001056672.exe to 988952788.exe so just random numbers between those two

Result: 9 malware found
HackTool.Win32.Sniffer.WpePro.a (virus)

* C:\DOCUMENTS AND SETTINGS\TWIGGY ^^\DESKTOP\TWIGGY'S ****\HACKING AND HEXING\WPEPROALPHA0_9A\WPE PRO.EXE (Submitted)

HackTool.Win32.Sniffer.WpePro.w (virus)

* C:\DOCUMENTS AND SETTINGS\TWIGGY ^^\DESKTOP\TWIGGY'S ****\HACKING AND HEXING\WPEPROALPHA0_9A\WPESPY.DLL (Renamed & Submitted)

TrackingCookie.Atdmt (spyware)

* System

TrackingCookie.Doubleclick (spyware)

* System

TrackingCookie.Mediaplex (spyware)

* System

TrackingCookie.Tradedoubler (spyware)

* System

TrackingCookie.Yieldmanager (spyware)

* System

W32/Packed_Upack.A (virus)

* C:\DOCUMENTS AND SETTINGS\TWIGGY ^^\MY DOCUMENTS\DOWNLOADS\PHOTOSHOP CS4\ADOBE.KEYGEN.AND.PATCH\ANY PRODUCT ACTIVATION\CS4MCLG.EXE (Submitted)
* C:\DOCUMENTS AND SETTINGS\TWIGGY ^^\MY DOCUMENTS\DOWNLOADS\KEY + FIX\KEY\CS4MCLG.EXE (Submitted)

Neal · #16 (**permalink**) 03-01-2009, 12:13 AM

Go here BitDefender and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also..

Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.

CYMREIG · #17 (**permalink**) 10-01-2009, 12:03 PM

Sorry i havent replyed in a few days

BitDefender log

BitDefender Online Scanner

Scan report generated at: Fri, Jan 09, 2009 - 23:25:43

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time

04:09:07

Files

1305741

Folders

17249

Boot Sectors

0

Archives

5331

Packed Files

77108

Results

Identified Viruses

3

Infected Files

4

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

4

Engines Info

Virus Definitions

2428982

Engine build

AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins

17

Archive plugins

45

Unpack plugins

7

E-mail plugins

6

System plugins

4

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Hacking and hexing\wpeproalpha0_9a\wpeproalpha0_9a.rar=>WPE Pro.exe

Infected with: Trojan.Sniff.Wpepro.C

C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Hacking and hexing\wpeproalpha0_9a\wpeproalpha0_9a.rar=>WPE Pro.exe

Deleted

C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Hacking and hexing\wpeproalpha0_9a\wpeproalpha0_9a.rar

Update failed

C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Hacking and hexing\wpeproalpha0_9a\wpeproalpha0_9a.rar=>WpeSpy .dll

Infected with: Virtool.18561

C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Hacking and hexing\wpeproalpha0_9a\wpeproalpha0_9a.rar=>WpeSpy .dll

Deleted

C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Hacking and hexing\wpeproalpha0_9a\wpeproalpha0_9a.rar

Update failed

C:\RECYCLER\S-1-5-21-515967899-1343024091-839522115-1003\Dc11\redist\WindowsInstaller-KB893803-v2-x86.exe

Infected with: MemScan:Trojan.Generic.1133506

C:\RECYCLER\S-1-5-21-515967899-1343024091-839522115-1003\Dc11\redist\WindowsInstaller-KB893803-v2-x86.exe

Deleted

C:\RECYCLER\S-1-5-21-515967899-1343024091-839522115-1003\Dc11\redist\WindowsServer2003-KB898715-x86-enu.exe

Infected with: MemScan:Trojan.Generic.1133506

C:\RECYCLER\S-1-5-21-515967899-1343024091-839522115-1003\Dc11\redist\WindowsServer2003-KB898715-x86-enu.exe

Deleted

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:59, on 10/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Trillian\trillian.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Documents and Settings\Twiggy ^^\Desktop\RRT\RRT.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Twiggy ^^\Application Data\IMVUClient\IMVUClient.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Xfire\xfire.exe
C:\Documents and Settings\Twiggy ^^\Application Data\IMVUClient\IMVUQualityAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\Twiggy ^^\Desktop\RRT\RRT.exe auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Documents and Settings\Twiggy ^^\Application Data\IMVUClient\IMVUClient.exe
O4 - Startup: Trillian.lnk = C:\Documents and Settings\Twiggy ^^\Desktop\Twiggy's ****\Trillian\trillian.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Twiggy ^^\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1221866844328
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8916 bytes

Uninstall Manager Log

Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Age of Chivalry
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Atlantica Online
Battlefield Vietnam(TM)
Bonjour
Call of Duty Game of the Year Edition
Call of Duty(R) 2
CCleaner (remove only)
Cheat Engine 5.4
Collab
Connect
D.I.P.R.I.P. Warm Up
Diskeeper 2008 Pro Premier
DivX Codec
DivX Converter
DivX Player
DivX Web Player
EssenceRO
EVEMon
EVE-ONLINE (remove only)
Evil Genius
FL Studio 8
FlashGet 1.9.6.1073
Fraps (remove only)
Granado Espada
Half-Life 2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IL Download Manager
Insurgency
iTunes
Java(TM) 6 Update 7
kuler
LimeWire 4.18.8
Logitech Desktop Messenger
Logitech MouseWare 9.76
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware
MegaTrainer XL V1.5.5.5-Beta
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Mozilla Firefox (3.0.5)
Need for Speed Underground 2
NVIDIA Drivers
PDF Settings CS4
Photoshop Camera Raw
Pinnacle Game Profiler
Pixel ****** Toolkit
PoiZone
PowerDVD
PoxNora 1.4.7.0
QuickSFV (Remove only)
QuickTime
Realtek High Definition Audio Driver
RebirthRO Full Client
Rohan_USA
Rome - Total War(TM)
Rome Total War - patch 1.3
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SevenfoldRO
Skype™ 3.8
Sniper Elite
Spyware Doctor 6.0
Steam
Suite Shared Configuration CS4
Synergy
The Moment of Silence
Toxic Biohazard
Trust WB-1400T Webcam
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VC 9.0 Runtime
VeohTV BETA
VLC media player 0.9.2
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wireless Tablet Series
Xfire (remove only)
Yahoo! Messenger
Yahoo! Toolbar
Zombie Panic! Source
ZoneAlarm Security Suite

Neal · #18 (**permalink**) 10-01-2009, 06:59 PM

What is going on now?

If problem exists where are the exe's being created at.

If problem still exists run MBAM from safe mode and post the scan results from normal mode.

Safe Mode

Now reboot into safe mode( without networking support) by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.