Unknown Files in x:\Users\<Username>\AppData\Local\Temp

prashant1207 · Jun 2, 2009

Please help me guys....whenever i connect to internet some files start running in process...they created in user temp folder(x:\Users\<Username>\AppData\Local\Temp) with names like WinXXX.exe primarily(around 10 kb file). It try to establish a connection but my vista firewall denies it!

I am sacred! Help me:

HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:12:51 PM, on 6/2/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Running processes:
E:\Windows\system32\Dwm.exe
E:\Windows\system32\taskeng.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Internet Explorer\ieuser.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Windows\explorer.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Users\PRASHA~1\AppData\Local\Temp\winvbejb.exe
E:\Users\PRASHA~1\AppData\Local\Temp\taoukw.exe
E:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Download Express\dep.exe
E:\Windows\system32\Taskmgr.exe
E:\Windows\system32\DllHost.exe
F:\Softwares...SumGud...SumBad...!!!\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Welcome.exe - Shortcut.lnk = C:\Exstratic\Welcome\Welcome.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\napinsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{43004C41-B514-4C51-A4B8-DF003B81C56C}: NameServer = 218.248.255.212 218.248.255.139
O20 - Winlogon Notify: igfxcui - E:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - E:\Windows\system32\ibmpmsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - E:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - E:\Windows\System32\TUProgSt.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Please check running process, there u get too malvare type thing!

Help me pls!

Osiris · Jun 2, 2009

Run malwarebytes and post its log

Unknown Files in x:\Users\<Username>\AppData\Local\Temp

prashant1207

Beta member

Osiris

Golden Master

Similar threads