I am a new member here. I have worked on computers for many years, and I am not an expert, but certainly well trained in security.
I do all the safety precautions, and yet I think that I have become infected by something, and I really need some help.
The only thing that I have installed in the last week was Wordperfect Office X3 full installation. It has a registration program and auto updater which I found a way to remove. However, since then I have a conf and exe file that appears in my C:\Documents and Settings\Username\Local Settings\Temp file from out of nowheres. It then spawns a process that takes up about 36mb of memory and slight cpu usuage. With 2 gigs, I barely notice it, however, I KNOW every program, service, and process running, and this one I can't identify.
I uninstalled X3 thinking it was that using a special uninstaller which cleared the registry and everything. I did a System Restore 2 days before installation, and yet this keeps reappearing. It is called hmunml35dl.exe.conf and it spawns numerous exe's called 23hmunml35dl.exe or various different numbers at the beginning.
A Google search finds nothing. I can delete the conf and the exe's from the Temp folder and yet they keep reappearing. I have searched the Registry and can't find anything about it. I have run a thorough Avast Pro scan and it detects nothing. I did the same with Spybot, Adaware, AVG Anti-Spyware, and even Spyware Blaster. Hijack this shows the running process if it is running, but nothing else about it. The icon for it is three cubes with the letters MFC, and a search for that suggests it could be a Microsoft Foundation Class Visual C++ program which makes me think it is something still from the X3 as it did install Macros support.
I have even rebooted into Safemode, run all of the above with System Restore off, deleted the conf and all the spawned exe's, and then rebooted back into running mode. Still it reappears.
I have checked my Firewall, and nothing is trying to get through. The hardware firewall is the same and nothing is trying to 'call home' that I can see. No Services have been started without my knowledge? I did see one random Advertisement Pop Up, and I checked the Messenger Services was not turned on. I have cleared all but eBay, Java, and Flash ActiveX's from my IE. Now around the same time, I did notice that my IE is not saving cookies properly and I constantly have to relogin to sites. I ran CWShredder and it found one instance of Cool Web in the msconfig and deleted it. I keep up to date on all of these and run Adaware and Spybot every few days.
I am completely stumped?
Is this a Visual C++ thing from the X3 that once installed I can never turn off? Is this someone's homemade personal trojan that someone has created and I picked up inadvertently through IE and because of this it isn't in a malware, spyware, trojan, av database? Does anyone please have any experience with this or suggestions. I really need some assistance.
Thank you very much!