Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Files Automatically Start Up On My Computer


  • Please log in to reply
4 replies to this topic

#1 Cchtrbx

Cchtrbx

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 14 November 2006 - 12:40 AM

Hi!
This is the problem I'm having. I have these files, for example, aaaaamnd.t just appear on my desk top. Now these files are all over my computer. In my picture files, my documents everywhere. When I run hijackthis it is listed as 04-startup ... but when I check on it to deleted it will not do it. Please help my computer is getting worse and slower. I really can't use any programs.

//Mod edit to clear BB code tags

Edited by KoanYorel, 14 November 2006 - 07:16 PM.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:33 AM

Posted 14 November 2006 - 07:00 PM

You didn't mention which OS, Browser and Anti virus/spyware tools do you have running..
I'm gonna go with XP here:

Download and scan with AVG Anti-Spyware 7.5 Free in "SAFE MODE". How to start Windows in Safe Mode
Print out the AVG Install and Scan Instructions. HERE
Be sure to check for the any updates to all these programs after you install them.

Download and run SUPERAntiSypware, free version Home User

Now Run Windows Live OneCare
Be sure to click ONLY on the grey box below the picture of a wrench “Full Service Scan”
This may take some time especially it it needs to defragment the drive.
Please post back with any questions and results
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 girijesh

girijesh

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 16 November 2006 - 02:33 AM

Hi

If u ve any anti worm or trojan remover software like Etrust,avast Then pls run on ur system.
After it , the problem still appear then just format ur system(only that drive in which Operating system
is present before it delete that infected file ).
if solved pls reply me.
I think u will be a happy man after it.

Edited by girijesh, 16 November 2006 - 02:37 AM.


#4 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:04:33 AM

Posted 16 November 2006 - 09:58 AM

Reformatting your computer is an extreme step, and should only be taken as a last resort, a place you are nowhere near to yet.
If you have run your resident Antivirus and Antispware applications, and have reviewed any applications you have recently installed that might account for these files, then the next step is to run a new HJT log and post it in the HJT forum so that our experienced team can review it and help you delete any malware it finds.
Please follow this Guide before posting your log:

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Regards,
John
Whereof one cannot speak, thereof one should be silent.

#5 Cchtrbx

Cchtrbx
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 19 November 2006 - 04:38 PM

Here is my hijackthis log...

Logfile of HijackThis v1.97.7
Scan saved at 1:32:25 PM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
O4 - Startup: aaaaamnd.t
O4 - Startup: aaaaaqsd.t
O4 - Startup: aaaaauvl.t
O4 - Startup: aaaaaxma.t
O4 - Startup: aaaaedrd.t
O4 - Startup: aaaagcgw.t
O4 - Startup: aaaainxl.t
O4 - Startup: aaaamyge.t
O4 - Startup: aaaaupxm.t
O4 - Startup: aaaerlnj.t
O4 - Startup: dgyacbsd.t
O4 - Startup: dgyrbxqm.t
O4 - Startup: dgyrnqkf.t
O4 - Startup: dgyrwmim.t
O4 - Startup: dgyrwypj.t
O4 - Startup: gmxjshgy.t
O4 - Startup: gmxjthjx.t
O4 - Startup: gmxjtjba.t
O4 - Startup: gmxjxbmq.t
O4 - Startup: gmxndeey.t
O4 - Startup: gmxnhpdp.t
O4 - Startup: gmxnxdse.t
O4 - Startup: gmxvnhjw.t
O4 - Startup: jswbqhnq.t
O4 - Startup: jswbqsff.t
O4 - Startup: jswbqwtl.t
O4 - Startup: jswbqywg.t
O4 - Startup: jswbubte.t
O4 - Startup: jswbumrg.t
O4 - Startup: jswfauog.t
O4 - Startup: myvbkhbk.t
O4 - Startup: myvsnkcr.t
O4 - Startup: myvsnlyl.t
O4 - Startup: myvsnlyy.t
O4 - Startup: pfukkckm.t
O4 - Startup: pfukkivq.t
O4 - Startup: pfukklna.t
O4 - Startup: pfukkprs.t
O4 - Startup: pfukkttl.t
O4 - Startup: pfukwqpj.t
O4 - Startup: pfuokwqf.t
O4 - Startup: pfuopkad.t
O4 - Startup: pfuwkruw.t
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: sltcgimg.t
O4 - Startup: sltcglgr.t
O4 - Startup: sltchfej.t
O4 - Startup: sltchhps.t
O4 - Startup: sltchlys.t
O4 - Startup: sltchpny.t
O4 - Startup: sltchtcp.t
O4 - Startup: sltcluaq.t
O4 - Startup: sltsrtnq.t
O4 - Startup: vrscffbd.t
O4 - Startup: vrstepoe.t
O4 - Startup: vrstertd.t
O4 - Startup: vrstgmtm.t
O4 - Startup: vrsxrofg.t
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users