Exe with Random name start with windows

Did you run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

if not, please run them. If you already did then complete the steps below.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

HijackThis has a bug that makes it sometimes indicate many O23 items to be (file missing) when they are not. These lines should not be fixed unless they are malware service which is not the case here.

 

Your Windows OS and IE versions are way out of date and represent a major security risk. After we fix your current problems you must get updated.

You MUST remember to exit your browsers before running HijackThis. You had two IE's running:
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe


If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\xcopy.exe
O4 - HKCU\..\Run: [wave copy] C:\DOCUME~1\Kumar\APPLIC~1\DUMBEN~1\Seek 32.exe

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\xcopy.exe (note: only delete this one, not the one in c:\windows\system32)
C:\DOCUME~1\Kumar\APPLIC~1\DUMBEN~1\Seek 32.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.


Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

Do not reboot or power down your PC after posting this HJT log.

 

You're welcome. You can update by following the steps in the below thread (you need to make sure you have done all of them). The first step gives the link to Windows Update.

How to Protect yourself from malware!

There are many ways to become infected.
- via a java or vbs script
- malware downloaded unknowingly
- via software that contains unwanted malware
- P2P sites that contain all kinds of infected software
- the list goes on and on

The 1st step to prevent problems is to have a properly updated PC that has good protection in place.

 

Yes! Did you read message # 6?