therock247uk
-
Content Count
960 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by therock247uk
-
-
Please go here to upload a suspicious file for analysis.
- Enter your username from this forum
- Copy and paste the link to this thread
- Browse for this filename: C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
- In the comments, please mention that I asked you to upload this file
- Click on Send File
Do the same for the following...
C:\WINDOWS\System32\mcrh.tmp
C:\WINDOWS\System32\gsaiijkj.exe
C:\WINDOWS\System32\avjdrupo.dll
C:\WINDOWS\System32\qhyfhewr.dll
C:\WINDOWS\System32\xjs.dll
C:\WINDOWS\System32\dllcache\hwxjpn.dll
- Enter your username from this forum
-
Download WindPFind
Extract WinPFind.zip to your c:\ folder.
Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.
Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
-
Open Hijackthis and click scan. Then check mark the following entries
O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing)
O2 - BHO: (no name) - {6826CC2B-8872-4FD8-AB86-5EB29702AE66} - C:\WINDOWS\system32\vtspq.dll (file missing)
O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll
O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing)
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe
O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
Now close all open windows except Hijackthis and click fix checked
Then post a new Hijackthis log here in a reply.
-
-
First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
- Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
[*]Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
- Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: - Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
- AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following: - If you have any infections you will prompted, then select "Apply all actions"
- Next select the "Reports" icon at the top.
- Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
- Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
- Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
-
Run Vundofix again by following these instructions...
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
- Double-click VundoFix.exe to run it.
-
Delete the files. (if present)
C:\Documents and Settings\chadwickt\Local Settings\Temp\Tam01065.exe
C:\Documents and Settings\chadwickt\Local Settings\Temp\TICHD003.exe
C:\Documents and Settings\chadwickt\Local Settings\Temp\WinAntiVirusPro2007FreeInstall.exe
C:\Documents and Settings\chadwickt\Local Settings\Temp\YazzleBundle-1281.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Movie Maker\mepotyxo.dll
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\jcgifmb.exe
C:\WINDOWS\qwr67.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\system32\T1QaSQ\T1QaSQ1065.exe
C:\WINDOWS\system32\T3\dlltk67.exe
Then post a new Hijackthis log here in a reply.
-
Go to where you saved Hijackthis.exe (C:\HijackThis\) right click on Hijackthis.exe click rename, rename it to hjt.exe reopen it make a log then post it here in a reply...
-
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Please go HERE to run Panda's ActiveScan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
- Double-click ATF-Cleaner.exe to run the program.
-
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
- Double-click VundoFix.exe to run it.
-
Your log is clean.
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
Detect and Remove Programs:
- How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
- How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
- Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
- Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
- IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
- Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.
Other necessary Programs:
- How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
-
Open Hijackthis and click scan. Then check mark the following entries
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Now close all open windows except Hijackthis and click fix checked
Then post a new Hijackthis log here in a reply.
-
Delete the backups...
Then post a new Hijackthis log here in a reply and let me know how things are runnnig...
-
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Please go HERE to run Panda's ActiveScan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
- Double-click ATF-Cleaner.exe to run the program.
-
Download ComboFix from Here or Here to your Desktop.
- Double click combofix.exe and follow the prompts.
- When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Can you also try running Vundofix in safemode?
Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.
- Double click combofix.exe and follow the prompts.
-
Can you please give me a list of files that are in the root of the c drive? While showing hidden files? Please make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...=view&id=34
-
Can you please post the log Vundofix made? c:\vundofix.txt.
-
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
- Double-click VundoFix.exe to run it.
-
-
Its a bug in the tool and its been pulled from use till its fixed by the coder.
-
Congrats!
*therock247uk makes a note to stay of new york roads if i ever get over there.
-
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
- Close ALL OTHER PROGRAMS.
- Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
- Now click the Run Scan button on the toolbar.
- The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
- Close ALL OTHER PROGRAMS.
-
Open Hijackthis and click scan. Then check mark the following entries
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [com11N] RunDll32.exe C:\WINDOWS\system32\com11N.dll,Setup
O4 - HKCU\..\Run: [NSQU] "C:\Documents and Settings\Pete's\NSQU.exe"
Now close all open windows except Hijackthis and click fix checked
Then post a new Hijackthis log here in a reply.
-
Open Hijackthis and click scan. Then check mark the following entries
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [com11N] RunDll32.exe C:\WINDOWS\system32\com11N.dll,Setup
O4 - HKCU\..\Run: [wxluql] "C:\WINDOWS\system32\wxluql.exe"
O4 - HKCU\..\Run: [explorer] C:\WINDOWS\explorer.exe
O4 - HKCU\..\Run: [iexplore] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKCU\..\Run: [1] "C:\WINDOWS\system32\1.exe"
O4 - HKCU\..\Run: [wdlsjm] "C:\WINDOWS\system32\wdlsjm.exe"
O4 - HKCU\..\Run: [wtgac] "C:\WINDOWS\system32\wtgac.exe"
O4 - HKCU\..\Run: [wjmyret] "C:\WINDOWS\system32\wjmyret.exe"
O4 - HKCU\..\Run: [wpwerlgs] "C:\WINDOWS\system32\wpwerlgs.exe"
O4 - HKCU\..\Run: [walfwey] "C:\WINDOWS\system32\walfwey.exe"
O4 - HKCU\..\Run: [wfuotvq] "C:\WINDOWS\system32\wfuotvq.exe"
O4 - HKCU\..\Run: [wlmjiko] "C:\WINDOWS\system32\wlmjiko.exe"
O4 - HKCU\..\Run: [wrpmu] "C:\WINDOWS\system32\wrpmu.exe"
O4 - HKCU\..\Run: [wyxb] "C:\WINDOWS\system32\wyxb.exe"
O4 - HKCU\..\Run: [wgujry] "C:\WINDOWS\system32\wgujry.exe"
O4 - HKCU\..\Run: [wpscpw] "C:\WINDOWS\system32\wpscpw.exe"
O4 - HKCU\..\Run: [wgrwnvqgm] "C:\WINDOWS\system32\wgrwnvqgm.exe"
O4 - HKCU\..\Run: [wmrnxn] "C:\WINDOWS\system32\wmrnxn.exe"
O4 - HKCU\..\Run: [wesh] "C:\WINDOWS\system32\wesh.exe"
O4 - HKCU\..\Run: [wxxkobjhf] "C:\WINDOWS\system32\wxxkobjhf.exe"
O4 - HKCU\..\Run: [wynbnuob] "C:\WINDOWS\system32\wynbnuob.exe"
O4 - HKCU\..\Run: [wvfp] "C:\WINDOWS\system32\wvfp.exe"
O4 - HKCU\..\Run: [wfqnxn] "C:\WINDOWS\system32\wfqnxn.exe"
O4 - HKCU\..\Run: [wpeyo] "C:\WINDOWS\system32\wpeyo.exe"
O4 - HKCU\..\Run: [wcrwtyb] "C:\WINDOWS\system32\wcrwtyb.exe"
O4 - HKCU\..\Run: [wbdjkku] "C:\WINDOWS\system32\wbdjkku.exe"
O4 - HKCU\..\Run: [wwftyxj] "C:\WINDOWS\system32\wwftyxj.exe"
O4 - HKCU\..\Run: [wvuctb] "C:\WINDOWS\system32\wvuctb.exe"
O4 - HKCU\..\Run: [wreilv] "C:\WINDOWS\system32\wreilv.exe"
O4 - HKCU\..\Run: [wgntey] "C:\WINDOWS\system32\wgntey.exe"
O4 - HKCU\..\Run: [wobwoma] "C:\WINDOWS\system32\wobwoma.exe"
O4 - HKCU\..\Run: [wxjisu] "C:\WINDOWS\system32\wxjisu.exe"
O4 - HKCU\..\Run: [wqkfnpt] "C:\WINDOWS\system32\wqkfnpt.exe"
O4 - HKCU\..\Run: [wwnbta] "C:\WINDOWS\system32\wwnbta.exe"
O4 - HKCU\..\Run: [warxgjt] "C:\WINDOWS\system32\warxgjt.exe"
O4 - HKCU\..\Run: [wtgnd] "C:\WINDOWS\system32\wtgnd.exe"
O4 - HKCU\..\Run: [wgnryw] "C:\WINDOWS\system32\wgnryw.exe"
O4 - HKCU\..\Run: [wrtg] "C:\WINDOWS\system32\wrtg.exe"
O4 - HKCU\..\Run: [wsj] "C:\WINDOWS\system32\wsj.exe"
O4 - HKCU\..\Run: [wjmmyu] "C:\WINDOWS\system32\wjmmyu.exe"
O4 - HKCU\..\Run: [wqdksiek] "C:\WINDOWS\system32\wqdksiek.exe"
O4 - HKCU\..\Run: [wukkg] "C:\WINDOWS\system32\wukkg.exe"
O4 - HKCU\..\Run: [wvcfyks] "C:\WINDOWS\system32\wvcfyks.exe"
O4 - HKCU\..\Run: [wgpmhm] "C:\WINDOWS\system32\wgpmhm.exe"
O4 - HKCU\..\Run: [wemoy] "C:\WINDOWS\system32\wemoy.exe"
O4 - HKCU\..\Run: [wurjhsw] "C:\WINDOWS\system32\wurjhsw.exe"
O4 - HKCU\..\Run: [wped] "C:\WINDOWS\system32\wped.exe"
O4 - HKCU\..\Run: [wkxoujg] "C:\WINDOWS\system32\wkxoujg.exe"
O4 - HKCU\..\Run: [wwwwgt] "C:\WINDOWS\system32\wwwwgt.exe"
O4 - HKCU\..\Run: [wcdvmom] "C:\WINDOWS\system32\wcdvmom.exe"
O4 - HKCU\..\Run: [wwfj] "C:\WINDOWS\system32\wwfj.exe"
O4 - HKCU\..\Run: [wgdqmoxtd] "C:\WINDOWS\system32\wgdqmoxtd.exe"
O4 - HKCU\..\Run: [wcmhvms] "C:\WINDOWS\system32\wcmhvms.exe"
O4 - HKCU\..\Run: [wrfquawcj] "C:\WINDOWS\system32\wrfquawcj.exe"
O4 - HKCU\..\Run: [wcfr] "C:\WINDOWS\system32\wcfr.exe"
O4 - HKCU\..\Run: [wrvrj] "C:\WINDOWS\system32\wrvrj.exe"
O4 - HKCU\..\Run: [wqjmqkg] "C:\WINDOWS\system32\wqjmqkg.exe"
O4 - HKCU\..\Run: [woj] "C:\WINDOWS\system32\woj.exe"
O4 - HKCU\..\Run: [wmigeqpw] "C:\WINDOWS\system32\wmigeqpw.exe"
O4 - HKCU\..\Run: [wtqkmgq] "C:\WINDOWS\system32\wtqkmgq.exe"
O4 - HKCU\..\Run: [whbs] "C:\WINDOWS\system32\whbs.exe"
O4 - HKCU\..\Run: [wpor] "C:\WINDOWS\system32\wpor.exe"
O4 - HKCU\..\Run: [wyvo] "C:\WINDOWS\system32\wyvo.exe"
O4 - HKCU\..\Run: [wghj] "C:\WINDOWS\system32\wghj.exe"
O4 - HKCU\..\Run: [webtxa] "C:\WINDOWS\system32\webtxa.exe"
O4 - HKCU\..\Run: [whdtymxgf] "C:\WINDOWS\system32\whdtymxgf.exe"
O4 - HKCU\..\Run: [wedbrt] "C:\WINDOWS\system32\wedbrt.exe"
O4 - HKCU\..\Run: [wtcje] "C:\WINDOWS\system32\wtcje.exe"
O4 - HKCU\..\Run: [wvcbiks] "C:\WINDOWS\system32\wvcbiks.exe"
O4 - HKCU\..\Run: [wejl] "C:\WINDOWS\system32\wejl.exe"
O4 - HKCU\..\Run: [wdti] "C:\WINDOWS\system32\wdti.exe"
O4 - HKCU\..\Run: [wjtxbwq] "C:\WINDOWS\system32\wjtxbwq.exe"
O4 - HKCU\..\Run: [wprwkn] "C:\WINDOWS\system32\wprwkn.exe"
O4 - HKCU\..\Run: [wlmgrhuq] "C:\WINDOWS\system32\wlmgrhuq.exe"
O4 - HKCU\..\Run: [wpm] "C:\WINDOWS\system32\wpm.exe"
O4 - HKCU\..\Run: [wujja] "C:\WINDOWS\system32\wujja.exe"
O4 - HKCU\..\Run: [wreptjplh] "C:\WINDOWS\system32\wreptjplh.exe"
O4 - HKCU\..\Run: [wie] "C:\WINDOWS\system32\wie.exe"
O4 - HKCU\..\Run: [wxumr] "C:\WINDOWS\system32\wxumr.exe"
O4 - HKCU\..\Run: [whlyke] "C:\WINDOWS\system32\whlyke.exe"
O4 - HKCU\..\Run: [HTFU] "C:\Documents and Settings\Pete's\HTFU.exe"
O4 - HKCU\..\Run: [wdbyl] "C:\WINDOWS\system32\wdbyl.exe"
O4 - HKCU\..\Run: [GGAI] "C:\Documents and Settings\Pete's\GGAI.exe"
O4 - HKCU\..\Run: [wqkmtpmte] "C:\WINDOWS\system32\wqkmtpmte.exe"
O4 - HKCU\..\Run: [FFIP] "C:\Documents and Settings\Pete's\FFIP.exe"
O4 - HKCU\..\Run: [wsqyk] "C:\WINDOWS\system32\wsqyk.exe"
O4 - HKCU\..\Run: [CEPN] "C:\Documents and Settings\Pete's\CEPN.exe"
O4 - HKCU\..\Run: [wne] "C:\WINDOWS\system32\wne.exe"
O4 - HKCU\..\Run: [wrxpwr] "C:\WINDOWS\system32\wrxpwr.exe"
O4 - HKCU\..\Run: [bQDN] "C:\Documents and Settings\Pete's\BQDN.exe"
O4 - HKCU\..\Run: [wtbt] "C:\WINDOWS\system32\wtbt.exe"
O4 - HKCU\..\Run: [wln] "C:\WINDOWS\system32\wln.exe"
O4 - HKCU\..\Run: [TJNU] "C:\Documents and Settings\Pete's\TJNU.exe"
O4 - HKCU\..\Run: [wfgmprnv] "C:\WINDOWS\system32\wfgmprnv.exe"
O4 - HKCU\..\Run: [QFPB] "C:\Documents and Settings\Pete's\QFPB.exe"
O4 - HKCU\..\Run: [wmrpkj] "C:\WINDOWS\system32\wmrpkj.exe"
O4 - HKCU\..\Run: [FOJQ] "C:\Documents and Settings\Pete's\FOJQ.exe"
O4 - HKCU\..\Run: [whthvk] "C:\WINDOWS\system32\whthvk.exe"
O4 - HKCU\..\Run: [JMKP] "C:\Documents and Settings\Pete's\JMKP.exe"
O4 - HKCU\..\Run: [wdlvxemj] "C:\WINDOWS\system32\wdlvxemj.exe"
O4 - HKCU\..\Run: [QSFD] "C:\Documents and Settings\Pete's\QSFD.exe"
O4 - HKCU\..\Run: [wyvvbbsy] "C:\WINDOWS\system32\wyvvbbsy.exe"
O4 - HKCU\..\Run: [iQSI] "C:\Documents and Settings\Pete's\IQSI.exe"
O4 - HKCU\..\Run: [PANG] "C:\Documents and Settings\Pete's\PANG.exe"
O4 - HKCU\..\Run: [wprkjp] "C:\WINDOWS\system32\wprkjp.exe"
O4 - HKCU\..\Run: [GMBA] "C:\Documents and Settings\Pete's\GMBA.exe"
O4 - HKCU\..\Run: [wbkirlj] "C:\WINDOWS\system32\wbkirlj.exe"
O4 - HKCU\..\Run: [EEIS] "C:\Documents and Settings\Pete's\EEIS.exe"
O4 - HKCU\..\Run: [wcbfdu] "C:\WINDOWS\system32\wcbfdu.exe"
O4 - HKCU\..\Run: [EGAF] "C:\Documents and Settings\Pete's\EGAF.exe"
O4 - HKCU\..\Run: [NJRB] "C:\Documents and Settings\Pete's\NJRB.exe"
O4 - HKCU\..\Run: [PJNC] "C:\Documents and Settings\Pete's\PJNC.exe"
O4 - HKCU\..\Run: [bUIC] "C:\Documents and Settings\Pete's\BUIC.exe"
O4 - HKCU\..\Run: [GNMS] "C:\Documents and Settings\Pete's\GNMS.exe"
O4 - HKCU\..\Run: [CGAH] "C:\Documents and Settings\Pete's\CGAH.exe"
O4 - HKCU\..\Run: [TDOB] "C:\Documents and Settings\Pete's\TDOB.exe"
O4 - HKCU\..\Run: [LJGR] "C:\Documents and Settings\Pete's\LJGR.exe"
O4 - HKCU\..\Run: [iULQ] "C:\Documents and Settings\Pete's\IULQ.exe"
O4 - HKCU\..\Run: [PTUU] "C:\Documents and Settings\Pete's\PTUU.exe"
O4 - HKCU\..\Run: [NIJD] "C:\Documents and Settings\Pete's\NIJD.exe"
O4 - HKCU\..\Run: [CQSD] "C:\Documents and Settings\Pete's\CQSD.exe"
O4 - HKCU\..\Run: [EETM] "C:\Documents and Settings\Pete's\EETM.exe"
O4 - HKCU\..\Run: [TCIM] "C:\Documents and Settings\Pete's\TCIM.exe"
O4 - HKCU\..\Run: [GASJ] "C:\Documents and Settings\Pete's\GASJ.exe"
O4 - HKCU\..\Run: [iHSD] "C:\Documents and Settings\Pete's\IHSD.exe"
O4 - HKCU\..\Run: [RKGH] "C:\Documents and Settings\Pete's\RKGH.exe"
O4 - HKCU\..\Run: [JOMC] "C:\Documents and Settings\Pete's\JOMC.exe"
O4 - HKCU\..\Run: [iLCK] "C:\Documents and Settings\Pete's\ILCK.exe"
O4 - HKCU\..\Run: [KRQU] "C:\Documents and Settings\Pete's\KRQU.exe"
O4 - HKCU\..\Run: [MGGP] "C:\Documents and Settings\Pete's\MGGP.exe"
O4 - HKCU\..\Run: [DDKD] "C:\WINDOWS\system32\DDKD.exe"
O4 - HKCU\..\Run: [HLID] "C:\WINDOWS\system32\HLID.exe"
O4 - HKCU\..\Run: [PIQJ] "C:\Documents and Settings\Pete's\PIQJ.exe"
O4 - HKCU\..\Run: [iAQM] "C:\Documents and Settings\Pete's\IAQM.exe"
O4 - HKCU\..\Run: [HCAR] "C:\Documents and Settings\Pete's\HCAR.exe"
O4 - HKCU\..\Run: [TDRF] "C:\Documents and Settings\Pete's\TDRF.exe"
O4 - HKCU\..\Run: [APFK] "C:\Documents and Settings\Pete's\APFK.exe"
O4 - HKCU\..\Run: [EATI] "C:\Documents and Settings\Pete's\EATI.exe"
O4 - HKCU\..\Run: [AGKN] "C:\Documents and Settings\Pete's\AGKN.exe"
O4 - HKCU\..\Run: [HPHK] "C:\Documents and Settings\Pete's\HPHK.exe"
O4 - HKCU\..\Run: [bPNB] "C:\Documents and Settings\Pete's\BPNB.exe"
O4 - HKCU\..\Run: [DHES] "C:\Documents and Settings\Pete's\DHES.exe"
O4 - HKCU\..\Run: [TSMB] "C:\Documents and Settings\Pete's\TSMB.exe"
O4 - HKCU\..\Run: [OKFI] "C:\Documents and Settings\Pete's\OKFI.exe"
O4 - HKCU\..\Run: [OMLF] "C:\Documents and Settings\Pete's\OMLF.exe"
O4 - HKCU\..\Run: [KIJM] "C:\Documents and Settings\Pete's\KIJM.exe"
O4 - HKCU\..\Run: [KICA] "C:\Documents and Settings\Pete's\KICA.exe"
O4 - HKCU\..\Run: [QGRL] "C:\Documents and Settings\Pete's\QGRL.exe"
O4 - HKCU\..\Run: [EUMS] "C:\Documents and Settings\Pete's\EUMS.exe"
O4 - HKCU\..\Run: [MECC] "C:\Documents and Settings\Pete's\MECC.exe"
O4 - HKCU\..\Run: [LNJK] "C:\Documents and Settings\Pete's\LNJK.exe"
O4 - HKCU\..\Run: [QEIH] "C:\Documents and Settings\Pete's\QEIH.exe"
O4 - HKCU\..\Run: [iNNF] "C:\Documents and Settings\Pete's\INNF.exe"
O4 - HKCU\..\Run: [LQIH] "C:\Documents and Settings\Pete's\LQIH.exe"
O4 - HKCU\..\Run: [OJEE] "C:\Documents and Settings\Pete's\OJEE.exe"
O4 - HKCU\..\Run: [PDUJ] "C:\Documents and Settings\Pete's\PDUJ.exe"
O4 - HKCU\..\Run: [JJNT] "C:\Documents and Settings\Pete's\JJNT.exe"
O4 - HKCU\..\Run: [ESJU] "C:\Documents and Settings\Pete's\ESJU.exe"
O4 - HKCU\..\Run: [KUQC] "C:\Documents and Settings\Pete's\KUQC.exe"
O4 - HKCU\..\Run: [KRIB] "C:\Documents and Settings\Pete's\KRIB.exe"
O4 - HKCU\..\Run: [TCPU] "C:\Documents and Settings\Pete's\TCPU.exe"
O4 - HKCU\..\Run: [NUIC] "C:\Documents and Settings\Pete's\NUIC.exe"
O4 - HKCU\..\Run: [DRKH] "C:\Documents and Settings\Pete's\DRKH.exe"
O4 - HKCU\..\Run: [NDMN] "C:\Documents and Settings\Pete's\NDMN.exe"
O4 - HKCU\..\Run: [FJNK] "C:\Documents and Settings\Pete's\FJNK.exe"
O4 - HKCU\..\Run: [bBBQ] "C:\Documents and Settings\Pete's\BBBQ.exe"
O4 - HKCU\..\Run: [KDLD] "C:\Documents and Settings\Pete's\KDLD.exe"
O4 - HKCU\..\Run: [LTBU] "C:\Documents and Settings\Pete's\LTBU.exe"
O4 - HKCU\..\Run: [NGNF] "C:\Documents and Settings\Pete's\NGNF.exe"
O4 - HKCU\..\Run: [RNNE] "C:\Documents and Settings\Pete's\RNNE.exe"
O4 - HKCU\..\Run: [RUUA] "C:\Documents and Settings\Pete's\RUUA.exe"
O4 - HKCU\..\Run: [PINM] "C:\Documents and Settings\Pete's\PINM.exe"
O4 - HKCU\..\Run: [TREO] "C:\Documents and Settings\Pete's\TREO.exe"
O4 - HKCU\..\Run: [GORF] "C:\Documents and Settings\Pete's\GORF.exe"
O4 - HKCU\..\Run: [bSGS] "C:\Documents and Settings\Pete's\BSGS.exe"
O4 - HKCU\..\Run: [FHNC] "C:\Documents and Settings\Pete's\FHNC.exe"
O4 - HKCU\..\Run: [JPIT] "C:\Documents and Settings\Pete's\JPIT.exe"
O4 - HKCU\..\Run: [DAPT] "C:\Documents and Settings\Pete's\DAPT.exe"
O4 - HKCU\..\Run: [KBCP] "C:\Documents and Settings\Pete's\KBCP.exe"
O4 - HKCU\..\Run: [QLUE] "C:\Documents and Settings\Pete's\QLUE.exe"
O4 - HKCU\..\Run: [DKBR] "C:\Documents and Settings\Pete's\DKBR.exe"
O4 - HKCU\..\Run: [RGGK] "C:\Documents and Settings\Pete's\RGGK.exe"
O4 - HKCU\..\Run: [iUMR] "C:\Documents and Settings\Pete's\IUMR.exe"
O4 - HKCU\..\Run: [JNTT] "C:\Documents and Settings\Pete's\JNTT.exe"
O4 - HKCU\..\Run: [MMIK] "C:\Documents and Settings\Pete's\MMIK.exe"
O4 - HKCU\..\Run: [JPAS] "C:\Documents and Settings\Pete's\JPAS.exe"
O4 - HKCU\..\Run: [FRLK] "C:\Documents and Settings\Pete's\FRLK.exe"
O4 - HKCU\..\Run: [AJPF] "C:\Documents and Settings\Pete's\AJPF.exe"
O4 - HKCU\..\Run: [JLMD] "C:\Documents and Settings\Pete's\JLMD.exe"
O4 - HKCU\..\Run: [HITN] "C:\Documents and Settings\Pete's\HITN.exe"
O4 - HKCU\..\Run: [LNBD] "C:\Documents and Settings\Pete's\LNBD.exe"
O4 - HKCU\..\Run: [bMID] "C:\Documents and Settings\Pete's\BMID.exe"
O4 - HKCU\..\Run: [TORH] "C:\Documents and Settings\Pete's\TORH.exe"
O4 - HKCU\..\Run: [TJUI] "C:\Documents and Settings\Pete's\TJUI.exe"
O4 - HKCU\..\Run: [RNUA] "C:\Documents and Settings\Pete's\RNUA.exe"
O4 - HKCU\..\Run: [JMQQ] "C:\Documents and Settings\Pete's\JMQQ.exe"
O4 - HKCU\..\Run: [FNRM] "C:\Documents and Settings\Pete's\FNRM.exe"
O4 - HKCU\..\Run: [JCPD] "C:\Documents and Settings\Pete's\JCPD.exe"
O4 - HKCU\..\Run: [DDAC] "C:\Documents and Settings\Pete's\DDAC.exe"
O4 - HKCU\..\Run: [iFLS] "C:\Documents and Settings\Pete's\IFLS.exe"
O4 - HKCU\..\Run: [bJFG] "C:\Documents and Settings\Pete's\BJFG.exe"
O4 - HKCU\..\Run: [HQEO] "C:\Documents and Settings\Pete's\HQEO.exe"
O4 - HKCU\..\Run: [HPGH] "C:\Documents and Settings\Pete's\HPGH.exe"
O4 - HKCU\..\Run: [JULO] "C:\Documents and Settings\Pete's\JULO.exe"
O4 - HKCU\..\Run: [DBGQ] "C:\Documents and Settings\Pete's\DBGQ.exe"
O4 - HKCU\..\Run: [MFLM] "C:\Documents and Settings\Pete's\MFLM.exe"
O4 - HKCU\..\Run: [FROT] "C:\Documents and Settings\Pete's\FROT.exe"
O4 - HKCU\..\Run: [OIUD] "C:\Documents and Settings\Pete's\OIUD.exe"
O4 - HKCU\..\Run: [HSJH] "C:\Documents and Settings\Pete's\HSJH.exe"
O4 - HKCU\..\Run: [NUON] "C:\Documents and Settings\Pete's\NUON.exe"
O4 - HKCU\..\Run: [THDB] "C:\Documents and Settings\Pete's\THDB.exe"
O4 - HKCU\..\Run: [12] "C:\WINDOWS\system32\12.exe"
O4 - HKCU\..\Run: [GPPE] "C:\Documents and Settings\Pete's\GPPE.exe"
O4 - HKCU\..\Run: [JHFL] "C:\Documents and Settings\Pete's\JHFL.exe"
O4 - HKCU\..\Run: [DUUB] "C:\Documents and Settings\Pete's\DUUB.exe"
O4 - HKCU\..\Run: [AFDQ] "C:\Documents and Settings\Pete's\AFDQ.exe"
O4 - HKCU\..\Run: [LRRF] "C:\Documents and Settings\Pete's\LRRF.exe"
O4 - HKCU\..\Run: [OOJG] "C:\Documents and Settings\Pete's\OOJG.exe"
O4 - HKCU\..\Run: [ATFJ] "C:\Documents and Settings\Pete's\ATFJ.exe"
O4 - HKCU\..\Run: [EBPC] "C:\Documents and Settings\Pete's\EBPC.exe"
O4 - HKCU\..\Run: [GLMH] "C:\Documents and Settings\Pete's\GLMH.exe"
O4 - HKCU\..\Run: [LBTP] "C:\Documents and Settings\Pete's\LBTP.exe"
O4 - HKCU\..\Run: [ATQM] "C:\Documents and Settings\Pete's\ATQM.exe"
O4 - HKCU\..\Run: [bDAS] "C:\Documents and Settings\Pete's\BDAS.exe"
O4 - HKCU\..\Run: [CQEG] "C:\Documents and Settings\Pete's\CQEG.exe"
O4 - HKCU\..\Run: [NTPH] "C:\Documents and Settings\Pete's\NTPH.exe"
O4 - HKCU\..\Run: [TBDT] "C:\Documents and Settings\Pete's\TBDT.exe"
O4 - HKCU\..\Run: [RPNH] "C:\Documents and Settings\Pete's\RPNH.exe"
O4 - HKCU\..\Run: [NSDG] "C:\Documents and Settings\Pete's\NSDG.exe"
O4 - HKCU\..\Run: [NQQD] "C:\Documents and Settings\Pete's\NQQD.exe"
O4 - HKCU\..\Run: [ORUR] "C:\Documents and Settings\Pete's\ORUR.exe"
O4 - HKCU\..\Run: [iRTI] "C:\Documents and Settings\Pete's\IRTI.exe"
O4 - HKCU\..\Run: [HQAL] "C:\Documents and Settings\Pete's\HQAL.exe"
O4 - HKCU\..\Run: [iBHA] "C:\Documents and Settings\Pete's\IBHA.exe"
O4 - HKCU\..\Run: [EBUT] "C:\Documents and Settings\Pete's\EBUT.exe"
O4 - HKCU\..\Run: [POSS] "C:\Documents and Settings\Pete's\POSS.exe"
O4 - HKCU\..\Run: [bUTA] "C:\Documents and Settings\Pete's\BUTA.exe"
O4 - HKCU\..\Run: [LIBF] "C:\Documents and Settings\Pete's\LIBF.exe"
O4 - HKCU\..\Run: [AUBD] "C:\Documents and Settings\Pete's\AUBD.exe"
O4 - HKCU\..\Run: [DJIK] "C:\Documents and Settings\Pete's\DJIK.exe"
O4 - HKCU\..\Run: [ASOJ] "C:\Documents and Settings\Pete's\ASOJ.exe"
O4 - HKCU\..\Run: [bQPA] "C:\Documents and Settings\Pete's\BQPA.exe"
O4 - HKCU\..\Run: [DNRL] "C:\Documents and Settings\Pete's\DNRL.exe"
O4 - HKCU\..\Run: [LLII] "C:\Documents and Settings\Pete's\LLII.exe"
O4 - HKCU\..\Run: [QKIN] "C:\Documents and Settings\Pete's\QKIN.exe"
O4 - HKCU\..\Run: [iUIH] "C:\Documents and Settings\Pete's\IUIH.exe"
O4 - HKCU\..\Run: [MGAE] "C:\Documents and Settings\Pete's\MGAE.exe"
O4 - HKCU\..\Run: [MRAA] "C:\Documents and Settings\Pete's\MRAA.exe"
O4 - HKCU\..\Run: [sAKO] "C:\Documents and Settings\Pete's\SAKO.exe"
O4 - HKCU\..\Run: [LBGR] "C:\Documents and Settings\Pete's\LBGR.exe"
O4 - HKCU\..\Run: [LLKU] "C:\Documents and Settings\Pete's\LLKU.exe"
O4 - HKCU\..\Run: [JEAT] "C:\Documents and Settings\Pete's\JEAT.exe"
O4 - HKCU\..\Run: [MAMG] "C:\Documents and Settings\Pete's\MAMG.exe"
O4 - HKCU\..\Run: [ETOL] "C:\Documents and Settings\Pete's\ETOL.exe"
O4 - HKCU\..\Run: [GSTA] "C:\Documents and Settings\Pete's\GSTA.exe"
O4 - HKCU\..\Run: [QIKO] "C:\Documents and Settings\Pete's\QIKO.exe"
O4 - HKCU\..\Run: [NSQU] "C:\Documents and Settings\Pete's\NSQU.exe"
O4 - HKCU\..\Run: [NMAK] "C:\Documents and Settings\Pete's\NMAK.exe"
O4 - HKCU\..\Run: [HJLN] "C:\Documents and Settings\Pete's\HJLN.exe"
O4 - HKCU\..\Run: [FICH] "C:\Documents and Settings\Pete's\FICH.exe"
O4 - HKCU\..\Run: [LNFN] "C:\Documents and Settings\Pete's\LNFN.exe"
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
Now close all open windows except Hijackthis and click fix checked
Then post a new Hijackthis log here in a reply.
New Guy-winvirus. Please Help!
in Malware Removal
Posted
Go to where you saved Hijackthis.exe (C:\Program Files\Hijackthis) right click on Hijackthis.exe click rename, rename it to hjt.exe reopen it make a log then post it here in a reply...