Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

continous shutdown and reboot

This is a discussion on continous shutdown and reboot within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I have been having problems with my computer. Everytime i start it in the normal mode after a few seconds


 
 
Thread Tools Search this Thread
Old 06-11-2005, 12:27 PM   #1
 
Join Date: Jun 2005
Posts: 1
OS:



I have been having problems with my computer. Everytime i start it in the normal mode after a few seconds it shuts down and reboots and the cycle continues. it works okay in the safe mode. I have the windows Me operating system. I ran the hijack scan and the results are listed as follows please let me know what i need to do.
thanks
J

Logfile of HijackThis v1.99.1
Scan saved at 1:11:08 PM, on 6/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\nruazk.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
c:\windows\system32\dxdyhq.exe
C:\Program Files\2Wire\Gateway\2portalmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://www.websearch.com/ie.aspx?tb_id=58
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = https://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {0A771E55-0FDB-E786-67C3-CA453BA7461E} - C:\WINDOWS\System32\rrwtbzzm.dll
O2 - BHO: (no name) - {17273469-31DF-41A1-5BA2-861F8B6855FF} - C:\WINDOWS\System32\juucpqvd.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {59BC3B10-18C9-7E48-3175-69B258DF2F63} - C:\WINDOWS\System32\adxyfgpy.dll
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Eudl14U6.exe
O4 - HKLM\..\Run: [bamfewf] C:\WINDOWS\System32\bamfewf.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2portalmon.exe
O4 - HKLM\..\Run: [jrrrb] C:\WINDOWS\System32\bsmpk\jrrrb.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xxqrmm] C:\WINDOWS\System32\lybhak\xxqrmm.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\System32\snuninst.exe
O4 - HKLM\..\Run: [BRP] "C:\Program Files\BRP\brp.exe"
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\brpre.exe"
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [tvs_b] c:\Program Files\tvs\tvs_ln.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\nruazk.exe reg_run
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [32727f959015] C:\WINDOWS\System32\apcups33.exe
O4 - HKLM\..\Run: [ydtuyqn] c:\windows\system32\dxdyhq.exe
O4 - HKLM\..\RunOnce: [tvs_re] C:\Program Files\Common Files\Java\tvs_re_inst.exe
O4 - HKCU\..\Run: [autnat] C:\WINDOWS\System32\autnat.exe
O4 - HKCU\..\RunOnce: [autnat] C:\WINDOWS\System32\autnat.exe
O8 - Extra context menu item: &Search - https://bar.mywebsearch.com/menusearc...p=ZNxmk596BQUS
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: https://www.neededware.com
O15 - Trusted Zone: https://awbeta.net-nucleus.com (HKLM)
O16 - DPF: NDWCab - https://www.neededware.com/NDWCab.CAB
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - https://download.bargain-buddy.net/do...ARKETING11.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - https://static.windupdates.com/cab/Ag...bridge-c18.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - https://ak.imgfarm.com/images/nocache...p1.0.0.8-2.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - https://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - https://www.alwaysupdatednews.com/install/aun_0036.exe
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - https://download.websearch.com/Dnl/T_50252/QDow_AS2.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297B} - https://start1.aaa1screensavers.com/10057.exe
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - https://www.alwaysupdatednews.com/install/aun_0033.exe
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - https://install.spywarelabs.com/25040...2504040406.exe
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - https://www.alwaysupdatednews.com/install/aun_0010.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - https://download.spyspotter.com/spysp...terInstall.cab
O16 - DPF: {FDCC1518-6A63-11D9-AAC8-91EC5E497716} - https://www.ouchvideo.com/mmviewer_emg11.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\m446lehs1h46.dll (file missing)
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: jrrrbbsmpk - Unknown owner - C:\WINDOWS\System32\bsmpk\jrrrb.exe
O23 - Service: bujhufafhauu (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: xxqrmmlybhak - Unknown owner - C:\WINDOWS\System32\lybhak\xxqrmm.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
j_habib is offline  
Sponsored Links
Advertisement
 
Old 06-11-2005, 03:52 PM   #2
 
Join Date: Sep 2003
Posts: 5,955
OS:


Greetings, and welcome to TSF!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Right click on this link https://www.greyknight17.com/spy/DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards.

Download Hoster https://www.greyknight17.com/spy/Hoster.exe and run it. Choose the 'Restore Original Hosts' button and press OK.


===============

Download, unzip to your desktop CWShredder and run it, then:

1. Click "Check For Update"

(If an update isn't available, skip to step #4.)

2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"


===============

Go to Add/Remove programs and remove(uninstall) the following, if present:

Deals Online
E2 Give
Elite Toolbar
Internet Optimizer
MyWebSearch

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Download LSPFix and unzip to your desktop, then run it. Now, we need to:

1. check(tick) "I know what i'm doing".
2. click on (highlight) each occurance of the following, one at a time:

dolsp.dll

3. then click ">>", mo'ing each one, individually, to the 'Remove' pane.
4. (double-check, and make sure that only the above files are in the 'Remove'pane.)
5. click "Finish >>"


===============

You'll need to download uninst.exe to remove the 'peper' infection, then:

1. run uninst.exe ... (first pass).
2. reboot your computer.
3. run uninst.exe ... (final pass).

Note: You must have an active internet connection, each time this program is run, for it to properly work.

===============

Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINDOWS\System32\nruazk.exe
c:\windows\system32\dxdyhq.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u nem220.dll
regsvr32 /u cfgmgr51.dll
regsvr32 /u systb.dll
regsvr32 /u rrwtbzzm.dll
regsvr32 /u juucpqvd.dll
regsvr32 /u EliteToolBar version 60.dll
regsvr32 /u IeBHOs.dll
regsvr32 /u adxyfgpy.dll
regsvr32 /u fla.dll
regsvr32 /u wsem303.dll

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.

===============

Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.

Also move the "Backups" folder, for HiJackThis, if present.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.search-exe.com/nph-se...look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://www.websearch.com/ie.aspx?tb_id=58
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://search.search-exe.com/nph-se...look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = https://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://search.search-exe.com/nph-se...look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O1 - Hosts: 216.39.69.102 view.atdmt.com

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {0A771E55-0FDB-E786-67C3-CA453BA7461E} - C:\WINDOWS\System32\rrwtbzzm.dll
O2 - BHO: (no name) - {17273469-31DF-41A1-5BA2-861F8B6855FF} - C:\WINDOWS\System32\juucpqvd.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {59BC3B10-18C9-7E48-3175-69B258DF2F63} - C:\WINDOWS\System32\adxyfgpy.dll
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Eudl14U6.exe
O4 - HKLM\..\Run: [bamfewf] C:\WINDOWS\System32\bamfewf.exe
O4 - HKLM\..\Run: [jrrrb] C:\WINDOWS\System32\bsmpk\jrrrb.exe
O4 - HKLM\..\Run: [xxqrmm] C:\WINDOWS\System32\lybhak\xxqrmm.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\System32\snuninst.exe
O4 - HKLM\..\Run: [tvs_b] c:\Program Files\tvs\tvs_ln.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\nruazk.exe reg_run
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [32727f959015] C:\WINDOWS\System32\apcups33.exe
O4 - HKLM\..\Run: [ydtuyqn] c:\windows\system32\dxdyhq.exe
O4 - HKCU\..\Run: [autnat] C:\WINDOWS\System32\autnat.exe
O4 - HKCU\..\RunOnce: [autnat] C:\WINDOWS\System32\autnat.exe

O8 - Extra context menu item: &Search - https://bar.mywebsearch.com/menusear...?p=ZNxmk596BQUS

O15 - Trusted Zone: https://www.neededware.com
O15 - Trusted Zone: https://awbeta.net-nucleus.com (HKLM)

O16 - DPF: NDWCab - https://www.neededware.com/NDWCab.CAB
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - https://download.bargain-buddy.net/d...MARKETING11.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - https://static.windupdates.com/cab/A.../bridge-c18.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - https://ak.imgfarm.com/images/nocach...up1.0.0.8-2.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - https://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - https://www.alwaysupdatednews.com/install/aun_0036.exe
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - https://download.websearch.com/Dnl/T_50252/QDow_AS2.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297B} - https://start1.aaa1screensavers.com/10057.exe
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - https://www.alwaysupdatednews.com/install/aun_0033.exe
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - https://install.spywarelabs.com/2504...r2504040406.exe
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - https://www.alwaysupdatednews.com/install/aun_0010.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - https://download.spyspotter.com/spys...tterInstall.cab
O16 - DPF: {FDCC1518-6A63-11D9-AAC8-91EC5E497716} - https://www.ouchvideo.com/mmviewer_emg11.cab

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\m446lehs1h46.dll (file missing)

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: jrrrbbsmpk - Unknown owner - C:\WINDOWS\System32\bsmpk\jrrrb.exe
O23 - Service: bujhufafhauu (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: xxqrmmlybhak - Unknown owner - C:\WINDOWS\System32\lybhak\xxqrmm.exe


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\PROGRA~1\Toolbar
C:\WINDOWS\EliteToolBar
C:\Program Files\E2G
c:\Program Files\Fla
C:\WINDOWS\System32\bsmpk
C:\WINDOWS\System32\lybhak
C:\Program Files\Internet Optimizer
c:\Program Files\tvs
C:\Program Files\WeirdOnTheWeb

files...

C:\WINDOWS\System32\nruazk.exe
c:\windows\system32\dxdyhq.exe
C:\WINDOWS\Nail.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\cfgmgr51.dll
C:\WINDOWS\systb.dll
C:\WINDOWS\System32\rrwtbzzm.dll
C:\WINDOWS\System32\juucpqvd.dll
C:\WINDOWS\System32\adxyfgpy.dll
C:\WINDOWS\wsem303.dll
C:\WINDOWS\System32\Eudl14U6.exe
C:\WINDOWS\System32\bamfewf.exe
C:\WINDOWS\wupdt.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\System32\snuninst.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\apcups33.exe
C:\WINDOWS\System32\autnat.exe
c:\windows\system32\dolsp.dll
C:\WINDOWS\System32\msupd6.exe
C:\WINDOWS\svcproc.exe

Search for...

AUNPS2.DLL

...using "Start | Search...".

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============

Post back a new log, and let us know how everything goes.
jgvernonco is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:06 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts