1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

NGINX white screen on startup

Discussion in 'Virus & Other Malware Removal' started by flatlander31, Jul 14, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Hi,

    Thanks for the log :)

    Please read through these instructions to familiarize yourself with what to expect when this tool runs

    Refer to the ComboFix User's Guide

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT- Save ComboFix.exe to your Desktop

    ====================================================

    Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

    ====================================================


    Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
     
  2. flatlander31

    flatlander31 Thread Starter

    Joined:
    Apr 21, 2012
    Messages:
    49
    It's going to be about a week before I can get to this, as I've been called away to a job site until then. I'll PM you when I get to running ComboFix.
     
  3. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Ok, post the log in here and PM me to let me know when you're ready.
     
  4. flatlander31

    flatlander31 Thread Starter

    Joined:
    Apr 21, 2012
    Messages:
    49
    Combofix Log:

    ComboFix 12-08-10.01 - HP_Administrator 11/08/2012 11:22:10.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.217 [GMT -6:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-10 22:02 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C6020A6-297A-4731-A3E1-37D96A4A6853}\mpengine.dll
    2012-08-09 03:23 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-29 23:05 . 2012-07-29 23:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2012-07-29 23:03 . 2012-07-29 23:03 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-15 01:03 . 2012-07-15 01:56 -------- d-----w- C:\gotcha28277g
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-06 19:13 . 2012-04-27 02:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-06 19:13 . 2012-04-27 02:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-29 23:04 . 2004-08-09 21:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2012-06-13 13:19 . 2004-08-09 21:00 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2008-08-05 21:30 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2004-08-09 21:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2004-08-09 21:00 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 21:19 . 2007-06-21 20:39 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 21:19 . 2007-06-21 20:39 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 21:19 . 2004-08-09 21:00 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 21:19 . 2004-08-09 21:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 21:19 . 2004-08-09 21:00 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 21:19 . 2007-06-21 20:39 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 21:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 21:19 . 2004-08-09 21:00 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 21:19 . 2004-08-09 21:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 21:19 . 2004-08-09 21:00 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 21:19 . 2007-06-21 20:39 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 21:19 . 2004-08-09 21:00 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 21:19 . 2004-08-09 21:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 21:18 . 2009-04-01 07:35 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 21:18 . 2009-04-01 07:35 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 21:18 . 2008-10-16 18:07 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2004-08-09 21:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2004-08-09 21:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-04-21 01:19 . 2012-04-29 16:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
    "HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-09 1804648]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
    "nwiz"="nwiz.exe" [2006-01-24 1519616]
    "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
    "DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
    "DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
    "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-26 180269]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
    Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk - c:\windows\system32\RunDll32.exe [2004-8-9 33280]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-25 66864]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 3986944]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-25 27136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\DISC\\myFTP.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [08/11/2010 11:40 AM 237568]
    R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [08/11/2010 11:43 AM 1060352]
    R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [08/11/2010 11:43 AM 484352]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/05/2012 3:43 PM 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26/04/2012 8:03 PM 250056]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/05/2012 3:43 PM 136176]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [29/04/2012 10:04 AM 129976]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [18/12/2010 7:11 PM 11520]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 19:13]
    .
    2012-08-11 c:\windows\Tasks\At1.job
    - c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 00:06]
    .
    2012-08-11 c:\windows\Tasks\At2.job
    - c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 00:06]
    .
    2012-08-11 c:\windows\Tasks\At3.job
    - c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 00:06]
    .
    2012-08-07 c:\windows\Tasks\At4.job
    - c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 00:06]
    .
    2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-06 21:43]
    .
    2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-06 21:43]
    .
    2012-08-11 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 23:03]
    .
    2012-08-10 c:\windows\Tasks\User_Feed_Synchronization-{BF9FB2AE-F181-4EB5-A486-C83A7344B7A9}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.canoe.ca/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mSearch Bar = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
    IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
    TCP: DhcpNameServer = 172.16.1.254
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jdq7qgiy.default\
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-11 11:50
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3695022738-3772701923-2666252744-1008\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(9744)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\arservice.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\ARPWRMSG.EXE
    c:\windows\eHome\ehmsas.exe
    c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
    c:\program files\DISC\DiscStreamHub.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe
    c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe

    **************************************************************************
    .
    Completion time: 2012-08-11 12:11:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-11 18:11
    ComboFix2.txt 2012-07-15 01:55
    ComboFix3.txt 2012-04-28 02:16
    ComboFix4.txt 2012-04-26 21:27
    .
    Pre-Run: 192,752,996,352 bytes free
    Post-Run: 193,195,343,872 bytes free
    .
    - - End Of File - - 3361CD62FDDB68A1ACA7FF94E013350E
     
  5. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Open TDSS Killer and select cure for any detected items.
     
  6. flatlander31

    flatlander31 Thread Starter

    Joined:
    Apr 21, 2012
    Messages:
    49
    TDSS did not find anything to cure.
     
  7. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Are you still seeing NGINX?

    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    ===================================================

    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the [​IMG] button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the [​IMG] icon on your desktop.
    4. Check [​IMG]
    5. Click the [​IMG] button.
    6. Accept any security warnings from your browser.
    7. Check [​IMG]
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push [​IMG]
    12. Push [​IMG], and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
    13. Push the Back button.
    14. Make sure you saved the log somewhere else. Select Uninstall application on close check box and push [​IMG]
    ===================================================

    Malwarebytes' Anti-Malware
    Download Malwarebytes' Anti-Malware here and save to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


    ===================================================

    On your next reply please post :
    ESET log
    MBAM log


    Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1061040