Author Topic: [Inactive] I have the dreaded Welcome to nginx!! (Read 419 times)

mooorooo · « **on:** March 25, 2012, 11:18:38 AM »

I am pasting here my Hijackthis log. It happens when I go to Google. My operating system is XP. I really appreciate your service

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:18:23 PM, on 3/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Documents and Settings\All Users.WINDOWS\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
E:\Program Files\Ask.com\Updater\Updater.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Application Updater\ApplicationUpdater.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\LogMeIn Hamachi\hamachi-2.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
E:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
E:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Memeo\AutoBackup\InstantBackup.exe
E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
E:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Documents and Settings\All Users.WINDOWS\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Memeo Instant Backup] E:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Memeo AutoSync] E:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] E:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "E:\Documents and Settings\All Users.WINDOWS\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [ApnUpdater] "E:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\adam.ADAM-9464D40C7F\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - E:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MemeoBackgroundService - Memeo - E:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - E:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - E:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - E:\Program Files\Skype\Updater\Updater.exe

--
End of file - 10180 bytes

Hoov · « **Reply #1 on:** March 25, 2012, 11:47:26 AM »

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

Could you explain a bit more about what is happening. Welcome to nginx can be the result of a problem elsewhere and not a problem with your computer. If you tell me what browser you are using, and give me the exact address you are going to it will help. Just saying "Going to Google" can be any one of thousands of pages that will get you to Google.

Also please read this thread, [NEW Instructions!] What Do I Do First? and follow the instructions, just post the logs back to this thread and don't start a new one.

Hoov · « **Reply #2 on:** April 01, 2012, 06:16:31 PM »

mooorooo, do you still need help?

Hoov · « **Reply #3 on:** April 06, 2012, 05:49:23 PM »

This thread is being closed due to inactivity. If you need it reopened send me a PM. This applies to the originator only. Anyone else please start a new thread.

News:

Author Topic: [Inactive] I have the dreaded Welcome to nginx!! (Read 419 times)

mooorooo

[Inactive] I have the dreaded Welcome to nginx!!

Hoov

Re: [In Progress] I have the dreaded Welcome to nginx!!

Hoov

Re: [In Progress] I have the dreaded Welcome to nginx!!

Hoov

Re: [In Progress] I have the dreaded Welcome to nginx!!