Author Topic: Problem with "welcome to nginx" and website logins (Read 15988 times)

pbfoot · « **on:** March 20, 2012, 09:58:18 PM »

My wife unknowingly clicked on one of those "your computer may be infected, click here to update your anti-virus software" boxes a few days ago and now when we go to our home page (www.att.yahoo.com) we get a white screen with "Welcome to nginx" in bold print. I was using Chrome as my browser. I uninstalled/reinstalled Chrome and things were fine until I did a computer restart after a Windows update, then the nginx screen popped up again on our home page.
I uninstalled Chrome and went back to Explorer. Now we have noticed when trying to sign in to some websites (like Pinterest) we cannot log in- it's like the screen refreshes and won't send the log in info.
Thanks again for your help!
I have completed all the steps in the malware removal guide, below are the various log files.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/20/2012 at 09:49 PM

Application Version : 5.0.1146

Core Rules Database Version : 8359
Trace Rules Database Version: 6171

Scan type : Complete Scan
Total Scan Time : 01:02:00

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 548
Memory threats detected : 0
Registry items scanned : 36374
Registry threats detected : 0
File items scanned : 70467
File threats detected : 7

Adware.Tracking Cookie
   C:\Documents and Settings\Administrator\Cookies\4BLI0SRE.txt [ /ad.yieldmanager.com ]

PUP.CNETInstaller
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\DOWNLOADS\CNET2_DUAX_EXE.EXE
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\DOWNLOADS\CNET2_MISPBONETWORKMONITOR3_0_ZIP.EXE
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\DOWNLOADS\CNET2_NETWORX_SETUP_EXE.EXE

PUP.SoftonicDownloader
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\DOWNLOADS\SOFTONICDOWNLOADER_FOR_ENDITALL (1).EXE
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\DOWNLOADS\SOFTONICDOWNLOADER_FOR_ENDITALL.EXE

Adware.CouponBar
   C:\WINDOWS\SYSTEM32\CPNPRT2.CID

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.21.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PEARSON-HOME-PC [administrator]

Protection: Enabled

3/20/2012 10:10:52 PM
mbam-log-2012-03-20 (22-10-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200140
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 22:27:59 on 2012-03-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2326 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Online Armor Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\IProsetMonitor.exe
C:\Program Files\iRacing\iRacingService.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\CloudPrinting\KCPConnector.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2011\Planner\PLNRnote.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10206&bi=400
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files\blekkotb\auxi\blekkoAu.dll
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] "c:\documents and settings\administrator\local settings\application data\google\chrome\application\chrome.exe" --type=service
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [EKAIO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\program files\creative home\hallmark card studio 2011\planner\PLNRnote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: $talisma_url$
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1315058172703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5EF90F7C-88AE-4F75-9AE3-6A8594EB6B39} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-3-20 205864]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-3-20 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2012-3-20 29464]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-9-3 112800]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-7-27 6656]
R2 iRacingService;iRacing helper service;c:\program files\iracing\iRacingService.exe [2012-3-3 473768]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
R2 Kodak Cloud Software Connector;Kodak Cloud Software Connector;c:\program files\kodak\cloudprinting\kcpconnector.exe -s --> c:\program files\kodak\cloudprinting\KCPConnector.exe -s [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-18 652360]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-12-13 315392]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-3-16 2253120]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2012-3-20 208472]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-9-3 45288]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-18 20464]
S1 MpKsl292600aa;MpKsl292600aa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0707d2eb-f2c8-4c1b-956c-2cc3d69d6d3e}\mpksl292600aa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0707d2eb-f2c8-4c1b-956c-2cc3d69d6d3e}\MpKsl292600aa.sys [?]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-3-20 42152]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-24 136176]
S2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2012-3-20 4369208]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-12-25 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-5-8 20032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-24 136176]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-12-25 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-12-25 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-12-25 136680]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-03-21 03:23:04   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2012-03-21 03:23:04   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2012-03-21 03:07:05   56200   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f08cdda3-6eb9-47c0-b571-1dcadaf94e83}\offreg.dll
2012-03-21 01:44:01   --------   d-----w-   c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2012-03-21 01:42:23   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-03-21 01:42:23   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-21 01:32:57   --------   d-----w-   c:\program files\CCleaner
2012-03-21 01:27:00   6582328   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f08cdda3-6eb9-47c0-b571-1dcadaf94e83}\mpengine.dll
2012-03-21 00:11:06   --------   d-----w-   c:\documents and settings\all users\application data\OnlineArmor
2012-03-21 00:11:06   --------   d-----w-   c:\documents and settings\administrator\application data\OnlineArmor
2012-03-21 00:10:07   42152   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2012-03-21 00:10:07   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2012-03-21 00:10:07   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2012-03-21 00:10:07   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2012-03-21 00:10:03   --------   d-----w-   c:\program files\Online Armor
2012-03-19 01:26:18   --------   d-sha-r-   C:\cmdcons
2012-03-19 01:24:43   98816   ----a-w-   c:\windows\sed.exe
2012-03-19 01:24:43   518144   ----a-w-   c:\windows\SWREG.exe
2012-03-19 01:24:43   256000   ----a-w-   c:\windows\PEV.exe
2012-03-19 01:24:43   208896   ----a-w-   c:\windows\MBR.exe
2012-03-18 21:11:41   --------   d-----w-   c:\documents and settings\administrator\application data\Malwarebytes
2012-03-18 21:11:31   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2012-03-18 21:11:30   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-18 21:11:29   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-03-17 01:43:23   --------   d-----w-   c:\documents and settings\all users\application data\NVIDIA Corporation
2012-03-17 01:43:17   298304   ----a-w-   c:\windows\system32\nvsvc32.exe
2012-03-17 01:43:16   220992   ----a-w-   c:\windows\system32\nvcolor.exe
2012-03-17 01:43:16   203072   ----a-w-   c:\windows\system32\nvmctray.dll
2012-03-17 01:43:16   16744256   ----a-w-   c:\windows\system32\nvcpl.dll
2012-03-17 01:43:10   602432   ----a-w-   c:\windows\system32\easyupdatusapiu.dll
2012-03-17 01:43:10   54272   ----a-w-   c:\windows\system32\nvwddi.dll
2012-03-17 01:42:24   285176   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2012-03-17 01:42:24   285176   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2012-03-17 01:42:24   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2012-03-04 04:02:37   --------   d-----w-   c:\program files\EndItAll
2012-03-04 02:21:56   74072   ----a-w-   c:\windows\system32\XAPOFX1_5.dll
2012-03-04 02:21:56   527192   ----a-w-   c:\windows\system32\XAudio2_7.dll
2012-03-04 02:21:56   239960   ----a-w-   c:\windows\system32\xactengine3_7.dll
2012-03-04 02:21:55   2106216   ----a-w-   c:\windows\system32\D3DCompiler_43.dll
2012-03-04 02:21:55   1868128   ----a-w-   c:\windows\system32\d3dcsx_43.dll
2012-03-04 02:21:54   248672   ----a-w-   c:\windows\system32\d3dx11_43.dll
2012-03-04 02:21:53   470880   ----a-w-   c:\windows\system32\d3dx10_43.dll
2012-03-04 02:21:51   1998168   ----a-w-   c:\windows\system32\D3DX9_43.dll
2012-03-04 02:21:50   2414360   ----a-w-   c:\windows\system32\d3dx9_31.dll
2012-03-04 02:21:36   --------   d-----w-   c:\windows\Logs
2012-03-04 02:21:17   --------   d-----w-   c:\program files\iRacing
2012-03-04 01:42:10   --------   d-----w-   c:\program files\common files\Logitech
2012-02-25 23:05:40   --------   d-----w-   c:\documents and settings\administrator\application data\com.amazon.music.uploader
2012-02-25 23:05:25   --------   d-----w-   c:\program files\Amazon
2012-02-25 22:38:26   361256   ----a-w-   c:\windows\system32\MyCommandbutton.ocx
2012-02-25 22:38:26   349968   ----a-w-   c:\windows\system32\IGThreed40.ocx
2012-02-25 22:38:26   246304   ----a-w-   c:\windows\system32\MyFramePanel.ocx
2012-02-25 22:38:26   131856   ----a-w-   c:\windows\system32\MSADODC.ocx
2012-02-25 22:38:26   1140472   ----a-w-   c:\windows\system32\IGUltraGrid20.ocx
2012-02-25 22:38:25   101888   ----a-w-   c:\windows\system32\VB6STKIT.DLL
2012-02-25 22:38:21   --------   d-----w-   c:\program files\DownloadUpload.com
2012-02-25 22:37:27   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\blekkotb
2012-02-25 22:37:24   --------   d-----w-   c:\documents and settings\all users\application data\Anti-phishing Domain Advisor
2012-02-25 22:37:14   --------   d-----w-   c:\documents and settings\administrator\application data\blekkotb
2012-02-25 22:36:56   --------   d-----w-   c:\program files\blekkotb
2012-02-25 21:39:54   --------   d-----w-   c:\program files\FreeTime
.
==================== Find3M ====================
.
2012-03-09 03:44:50   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18   1860096   ----a-w-   c:\windows\system32\win32k.sys
2012-01-31 12:44:05   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-01-11 19:06:47   3072   ------w-   c:\windows\system32\iacenc.dll
2012-01-09 16:20:25   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 22:28:25.93 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/3/2011 12:37:00 AM
System Uptime: 3/20/2012 10:03:57 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | P4C800-E
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | CPU 1 | 3398/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 88.375 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\4&2E98101C&0&20F0
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\4&2E98101C&0&20F0
Service:
.
==== System Restore Points ===================
.
RP117: 12/21/2011 9:39:13 PM - System Checkpoint
RP118: 12/24/2011 3:00:54 PM - Software Distribution Service 3.0
RP119: 12/24/2011 3:12:30 PM - Software Distribution Service 3.0
RP120: 12/24/2011 4:25:40 PM - Unsigned printer driver KODAK ESP C310 AiO installed.
RP121: 12/24/2011 4:31:41 PM - Unsigned printer driver KODAK ESP C310 AiO installed.
RP122: 12/24/2011 4:45:25 PM - Unsigned printer driver KODAK ESP C310 AiO installed.
RP123: 12/25/2011 1:36:41 AM - Software Distribution Service 3.0
RP124: 12/25/2011 9:25:28 AM - Installed Windows XP -- Software Updates KB952011.
RP125: 12/26/2011 5:20:03 PM - Software Distribution Service 3.0
RP126: 12/28/2011 10:15:05 AM - Software Distribution Service 3.0
RP127: 12/29/2011 11:06:42 AM - System Checkpoint
RP128: 12/29/2011 11:46:13 AM - Software Distribution Service 3.0
RP129: 12/30/2011 11:48:32 AM - Software Distribution Service 3.0
RP130: 12/31/2011 9:22:06 AM - Software Distribution Service 3.0
RP131: 12/31/2011 4:57:41 PM - Software Distribution Service 3.0
RP132: 1/2/2012 2:54:15 PM - Software Distribution Service 3.0
RP133: 1/3/2012 3:29:05 PM - Software Distribution Service 3.0
RP134: 1/4/2012 7:00:32 PM - Software Distribution Service 3.0
RP135: 1/5/2012 7:58:38 PM - Software Distribution Service 3.0
RP136: 1/6/2012 11:03:27 PM - Software Distribution Service 3.0
RP137: 1/8/2012 1:49:48 PM - Software Distribution Service 3.0
RP138: 1/9/2012 2:25:33 PM - Software Distribution Service 3.0
RP139: 1/10/2012 7:37:04 PM - Software Distribution Service 3.0
RP140: 1/11/2012 10:15:59 PM - Software Distribution Service 3.0
RP141: 1/12/2012 6:57:59 AM - Software Distribution Service 3.0
RP142: 1/12/2012 7:37:03 PM - Software Distribution Service 3.0
RP143: 1/13/2012 6:55:32 AM - Software Distribution Service 3.0
RP144: 1/14/2012 7:27:59 AM - Software Distribution Service 3.0
RP145: 1/15/2012 9:55:53 AM - Software Distribution Service 3.0
RP146: 1/16/2012 3:41:26 PM - Software Distribution Service 3.0
RP147: 1/17/2012 4:14:14 PM - Software Distribution Service 3.0
RP148: 1/18/2012 6:40:19 PM - Software Distribution Service 3.0
RP149: 1/20/2012 5:08:05 PM - Software Distribution Service 3.0
RP150: 1/21/2012 7:51:09 PM - Software Distribution Service 3.0
RP151: 1/23/2012 6:03:34 PM - Software Distribution Service 3.0
RP152: 1/25/2012 2:20:20 PM - Software Distribution Service 3.0
RP153: 1/26/2012 9:32:41 PM - Software Distribution Service 3.0
RP154: 1/27/2012 8:13:40 PM - Software Distribution Service 3.0
RP155: 1/28/2012 12:29:46 PM - Software Distribution Service 3.0
RP156: 1/29/2012 5:26:56 PM - Software Distribution Service 3.0
RP157: 1/31/2012 5:03:38 PM - Software Distribution Service 3.0
RP158: 2/2/2012 5:02:03 PM - Software Distribution Service 3.0
RP159: 2/3/2012 7:25:30 PM - Software Distribution Service 3.0
RP160: 2/4/2012 9:58:14 PM - Software Distribution Service 3.0
RP161: 2/6/2012 5:07:06 PM - Software Distribution Service 3.0
RP162: 2/9/2012 4:34:57 PM - Software Distribution Service 3.0
RP163: 2/9/2012 7:48:30 PM - Software Distribution Service 3.0
RP164: 2/10/2012 5:11:33 PM - Software Distribution Service 3.0
RP165: 2/10/2012 10:17:00 PM - Software Distribution Service 3.0
RP166: 2/12/2012 4:22:02 PM - Software Distribution Service 3.0
RP167: 2/12/2012 7:40:55 PM - Software Distribution Service 3.0
RP168: 2/13/2012 5:28:31 PM - Software Distribution Service 3.0
RP169: 2/16/2012 8:38:42 PM - Software Distribution Service 3.0
RP170: 2/16/2012 9:35:44 PM - Software Distribution Service 3.0
RP171: 2/18/2012 9:24:12 PM - Software Distribution Service 3.0
RP172: 2/20/2012 10:40:24 AM - Software Distribution Service 3.0
RP173: 2/21/2012 12:32:35 PM - System Checkpoint
RP174: 2/21/2012 3:46:10 PM - Software Distribution Service 3.0
RP175: 2/22/2012 8:46:45 PM - Software Distribution Service 3.0
RP176: 2/24/2012 7:33:39 AM - Software Distribution Service 3.0
RP177: 2/25/2012 10:13:32 AM - Software Distribution Service 3.0
RP178: 2/26/2012 12:43:39 PM - Software Distribution Service 3.0
RP179: 2/28/2012 6:11:43 AM - Software Distribution Service 3.0
RP180: 2/29/2012 11:53:39 AM - Software Distribution Service 3.0
RP181: 3/1/2012 8:36:52 PM - Software Distribution Service 3.0
RP182: 3/3/2012 12:44:42 PM - Software Distribution Service 3.0
RP183: 3/3/2012 8:21:16 PM - Installed iRacing.com Race Simulation
RP184: 3/3/2012 8:21:47 PM - Installed DirectX
RP185: 3/5/2012 10:08:02 AM - Software Distribution Service 3.0
RP186: 3/6/2012 6:11:00 AM - Software Distribution Service 3.0
RP187: 3/6/2012 10:23:46 AM - Software Distribution Service 3.0
RP188: 3/7/2012 2:00:15 PM - Software Distribution Service 3.0
RP189: 3/8/2012 3:34:02 PM - Software Distribution Service 3.0
RP190: 3/10/2012 1:58:38 PM - Software Distribution Service 3.0
RP191: 3/11/2012 7:02:37 PM - Software Distribution Service 3.0
RP192: 3/14/2012 9:52:26 AM - Software Distribution Service 3.0
RP193: 3/15/2012 9:06:14 AM - Software Distribution Service 3.0
RP194: 3/16/2012 7:14:00 AM - Software Distribution Service 3.0
RP195: 3/16/2012 9:02:33 PM - Removed Ask Toolbar.
RP196: 3/17/2012 10:58:01 AM - Software Distribution Service 3.0
RP197: 3/18/2012 4:00:34 PM - Software Distribution Service 3.0
RP198: 3/18/2012 6:06:38 PM - Software Distribution Service 3.0
RP199: 3/20/2012 6:13:42 PM - Software Distribution Service 3.0
RP200: 3/20/2012 7:10:13 PM - Online Armor installation
RP201: 3/20/2012 10:22:31 PM - Installed Java(TM) 6 Update 31
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader 8
aioscnnr
Amazon MP3 Downloader 1.0.15
Amazon MP3 Uploader
Anti-phishing Domain Advisor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ASPCA Reminder by We-Care.com v5.0.5.1
AT&T Troubleshoot & Resolve Tool
att.net Internet Mail
att.net Toolbar
Bonjour
C4USelfUpdater
CCleaner
center
Coupon Printer for Windows
Coupons.com Toolbar
doubleTwist
DownloadUpload Audio Converter Extractor Max 1.0.0.11
EasyWeather
EndItAll 2.0
essentials
ffdshow [rev 2527] [2008-12-19]
FormatFactory 2.90
Free M4a to MP3 Converter 7.0
Google Earth Plug-in
Google Update Helper
Hallmark Card Studio 2011
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB971276-v3)
Hotfix for Windows XP (KB981793)
Intel(R) Network Connections 16.5.2.0
iRacing.com Race Simulation
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Kies mini
Kodak AIO Printer
KODAK AiO Software
KODAK Cloud Software Connector
Logitech Gaming Software 5.10
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 8.2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
NVIDIA Control Panel 285.58
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA Update 1.5.20
NVIDIA Update Components
ocr
Online Armor 5.5
PDF Settings CS5
PhotoTools 2.5
Picasa 3
PreReq
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Spam Free Search Bar
SUPERAntiSpyware
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VTech Download Agent Library
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
XPS Essentials Pack
XPS Essentials Pack 1.0
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
3/20/2012 8:21:22 PM, error: Service Control Manager [7022] - The Online Armor service hung on starting.
3/20/2012 10:06:07 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
3/20/2012 10:05:58 PM, error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector service which failed to start because of the following error: Access is denied.
3/20/2012 10:05:58 PM, error: Service Control Manager [7000] - The WebDav Client Redirector service failed to start due to the following error: Access is denied.
3/16/2012 8:30:20 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.
3/16/2012 7:01:19 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/15/2012 9:06:56 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
3/15/2012 9:06:56 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

SuperDave · « **Reply #1 on:** March 21, 2012, 11:29:05 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
******************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files\blekkotb\auxi\blekkoAu.dll
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
Trusted Zone: $talisma_url$

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
****************************************************
Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

pbfoot · « **Reply #2 on:** March 21, 2012, 06:56:48 PM »

Thanks for the help SuperDave!

I've uninstalled Ask and did not find the AskBarDis folder in C\Program Files. Below are the OTL and ComboFix results:

========== OTL ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.1 log created on 03212012_192519

ComboFix 12-03-21.02 - Administrator 03/21/2012 19:29:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2290 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
.
.
2012-03-22 00:25 . 2012-03-14 02:15   6582328   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2264DCFD-92BC-4C7F-B16B-08907793EA32}\mpengine.dll
2012-03-22 00:25 . 2012-03-22 00:25   --------   d-----w-   C:\_OTL
2012-03-21 03:23 . 2012-03-21 03:23   --------   d-----w-   c:\windows\Sun
2012-03-21 03:23 . 2012-03-21 03:23   --------   d-----w-   c:\program files\Common Files\Java
2012-03-21 03:23 . 2012-03-21 03:22   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2012-03-21 03:23 . 2012-03-21 03:22   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2012-03-21 03:22 . 2012-03-21 03:22   --------   d-----w-   c:\program files\Java
2012-03-21 01:44 . 2012-03-21 01:44   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-03-21 01:42 . 2012-03-21 01:43   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-03-21 01:42 . 2012-03-21 01:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-21 01:32 . 2012-03-21 01:33   --------   d-----w-   c:\program files\CCleaner
2012-03-21 00:11 . 2012-03-21 01:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2012-03-21 00:11 . 2012-03-21 00:11   --------   d-----w-   c:\documents and settings\Administrator\Application Data\OnlineArmor
2012-03-21 00:10 . 2012-02-10 19:33   42152   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2012-03-21 00:10 . 2012-02-10 19:33   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2012-03-21 00:10 . 2012-02-10 19:33   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2012-03-21 00:10 . 2012-02-10 19:33   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2012-03-21 00:10 . 2012-03-21 03:27   --------   d-----w-   c:\program files\Online Armor
2012-03-18 21:11 . 2012-03-18 21:11   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-03-18 21:11 . 2012-03-18 21:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-18 21:11 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-18 21:11 . 2012-03-18 21:11   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-03-17 01:43 . 2012-03-17 01:43   --------   d-----w-   c:\documents and settings\UpdatusUser
2012-03-17 01:43 . 2012-03-17 01:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\NVIDIA
2012-03-17 01:43 . 2012-03-17 01:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2012-03-17 01:43 . 2011-10-08 04:50   298304   ----a-w-   c:\windows\system32\nvsvc32.exe
2012-03-17 01:43 . 2011-10-08 04:50   220992   ----a-w-   c:\windows\system32\nvcolor.exe
2012-03-17 01:43 . 2011-10-08 04:50   203072   ----a-w-   c:\windows\system32\nvmctray.dll
2012-03-17 01:43 . 2011-10-08 04:50   16744256   ----a-w-   c:\windows\system32\nvcpl.dll
2012-03-17 01:43 . 2011-10-08 04:50   602432   ----a-w-   c:\windows\system32\easyupdatusapiu.dll
2012-03-17 01:43 . 2011-10-08 04:50   54272   ----a-w-   c:\windows\system32\nvwddi.dll
2012-03-17 01:42 . 2012-03-17 01:59   285176   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2012-03-17 01:42 . 2012-03-17 01:59   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2012-03-17 01:42 . 2012-03-17 01:59   285176   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2012-03-04 04:02 . 2012-03-04 04:04   --------   d-----w-   c:\program files\EndItAll
2012-03-04 02:21 . 2010-06-02 10:55   74072   ----a-w-   c:\windows\system32\XAPOFX1_5.dll
2012-03-04 02:21 . 2010-06-02 10:55   527192   ----a-w-   c:\windows\system32\XAudio2_7.dll
2012-03-04 02:21 . 2010-06-02 10:55   239960   ----a-w-   c:\windows\system32\xactengine3_7.dll
2012-03-04 02:21 . 2010-05-26 17:41   2106216   ----a-w-   c:\windows\system32\D3DCompiler_43.dll
2012-03-04 02:21 . 2010-05-26 17:41   1868128   ----a-w-   c:\windows\system32\d3dcsx_43.dll
2012-03-04 02:21 . 2010-05-26 17:41   248672   ----a-w-   c:\windows\system32\d3dx11_43.dll
2012-03-04 02:21 . 2010-05-26 17:41   470880   ----a-w-   c:\windows\system32\d3dx10_43.dll
2012-03-04 02:21 . 2010-05-26 17:41   1998168   ----a-w-   c:\windows\system32\D3DX9_43.dll
2012-03-04 02:21 . 2006-09-28 22:05   2414360   ----a-w-   c:\windows\system32\d3dx9_31.dll
2012-03-04 02:21 . 2012-03-21 01:38   --------   d-----w-   c:\windows\Logs
2012-03-04 02:21 . 2012-03-04 02:23   --------   d-----w-   c:\program files\iRacing
2012-03-04 02:21 . 2012-03-04 02:21   --------   d-----w-   c:\documents and settings\Administrator\Application Data\InstallShield
2012-03-04 01:42 . 2012-03-04 01:42   --------   d-----w-   c:\program files\Common Files\Logitech
2012-03-04 01:41 . 2012-03-04 01:41   --------   d-----w-   c:\program files\Logitech
2012-02-26 00:29 . 2012-02-26 00:29   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Amazon
2012-02-25 23:05 . 2012-02-25 23:05   --------   d-----w-   c:\documents and settings\Administrator\Application Data\com.amazon.music.uploader
2012-02-25 23:05 . 2012-02-26 00:29   --------   d-----w-   c:\program files\Amazon
2012-02-25 22:38 . 2007-10-04 22:36   361256   ----a-w-   c:\windows\system32\MyCommandbutton.ocx
2012-02-25 22:38 . 2006-09-04 21:24   246304   ----a-w-   c:\windows\system32\MyFramePanel.ocx
2012-02-25 22:38 . 2004-03-09 05:00   131856   ----a-w-   c:\windows\system32\MSADODC.ocx
2012-02-25 22:38 . 2002-03-04 18:21   349968   ----a-w-   c:\windows\system32\IGThreed40.ocx
2012-02-25 22:38 . 2002-03-04 17:27   1140472   ----a-w-   c:\windows\system32\IGUltraGrid20.ocx
2012-02-25 22:38 . 2000-07-15 11:00   101888   ----a-w-   c:\windows\system32\VB6STKIT.DLL
2012-02-25 22:38 . 2012-02-25 22:38   --------   d-----w-   c:\program files\DownloadUpload.com
2012-02-25 22:37 . 2012-02-25 22:37   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\blekkotb
2012-02-25 22:37 . 2012-03-21 03:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2012-02-25 22:37 . 2012-02-25 22:57   --------   d-----w-   c:\documents and settings\Administrator\Application Data\blekkotb
2012-02-25 22:36 . 2012-02-25 22:37   --------   d-----w-   c:\program files\blekkotb
2012-02-25 21:39 . 2012-02-25 21:39   --------   d-----w-   c:\program files\FreeTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2011-09-04 19:25   6582328   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-09 03:44 . 2011-09-03 17:39   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2001-08-23 12:00   1860096   ----a-w-   c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-09-03 13:52   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-01-11 19:06 . 2012-02-17 02:06   3072   ------w-   c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-09-03 05:32   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2011-12-24 21:03 . 2011-09-09 01:35   36352   ----a-w-   c:\documents and settings\Default User\Application Data\PnPutil.exe
2011-12-24 21:03 . 2011-09-09 01:35   800824   ----a-w-   c:\documents and settings\Default User\Application Data\DPInst.exe
2011-12-24 21:03 . 2011-09-09 01:35   106496   ----a-w-   c:\documents and settings\Default User\Application Data\gacutil.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-19_01.38.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-21 03:23 . 2012-03-21 03:23   16384 c:\windows\temp\Perflib_Perfdata_1548.dat
+ 2001-08-23 12:00 . 2012-03-21 00:10   77476 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2012-03-21 00:10   459538 c:\windows\system32\perfh009.dat
+ 2012-03-21 03:23 . 2012-03-21 03:22   157472 c:\windows\system32\javaws.exe
+ 2012-03-21 03:23 . 2012-03-21 03:22   149280 c:\windows\system32\javaw.exe
+ 2012-03-21 03:23 . 2012-03-21 03:22   149280 c:\windows\system32\java.exe
+ 2012-03-21 03:23 . 2012-03-21 03:23   203776 c:\windows\Installer\10e8a6.msi
+ 2012-03-21 03:22 . 2012-03-21 03:22   901120 c:\windows\Installer\10e8a1.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\prxtbCou0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2012-01-17 19:28   262312   ----a-w-   c:\program files\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2012-01-17 19:28   86696   ----a-w-   c:\program files\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2011-05-09 09:49   176936   ----a-w-   c:\program files\Coupons.com\prxtbCou0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\prxtbCou0.dll" [2011-05-09 176936]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files\blekkotb\blekkoDx.dll" [2012-01-17 86696]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{37153479-1976-43C3-A1EE-557513977B64}"= "c:\program files\Coupons.com\prxtbCou0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"EKAIO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-10 2756608]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2012-02-10 2645440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Event Planner Reminder.lnk - c:\program files\Creative Home\Hallmark Card Studio 2011\Planner\PLNRnote.exe [2011-1-17 365960]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-02-10 359352]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/20/2012 7:10 PM 205864]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/20/2012 7:10 PM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/20/2012 7:10 PM 29464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [9/3/2011 12:43 AM 112800]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [7/27/2011 1:48 PM 6656]
R2 iRacingService;iRacing helper service;c:\program files\iRacing\iRacingService.exe [3/3/2012 9:21 PM 473768]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 5:32 PM 394672]
R2 Kodak Cloud Software Connector;Kodak Cloud Software Connector;c:\program files\Kodak\CloudPrinting\KCPConnector.exe -s --> c:\program files\Kodak\CloudPrinting\KCPConnector.exe -s [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/18/2012 4:11 PM 652360]
R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [12/13/2011 1:39 AM 315392]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [3/16/2012 8:43 PM 2253120]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [3/20/2012 7:10 PM 208472]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [9/3/2011 11:33 AM 45288]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/18/2012 4:11 PM 20464]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [3/20/2012 7:10 PM 42152]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2011 10:04 PM 136176]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [3/20/2012 7:10 PM 4369208]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [12/25/2011 1:31 AM 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [5/8/2011 8:29 PM 20032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2011 10:04 PM 136176]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [12/25/2011 1:31 AM 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [12/25/2011 1:31 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [12/25/2011 1:31 AM 136680]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32   128512   ----a-w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-PEARSON-HOME-PC-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-10-29 22:42]
.
2011-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-25 03:04]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-25 03:04]
.
2012-03-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2012-03-22 c:\windows\Tasks\User_Feed_Synchronization-{B6AFF369-C8B4-4CF5-8E10-CE5CE3A67F1A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10206&bi=400
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-21 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-220523388-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,ab,29,34,e1,1a,44,45,99,53,df,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,42,08,ad,28,f7,70,47,89,f7,78,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(492)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4968)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-03-21 19:40:33
ComboFix-quarantined-files.txt 2012-03-22 00:40
ComboFix2.txt 2012-03-19 01:43
.
Pre-Run: 94,791,110,656 bytes free
Post-Run: 94,841,905,152 bytes free
.
- - End Of File - - 383DDFFBABA66CEEBCA9E2ED5A0FB7B6

SuperDave · « **Reply #3 on:** March 22, 2012, 11:58:49 AM »

Any changes in how your computer is working?

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

Firefox::
Trusted Zone: $talisma_url$

DDS::
Trusted Zone: $talisma_url$
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this script.

*************************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

pbfoot · « **Reply #4 on:** March 22, 2012, 09:26:49 PM »

Not that I can notice... My wife still can't log into Pinterest..She can on the laptop, so it's not a site issue. I also cannot log into the Computer Hope site from the PC- In the window it says "An error has occured! You were unable to login. Please check your cookie settings." I just reset Explorer to it's default settings just now and that seems to have fixed the login issues.

Still using Explorer 8- I have not tried installing Chrome again.. Going to give it a try and see how it works.

When I ran the ComboFix again the PC hung up so I had to restart it. I had disabled all firewalls/antivirus/malware etc before running it. Tried running ComboFix again and it hung again. I've let it sit for 10 minutes each time. The black window is there and has the following in it:
"Scanning for infected files....
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double"

Here is the log for SysProt:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B337D000
Module End: B3395000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79C5000
Module End: F79C7000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: B34F042C
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwAssignProcessToJobObject
Address: B34EF928
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwConnectPort
Address: B34EE64C
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateFile
Address: B34F5316
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateKey
Address: B34F7242
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreatePort
Address: B34EE46A
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateProcess
Address: B34EFEE8
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateProcessEx
Address: B34EC978
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateSection
Address: B34EC4F2
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwCreateThread
Address: B34ED634
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwDebugActiveProcess
Address: B34EDD22
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwDuplicateObject
Address: B34EE32C
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwLoadDriver
Address: B34EF350
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwOpenFile
Address: B34F5694
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwOpenProcess
Address: B34ED308
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwOpenSection
Address: B34EC7B4
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwOpenThread
Address: B34ED8B0
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwProtectVirtualMemory
Address: B34EF6DA
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwQueueApcThread
Address: B34EFA44
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwRequestPort
Address: B34EECB0
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwRequestWaitReplyPort
Address: B34EF018
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwRestoreKey
Address: B34F510E
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwResumeThread
Address: B34EE0CE
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSecureConnectPort
Address: B34EE86E
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSetContextThread
Address: B34EDBCC
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSetSystemInformation
Address: B34F00E0
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwShutdownSystem
Address: B34EF28A
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSuspendProcess
Address: B34EE1FE
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSuspendThread
Address: B34EDF7A
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwSystemDebugControl
Address: B34EDE40
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwTerminateProcess
Address: B357A640
Driver Base: B3570000
Driver End: B3592000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

Function Name: ZwTerminateThread
Address: B34EDA66
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwUnloadDriver
Address: B34EF518
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

Function Name: ZwWriteVirtualMemory
Address: B34EF804
Driver Base: B34EC000
Driver End: B351D000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

SuperDave · « **Reply #5 on:** March 23, 2012, 12:50:08 PM »

Quote

My wife still can't log into Pinterest..She can on the laptop, so it's not a site issue

Perhaps your firewall is blocking it. Is the laptop on the same modem? Any error messages?
Could you please download and run HJT. I just want to check something.

Please download: HiJackThis to your Desktop.

Double Click the HijackThis icon, located on your Desktop.
By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
Accept the license agreement.
Click the Open the Misc Tools section button.
Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
Please post the log in your next reply.

******************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

pbfoot · « **Reply #6 on:** March 25, 2012, 05:52:35 PM »

That stupid "welcome to nginx" came up on my home page again- www.att.my.yahoo.com- on the Chrome browser. We can still log in to pinterest and this site whereas before we could not.
Here is are the logs you asked for:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:18 PM, on 3/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\IProsetMonitor.exe
C:\Program Files\iRacing\iRacingService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\CloudPrinting\KCPConnector.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2011\Planner\PLNRnote.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?.lts=1332472599
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10206&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (file missing)
O2 - BHO: Updater For Spam Free Search Bar - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files\blekkotb\auxi\blekkoAu.dll
O2 - BHO: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll
O2 - BHO: Coupons.com - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\prxtbCou0.dll
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Coupons.com Toolbar - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\prxtbCou0.dll
O3 - Toolbar: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [EKAIO2StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2011\Planner\PLNRnote.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1315058172703
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\WINDOWS\System32\IProsetMonitor.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iRacing helper service (iRacingService) - iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730 - C:\Program Files\iRacing\iRacingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Kodak Cloud Software Connector - Unknown owner - C:\Program Files\Kodak\CloudPrinting\KCPConnector.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McciServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciServiceHost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Online Armor Helper Service (OAcat) - Emsi Software GmbH - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Emsi Software GmbH - C:\Program Files\Online Armor\oasrv.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13231 bytes

Below is the ESET log file- is this right?

C:\Documents and Settings\Administrator\My Documents\Downloads\duax.exe multiple threats

pbfoot · « **Reply #7 on:** March 25, 2012, 07:29:30 PM »

Don't know if this is meaningful, but Malwarebytes caught this in it's log today:

2012/03/25 12:35:34 -0500   PEARSON-HOME-PC   Administrator   MESSAGE   Executing scheduled update: Daily
2012/03/25 12:36:16 -0500   PEARSON-HOME-PC   Administrator   MESSAGE   Starting database refresh
2012/03/25 12:36:16 -0500   PEARSON-HOME-PC   Administrator   MESSAGE   Scheduled update executed successfully: database updated from version v2012.03.21.01 to version v2012.03.25.02
2012/03/25 12:36:16 -0500   PEARSON-HOME-PC   Administrator   MESSAGE   Stopping IP protection
2012/03/25 12:36:17 -0500   PEARSON-HOME-PC   Administrator   MESSAGE   IP Protection stopped
2012/03/25 12:36:24 -0500   PEARSON-HOME-PC   Administrator   MESSAGE   Database refreshed successfully
2012/03/25 12:36:24 -0500   PEARSON-HOME-PC   Administrator   MESSAGE   Starting IP protection
2012/03/25 12:36:29 -0500   PEARSON-HOME-PC   Administrator   MESSAGE   IP Protection started successfully
2012/03/25 18:31:43 -0500   PEARSON-HOME-PC   Administrator   IP-BLOCK   173.192.183.195 (Type: outgoing)
2012/03/25 18:31:44 -0500   PEARSON-HOME-PC   Administrator   IP-BLOCK   173.192.183.195 (Type: outgoing)
2012/03/25 18:31:45 -0500   PEARSON-HOME-PC   Administrator   IP-BLOCK   173.192.183.195 (Type: outgoing)
2012/03/25 18:31:46 -0500   PEARSON-HOME-PC   Administrator   IP-BLOCK   173.192.183.195 (Type: outgoing)
2012/03/25 18:31:47 -0500   PEARSON-HOME-PC   Administrator   IP-BLOCK   173.192.183.195 (Type: outgoing)
2012/03/25 18:31:48 -0500   PEARSON-HOME-PC   Administrator   IP-BLOCK   173.192.183.195 (Type: outgoing)
2012/03/25 18:31:52 -0500   PEARSON-HOME-PC   Administrator   IP-BLOCK   173.192.183.195 (Type: outgoing)
2012/03/25 18:31:53 -0500   PEARSON-HOME-PC   Administrator   IP-BLOCK   173.192.183.195 (Type: outgoing)
2012/03/25 18:31:54 -0500   PEARSON-HOME-PC   Administrator   IP-BLOCK   173.192.183.195 (Type: outgoing)

SuperDave · « **Reply #8 on:** March 26, 2012, 12:54:02 PM »

Download HostsXpert

•Unzip HostXpert to your Desktop

•Open up the HostXpert program.

•Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.

•Click Create Back Up

•Then click on Restore Microsoft's Host Files

•Close the HostXpert program

I still need to see the log from ESET.

Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

pbfoot · « **Reply #9 on:** March 27, 2012, 06:16:39 PM »

When I ran the ESET online scanner before all I got in the log was this:

C:\Documents and Settings\Administrator\My Documents\Downloads\duax.exe multiple threats

I'm running it again right now. Did I do it right the first time? I'll post again after the ESET scan is done.

Ran HostsXpert. Here is the log file from aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-27 19:06:22
-----------------------------
19:06:22.590 OS Version: Windows 5.1.2600 Service Pack 3
19:06:22.590 Number of processors: 2 586 0x304
19:06:22.590 ComputerName: PEARSON-HOME-PC UserName: Administrator
19:06:31.996 Initialize success
19:07:06.496 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
19:07:06.496 Disk 0 Vendor: ST3160023AS 3.20 Size: 152627MB BusType: 3
19:07:06.496 Disk 0 MBR read successfully
19:07:06.496 Disk 0 MBR scan
19:07:06.496 Disk 0 Windows XP default MBR code
19:07:06.496 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131069 MB offset 63
19:07:06.512 Disk 0 scanning sectors +268430085
19:07:06.559 Disk 0 scanning C:\WINDOWS\system32\drivers
19:07:14.824 Service scanning
19:07:19.715 Service MpKsl9b115514 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8110A96C-E12C-4964-B330-92C1B0D0E6E2}\MpKsl9b115514.sys **LOCKED** 32
19:07:26.231 Modules scanning
19:07:31.637 Disk 0 trace - called modules:
19:07:31.652 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:07:31.652 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab6aab8]
19:07:31.652 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8ab4cd98]
19:07:31.652 Scan finished successfully
19:07:52.465 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
19:07:52.527 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

pbfoot · « **Reply #10 on:** March 27, 2012, 08:27:01 PM »

Same log file as before with the ESET scanner:

C:\Documents and Settings\Administrator\My Documents\Downloads\duax.exe multiple threats

SuperDave · « **Reply #11 on:** March 28, 2012, 12:10:38 PM »

Quote

Same log file as before with the ESET scanner:
C:\Documents and Settings\Administrator\My Documents\Downloads\duax.exe multiple threats

Please go into your downloads folder and delete that file and run ESET again.

pbfoot · « **Reply #12 on:** March 31, 2012, 01:55:32 PM »

I permanently deleted the duax.exe file and ran ESET again:

C:\Documents and Settings\Administrator\My Documents\Downloads\doubleTwistSetup.exe Win32/OpenCandy application

I still have the same "welcome to nginx" coming up for my home page.

SuperDave · « **Reply #13 on:** March 31, 2012, 04:57:47 PM »

Quote

C:\Documents and Settings\Administrator\My Documents\Downloads\doubleTwistSetup.exe

Delete that file also and see what happens.

Quote

I still have the same "welcome to nginx" coming up for my home page.

Can you change your homepage?

pbfoot · « **Reply #14 on:** April 01, 2012, 06:12:21 PM »

I ran ESET again after deleting doubletwist.exe and it found no other issues. Just for good measure, I cleaned out my "downloads" folder and deleted everything in there.

I can change my home page- I changed it to cnn.com and that worked fine. I changed it back to att.my.yahoo.com to see if the nginx still comes up and it does.

Seems like the computer is running slower now though. Programs load slower, takes longer for the internet to load initially.

Computer Hope Forum

News:

Author Topic: Problem with "welcome to nginx" and website logins (Read 15988 times)

pbfoot

Problem with "welcome to nginx" and website logins

SuperDave

Re: Problem with "welcome to nginx" and website logins

pbfoot

Re: Problem with "welcome to nginx" and website logins

SuperDave

Re: Problem with "welcome to nginx" and website logins

pbfoot

Re: Problem with "welcome to nginx" and website logins

SuperDave

Re: Problem with "welcome to nginx" and website logins

pbfoot

Re: Problem with "welcome to nginx" and website logins

pbfoot

Re: Problem with "welcome to nginx" and website logins

SuperDave

Re: Problem with "welcome to nginx" and website logins

pbfoot

Re: Problem with "welcome to nginx" and website logins

pbfoot

Re: Problem with "welcome to nginx" and website logins

SuperDave

Re: Problem with "welcome to nginx" and website logins

pbfoot

Re: Problem with "welcome to nginx" and website logins

SuperDave

Re: Problem with "welcome to nginx" and website logins

pbfoot

Re: Problem with "welcome to nginx" and website logins