puffkitty

Sorry, got sidetracked with work. I don't have chrome installed and I did fix that issue. It was a Firefox thing and there was a quick fix on their site for it. I'm still getting random redirects, but it is now less frequent, which is something anyway.

okay, so far I haven't seen the happili redirect, but I have another one now. The page it loads is empty, just white background, the tab says 'Redirect' and the URL has this in it http://click.findsearchengineresults.com/ads-clicktrack/click/jump1.do?sid=0EeODYWNq207D3G2914WUBLYDXIRXIbwHloIIUiaB4Mj5YN5IdCUmw%3D%3D&affiliate=46573&subid=10673-1-28356&rc=0&terms=redirect%20virus It comes up a bit randomly, but mostly when I search for virus stuff, which I've been doing a lot of to test. I might just cry.

ran flush.bat, what a great little tool. Reinstalled Firefox 12. Now firefox won't finish opening without giving me this script error chrome://browser/content/tabbrowser.xml:466, and then freezing up so that I have to ctrl,alt,del and close firefox from there. This script error makes no sence, I didn't think firefox was still useing tabbrowser. I remember this error from way back in version 2 or 3. I'm getting to old for this.

About a week ago, maybe a little more now, I noticed that I was getting redirected in my google searches to a few pointless sights. I updated my anti-virus but that caught nothing, so I went the malware scanners. I ran TDSS killer and it came up clean, so I ran Malwarebytes and it caught several little files and cleaned them off. Currently my computer is acting normally except that on occasion my google searches are still redirected, though the happili page now loads with script errors. That is the only remaining piece of the happili redirect virus that I can't seem to root out. And yes, if all else fails, I will be formatting. Going to be time to do that soon anyway, I just didn't want to have to do it yet. I'm pretty sure there is some little bit of the virus attached to my registry, which I dislike messing with, or to some other equally unsavory part of my OS. Here's my Malwarebytes log. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.05.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 owner :: OWNER-FA53F1043 [administrator] 5/4/2012 10:47:54 PM mbam-log-2012-05-04 (22-47-54).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 390056 Time elapsed: 1 hour(s), 38 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Merged 3 post Hello, I noticed the redirect about a week ago and did some research on how to remove the virus. I got the malwarebytes anti-malware program and it found several things that looked like the offending files and got rid of them, however, I still get the redirect. I've read every resent guide out there and I've gotten the virus itself, but some little bit of it is still there annoying the ever loving bat snot out of me. What have I missed? Any Ideas? Any insight would be greatly appriciated. Thank you for your time. puffkitty . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by owner at 14:17:25 on 2012-05-02 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2431 [GMT -4:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector10\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector10" updatewithcreateonce "software\cyberlink\powerdirector\10.0" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9498ED5E-A23D-44FA-8A36-38111DEE2151} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\x2a7y7j0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\epicplay\npEpicHost.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll . ============= SERVICES / DRIVERS =============== . R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2009-3-19 154664] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-10 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-10 337880] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-10 20696] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-10 44768] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-4-9 2136224] S0 cerc6;cerc6; [x] S2 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2010-7-1 136616] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 253088] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-1 129976] S3 XDva388;XDva388;\??\c:\windows\system32\xdva388.sys --> c:\windows\system32\XDva388.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?] . =============== File Associations =============== . .txt= . =============== Created Last 30 ================ . 2012-05-01 20:55:25 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-05-01 20:55:21 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2012-05-01 20:55:21 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-05-01 20:34:09 -------- d-sha-r- C:\cmdcons 2012-05-01 20:32:37 98816 ----a-w- c:\windows\sed.exe 2012-05-01 20:32:37 518144 ----a-w- c:\windows\SWREG.exe 2012-05-01 20:32:37 256000 ----a-w- c:\windows\PEV.exe 2012-05-01 20:32:37 208896 ----a-w- c:\windows\MBR.exe 2012-05-01 18:13:15 -------- d-----w- c:\program files\OverDrive Media Console 2012-04-19 15:42:57 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-16 18:19:21 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes 2012-04-16 18:19:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-16 18:19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-16 18:19:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-04-09 16:58:44 450560 ----a-w- c:\windows\system32\NCTAudioTransform2.dll 2012-04-09 16:58:44 315392 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll 2012-04-09 16:58:44 237568 ----a-w- c:\windows\system32\lame_enc.dll 2012-04-09 16:58:44 196608 ----a-w- c:\windows\system32\NCTWMAFile2.dll 2012-04-09 16:58:44 1843200 ----a-w- c:\windows\system32\NCTAudioFile2.dll 2012-04-09 16:58:43 344064 ----a-w- c:\windows\system32\msvcr70.dll 2012-04-09 16:58:43 -------- d-----w- c:\program files\AudioToolsFactory 2012-04-09 16:56:19 -------- d-----w- c:\program files\1ClickDownload 2012-04-09 12:20:07 -------- d-----w- C:\My Music 2012-04-05 22:57:19 -------- d-----w- c:\program files\MP3Gain 2012-04-03 19:05:14 -------- d-----w- c:\program files\iPod 2012-04-02 19:26:00 -------- d-----w- C:\ShareFiles 2012-04-02 19:26:00 -------- d-----w- C:\Richvideo 2012-04-02 19:25:59 435712 ----a-w- C:\PowerDirector.msi 2012-04-02 19:25:59 38958968 ----a-w- C:\QuickTimeInstaller.exe 2012-04-02 19:25:58 3809590 ----a-w- C:\NewBlueArtEffectsForPDR10.exe 2012-04-02 19:25:54 4866576 ----a-w- C:\ISSetup.dll 2012-04-02 19:25:54 -------- d-----w- C:\Fonts 2012-04-02 19:25:52 95600 ----a-w- C:\CLSM.exe 2012-04-02 19:25:52 914432 ----a-w- C:\7z.dll 2012-04-02 19:25:52 163840 ----a-w- C:\7z.exe . ==================== Find3M ==================== . 2012-04-19 15:49:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr 2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-02-15 15:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-15 15:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-02-14 16:19:18 679936 ----a-w- c:\windows\system32\AWC_SS.scr . ============= FINISH: 14:17:39.71 =============== And this too is a requested item. I must be getting old, it took me a good 5 minutes to figure out how to load up an attachment. egads. attach.rar