ATVman

Members

View Profile See their activity

Posts
8
Joined
June 21, 2012
Last visited
June 25, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by ATVman

Infected with Happili Trojan

ATVman replied to ATVman's topic in Resolved Malware Removal Logs

The log didn't copy very well d69fcd3-1f843ef2\rotor/zalux.class;C:\Documents and Settings\Ean\Application Data\Sun\Java\Deployment\cache\6.0\19\d69fcd3-1f843ef2;Exploit.CVE2010-0840.20;; d69fcd3-1f843ef2;C:\Documents and Settings\Ean\Application Data\Sun\Java\Deployment\cache\6.0\19;Container contains infected objects;Moved.; CustomInstallationPlugIn.dll;C:\Documents and Settings\Kelly\Local Settings\Temp\01M7GSE0\kitchen_brigade-setup[1] Setup\plugins\2;Probably STPAGE.Trojan;; jar_cache1483048561033722112.tmp\E.class;C:\Documents and Settings\Kids\Local Settings\Temp\jar_cache1483048561033722112.tmp;Exploit.Java.307;; jar_cache1483048561033722112.tmp;C:\Documents and Settings\Kids\Local Settings\Temp;Container contains infected objects;Moved.; cbr2121;kw=google;sz=728x90;ord=5358208832638516[1];C:\Documents and Settings\Kids\Local Settings\Temporary Internet Files\Content.IE5\75A9R9MB;Probably SCRIPT.Virus;; cbr2121;kw=google;sz=728x90;ord=2998561148723128[1];C:\Documents and Settings\Kids\Local Settings\Temporary Internet Files\Content.IE5\GY2C9IOO;Probably SCRIPT.Virus;; npCouponPrinter.dll;C:\Program Files\Mozilla Firefox\plugins;Adware.Coupons.34;; A0102387.bat;C:\System Volume Information\_restore{82EC36D8-0CA1-4777-868B-3C6B2F39DA92}\RP1089;Probably BATCH.Virus;; A0105426.bat;C:\System Volume Information\_restore{82EC36D8-0CA1-4777-868B-3C6B2F39DA92}\RP1095;Probably BATCH.Virus;;
- June 25, 2012
- 15 replies
Infected with Happili Trojan

ATVman replied to ATVman's topic in Resolved Malware Removal Logs

Status: Disinfected (events: 8) 6/23/2012 2:19:28 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Ean\Application Data\Sun\Java\Deployment\cache\6.0\0\4fde7d80-45da705b/mp1/p2/C.class High 6/23/2012 2:19:30 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.cg C:\Documents and Settings\Ean\Application Data\Sun\Java\Deployment\cache\6.0\35\778e4823-3aeeaa59/Play.class High 6/23/2012 12:55:19 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Kelly\Application Data\Sun\Java\Deployment\cache\6.0\12\72c8f00c-3a1c94fa/mz1/my/CL.class High 6/23/2012 12:55:19 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Documents and Settings\Kelly\Application Data\Sun\Java\Deployment\cache\6.0\53\1e44b9b5-2b96c3b6/json/Parser.class High 6/23/2012 12:55:19 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Kelly\Application Data\Sun\Java\Deployment\cache\6.0\12\72c8f00c-3a1c94fa High 6/23/2012 12:55:19 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.dz C:\Documents and Settings\Kelly\Application Data\Sun\Java\Deployment\cache\6.0\53\1e44b9b5-2b96c3b6 High 6/23/2012 2:19:28 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.al C:\Documents and Settings\Ean\Application Data\Sun\Java\Deployment\cache\6.0\0\4fde7d80-45da705b High 6/23/2012 2:19:30 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.cg C:\Documents and Settings\Ean\Application Data\Sun\Java\Deployment\cache\6.0\35\778e4823-3aeeaa59 High Status: Will be deleted when the computer is restarted (events: 1) 6/23/2012 2:20:47 PM Will be deleted when the computer is restarted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Ean\Local Settings\temp\NOD1161.tmp High Status: Deleted (events: 22) 6/23/2012 12:55:48 PM Deleted Trojan program Trojan.Win32.Agent.slys C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\28\3084999c-20c534ad//PE-Crypt.XorPE High 6/23/2012 12:55:42 PM Deleted Trojan program Trojan.Win32.Agent.smek C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\45\5bc711ed-618e7de3//PE-Crypt.XorPE High 6/23/2012 12:56:09 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-46f0b1da//PE-Crypt.XorPE//PE_Patch//ASProtect14 High 6/23/2012 12:55:42 PM Deleted Trojan program Trojan.Win32.Agent.smek C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\45\5bc711ed-618e7de3 High 6/23/2012 12:55:48 PM Deleted Trojan program Trojan.Win32.Agent.slys C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\28\3084999c-20c534ad High 6/23/2012 12:56:19 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\7d1460f0-5b0d843e//PE-Crypt.XorPE//PE_Patch//ASProtect14 High 6/23/2012 12:56:08 PM Deleted Trojan program Trojan.Win32.Agent.slyh C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\50\2d15d0b2-4d80facb//PE-Crypt.XorPE High 6/23/2012 12:56:08 PM Deleted Trojan program Trojan.Win32.Agent.slyh C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\50\2d15d0b2-4d80facb High 6/23/2012 12:56:09 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-46f0b1da//PE-Crypt.XorPE//PE_Patch High 6/23/2012 12:56:09 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-46f0b1da//PE-Crypt.XorPE High 6/23/2012 12:56:09 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\2a913bb0-46f0b1da High 6/23/2012 12:56:19 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\7d1460f0-5b0d843e//PE-Crypt.XorPE//PE_Patch High 6/23/2012 12:56:19 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\7d1460f0-5b0d843e//PE-Crypt.XorPE High 6/23/2012 12:56:19 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\48\7d1460f0-5b0d843e High 6/23/2012 12:56:50 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\9\58e72549-1220e024//PE-Crypt.XorPE//PE_Patch//ASProtect14 High 6/23/2012 12:56:50 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\9\58e72549-1220e024//PE-Crypt.XorPE//PE_Patch High 6/23/2012 12:56:50 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\9\58e72549-1220e024//PE-Crypt.XorPE High 6/23/2012 12:56:50 PM Deleted Trojan program Packed.Win32.Black.d C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\9\58e72549-1220e024 High 6/23/2012 12:58:04 PM Deleted Trojan program Trojan-Spy.Win32.Lurk.ze C:\Documents and Settings\Kids\Local Settings\Temp\0.4561690942235387.htm High 6/23/2012 12:58:23 PM Deleted Trojan program Trojan-Spy.Win32.Lurk.ze C:\Documents and Settings\Kids\Local Settings\Temp\E8.tmp High 6/23/2012 1:43:54 PM Deleted Trojan program Trojan.Win32.Agent.slys C:\System Volume Information\_restore{82EC36D8-0CA1-4777-868B-3C6B2F39DA92}\RP1087\A0100341.exe High 6/23/2012 1:44:19 PM Deleted Trojan program Packed.Win32.Krap.hc C:\System Volume Information\_restore{82EC36D8-0CA1-4777-868B-3C6B2F39DA92}\RP1094\A0105369.exe High
- June 23, 2012
- 15 replies
Infected with Happili Trojan

ATVman replied to ATVman's topic in Resolved Malware Removal Logs

ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=446ef88b5f4c914291259598ec8f7749 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-22 11:18:08 # local_time=2012-06-22 07:18:08 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=2817 16777215 100 100 62309983 64908079 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=127817 # found=13 # cleaned=13 # scan_time=3032 C:\Documents and Settings\Ean\Local Settings\Application Data\{65A65992-99D4-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kelly\Local Settings\Application Data\{65A65992-99D4-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kelly\Local Settings\Temp\jar_cache5719936466553698840.tmp Java/Exploit.CVE-2012-0507.BK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kids\Application Data\Sun\Java\Deployment\cache\6.0\13\547bef0d-157d0899 a variant of Win32/Injector.SQB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kids\Local Settings\Application Data\Apple Computer\Ahead\seooekhsp.dll a variant of Win32/Kryptik.AGJV trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kids\Local Settings\Application Data\{65A65992-99D4-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kids\Local Settings\Application Data\{d9631021-81ab-1cc1-e8f5-aabc88d61ea1}\L\80000032.@ probably a variant of Win32/Sirefef.EU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kids\Local Settings\Application Data\{d9631021-81ab-1cc1-e8f5-aabc88d61ea1}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kids\Local Settings\Temp\100.tmp a variant of Win32/Kryptik.AGNZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kids\Local Settings\Temp\mpland.dll a variant of Win32/Medfos.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kids\Local Settings\Temp\tempfiles.exe a variant of Win32/Injector.SQB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kids\Local Settings\Temp\nst231.tmp\seooekhsp.dll a variant of Win32/Kryptik.AGJV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{82EC36D8-0CA1-4777-868B-3C6B2F39DA92}\RP1095\A0105487.dll a variant of Win32/Kryptik.AGJV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
- June 22, 2012
- 15 replies
Infected with Happili Trojan

ATVman replied to ATVman's topic in Resolved Malware Removal Logs

https://www.virustotal.com/file/bc43d953e24b76a86aa7252a35ce408341fc14e6b1cb5a0c592a92ba4f9325ae/analysis/1340348243/
- June 22, 2012
- 15 replies
Infected with Happili Trojan

ATVman replied to ATVman's topic in Resolved Malware Removal Logs

Vuze is gone. Here is the ComboFix log ComboFix 12-06-21.01 - Ean 06/21/2012 12:51:41.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1186 [GMT -4:00] Running from: c:\documents and settings\Ean\Desktop\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-15 14:24 . 2012-06-15 14:24 -------- d-sh--w- c:\documents and settings\Kids\IECompatCache 2012-06-12 13:05 . 2012-06-12 13:05 -------- d-----w- c:\documents and settings\Kids\Applications 2012-05-26 19:03 . 2012-05-26 19:03 -------- d-sh--w- c:\documents and settings\Ean\IECompatCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 19:56 . 2009-07-31 00:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-25 05:58 . 2011-04-25 05:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2011-04-25 06:48 . 2011-04-25 06:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2011-04-25 06:00 . 2011-04-25 06:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2011-04-25 05:59 . 2011-04-25 05:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2011-04-25 05:58 . 2011-04-25 05:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2011-04-25 05:57 . 2011-04-25 05:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2011-04-25 05:58 . 2011-04-25 05:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2011-04-25 05:58 . 2011-04-25 05:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2011-04-25 05:51 . 2011-04-25 05:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2011-04-25 06:00 . 2011-04-25 06:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-01-18 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2012-06-15_17.33.20 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-21 15:41 . 2012-06-21 15:41 16384 c:\windows\Temp\Perflib_Perfdata_ec.dat + 2012-06-21 15:52 . 2012-06-21 15:52 16384 c:\windows\Temp\Perflib_Perfdata_8dc.dat + 2001-08-23 11:00 . 2012-06-15 19:22 68796 c:\windows\system32\perfc009.dat - 2001-08-23 11:00 . 2012-03-12 00:54 68796 c:\windows\system32\perfc009.dat + 2001-08-23 11:00 . 2012-06-15 19:22 436026 c:\windows\system32\perfh009.dat - 2001-08-23 11:00 . 2012-03-12 00:54 436026 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" [2004-03-01 98304] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136] "eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2008-09-03 487424] "ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2010-05-24 86016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NeroMediaHome.exe"= "c:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NMMediaServer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Kelly\\Desktop\\utorrent.exe"= "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"= "c:\\Program Files\\Cisco Packet Tracer 5.3\\bin\\PacketTracer5.exe"= . R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/25/2011 1:49 AM 65584] R2 HealthMonitor;HealthMonitor;c:\program files\HealthMonitor\HealthMonitor.exe [9/2/2005 12:56 PM 24576] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/30/2009 8:13 PM 654408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/30/2009 8:13 PM 22344] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/18/2009 11:04 PM 47360] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [11/17/2009 7:38 PM 18560] . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2052111302-682003330-1004Core.job - c:\documents and settings\Kelly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-02 01:11] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2052111302-682003330-1004UA.job - c:\documents and settings\Kelly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-02 01:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 216.165.129.158 FF - ProfilePath - c:\documents and settings\Ean\Application Data\Mozilla\Firefox\Profiles\ojdyfr6i.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-21 12:58 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(716) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3120) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-06-21 13:00:46 ComboFix-quarantined-files.txt 2012-06-21 17:00 ComboFix2.txt 2012-06-15 17:35 . Pre-Run: 104,577,015,808 bytes free Post-Run: 104,582,737,920 bytes free . - - End Of File - - A6FD0138D107192DD4D47227AADC902E
- June 21, 2012
- 15 replies
Infected with Happili Trojan

ATVman replied to ATVman's topic in Resolved Malware Removal Logs

Each time it finds those 4 and says they remove successfully, but it comes back.
- June 21, 2012
- 15 replies
Infected with Happili Trojan

ATVman replied to ATVman's topic in Resolved Malware Removal Logs

Here is the log from Mbam Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.21.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Ean :: EAN-5784A361F15 [administrator] Protection: Enabled 6/21/2012 11:17:23 AM mbam-log-2012-06-21 (11-17-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241342 Time elapsed: 7 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Documents and Settings\Kids\Local Settings\Temp\0.17353914919558944 (Trojan.Happili) -> Quarantined and deleted successfully. C:\Documents and Settings\Kids\Local Settings\Temp\0.3856546594334659 (Trojan.Happili) -> Quarantined and deleted successfully. C:\Documents and Settings\Kids\Local Settings\Temp\0.9491749519361574 (Trojan.Happili) -> Quarantined and deleted successfully. C:\Documents and Settings\Kids\Applications\NT\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end)
- June 21, 2012
- 15 replies
Infected with Happili Trojan

ATVman posted a topic in Resolved Malware Removal Logs

I have recently been hit w/ the Happili Trojan, MBAM says it finds it and cleans it up but I still will randomly get pop ups from Mbam saying it blocked a outgoing attempt to a malicious website, the website IP is different on most notifications. I downloaded DDS and ran it, below are the 2 logs, please help me - Thanks. DDS.TXT . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Run by Ean at 10:14:14 on 2012-06-21 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1266 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\HealthMonitor\HealthMonitor.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\WINDOWS\system32\wuauclt.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL uRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [EPSON Stylus CX6600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600" mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [eligmini] c:\program files\fisher-price\easy-link internet launch pad\Easy-Link internet launch pad.exe 0 mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233613307578 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 216.165.129.158 TCP: Interfaces\{8C572FCF-FA1D-495C-A0DC-27D6270921F5} : DhcpNameServer = 192.168.0.1 216.165.129.158 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\ean\application data\mozilla\firefox\profiles\ojdyfr6i.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584] R2 HealthMonitor;HealthMonitor;c:\program files\healthmonitor\HealthMonitor.exe [2005-9-2 24576] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-30 654408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-30 22344] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-11-17 18560] . =============== Created Last 30 ================ . 2012-06-15 17:19:29 -------- d-sha-r- C:\cmdcons 2012-06-15 17:14:54 98816 ----a-w- c:\windows\sed.exe 2012-06-15 17:14:54 518144 ----a-w- c:\windows\SWREG.exe 2012-06-15 17:14:54 256000 ----a-w- c:\windows\PEV.exe 2012-06-15 17:14:54 208896 ----a-w- c:\windows\MBR.exe 2012-06-15 17:14:46 -------- d-----w- C:\ComboFix 2012-05-26 19:03:00 -------- d-sh--w- c:\documents and settings\ean\IECompatCache . ==================== Find3M ==================== . 2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 10:15:04.62 =============== ATTACH.TXT . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 1/18/2009 2:11:35 PM System Uptime: 6/21/2012 8:36:40 AM (2 hours ago) . Motherboard: ASUSTeK Computer INC. | | M2A-VM Processor: AMD Athlon 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2599/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 596 GiB total, 97.456 GiB free. D: is FIXED (NTFS) - 75 GiB total, 30.499 GiB free. E: is Removable F: is Removable G: is Removable H: is CDROM () I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Network Controller Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&CC5B14E&0&28A4 Manufacturer: Name: Network Controller PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&CC5B14E&0&28A4 Service: . ==== System Restore Points =================== . RP1003: 3/23/2012 6:28:14 PM - System Checkpoint RP1004: 3/24/2012 6:48:00 PM - System Checkpoint RP1005: 3/25/2012 10:00:17 PM - System Checkpoint RP1006: 3/26/2012 10:06:50 PM - System Checkpoint RP1007: 3/27/2012 10:09:22 PM - System Checkpoint RP1008: 3/29/2012 9:21:23 AM - System Checkpoint RP1009: 3/30/2012 9:32:48 AM - System Checkpoint RP1010: 3/30/2012 6:46:39 PM - Removed EPSON PhotoStarter3.2 RP1011: 3/30/2012 6:47:50 PM - Removed EPSON CardMonitor RP1012: 3/30/2012 6:48:26 PM - Removed Applet_Web RP1013: 3/30/2012 6:48:32 PM - Removed Applet_App RP1014: 3/30/2012 6:48:38 PM - Removed Applet_Ocr RP1015: 3/30/2012 6:48:44 PM - Removed Applet_Email RP1016: 3/30/2012 6:48:50 PM - Removed Applet_File RP1017: 3/30/2012 6:48:58 PM - Removed Applet_CopyToFax RP1018: 3/30/2012 6:49:03 PM - Removed Applet_VC RP1019: 3/30/2012 6:49:11 PM - Removed Applet_Copy RP1020: 3/30/2012 6:49:16 PM - Removed Smart Panel RP1021: 3/31/2012 7:04:57 PM - System Checkpoint RP1022: 4/1/2012 8:16:02 PM - System Checkpoint RP1023: 4/2/2012 9:17:06 PM - System Checkpoint RP1024: 4/3/2012 10:40:45 PM - System Checkpoint RP1025: 4/4/2012 11:03:06 PM - System Checkpoint RP1026: 4/5/2012 11:39:30 PM - System Checkpoint RP1027: 4/7/2012 12:06:51 AM - System Checkpoint RP1028: 4/8/2012 12:51:07 AM - System Checkpoint RP1029: 4/9/2012 1:42:18 AM - System Checkpoint RP1030: 4/10/2012 2:42:18 AM - System Checkpoint RP1031: 4/11/2012 3:35:02 AM - System Checkpoint RP1032: 4/12/2012 8:49:19 AM - System Checkpoint RP1033: 4/13/2012 9:04:15 AM - System Checkpoint RP1034: 4/14/2012 10:27:01 AM - System Checkpoint RP1035: 4/15/2012 10:36:31 AM - System Checkpoint RP1036: 4/16/2012 11:56:24 AM - System Checkpoint RP1037: 4/17/2012 4:04:54 PM - System Checkpoint RP1038: 4/18/2012 4:06:45 PM - System Checkpoint RP1039: 4/19/2012 4:50:12 PM - System Checkpoint RP1040: 4/20/2012 5:50:40 PM - System Checkpoint RP1041: 4/22/2012 12:04:24 PM - System Checkpoint RP1042: 4/23/2012 12:35:00 PM - System Checkpoint RP1043: 4/24/2012 1:33:55 PM - System Checkpoint RP1044: 4/25/2012 2:29:05 PM - System Checkpoint RP1045: 4/26/2012 3:28:00 PM - System Checkpoint RP1046: 4/27/2012 4:13:16 PM - System Checkpoint RP1047: 4/28/2012 5:13:16 PM - System Checkpoint RP1048: 4/29/2012 6:13:16 PM - System Checkpoint RP1049: 4/30/2012 7:17:07 PM - System Checkpoint RP1050: 5/1/2012 7:32:01 PM - System Checkpoint RP1051: 5/2/2012 8:16:21 PM - System Checkpoint RP1052: 5/3/2012 8:42:35 PM - System Checkpoint RP1053: 5/4/2012 9:16:21 PM - System Checkpoint RP1054: 5/5/2012 10:16:21 PM - System Checkpoint RP1055: 5/7/2012 6:08:18 PM - System Checkpoint RP1056: 5/8/2012 10:12:17 PM - System Checkpoint RP1057: 5/9/2012 11:29:33 PM - System Checkpoint RP1058: 5/10/2012 11:46:35 PM - System Checkpoint RP1059: 5/11/2012 11:51:02 PM - System Checkpoint RP1060: 5/13/2012 12:08:51 AM - System Checkpoint RP1061: 5/14/2012 7:57:49 AM - System Checkpoint RP1062: 5/15/2012 4:35:13 PM - System Checkpoint RP1063: 5/16/2012 4:42:23 PM - System Checkpoint RP1064: 5/17/2012 8:08:08 PM - System Checkpoint RP1065: 5/18/2012 8:46:24 PM - System Checkpoint RP1066: 5/19/2012 9:46:25 PM - System Checkpoint RP1067: 5/21/2012 7:24:06 AM - System Checkpoint RP1068: 5/22/2012 8:11:30 AM - System Checkpoint RP1069: 5/23/2012 9:11:30 AM - System Checkpoint RP1070: 5/24/2012 10:11:30 AM - System Checkpoint RP1071: 5/25/2012 12:11:43 PM - System Checkpoint RP1072: 5/26/2012 1:19:57 PM - System Checkpoint RP1073: 5/27/2012 7:33:44 PM - System Checkpoint RP1074: 5/28/2012 9:12:01 PM - System Checkpoint RP1075: 5/29/2012 9:57:41 PM - System Checkpoint RP1076: 5/30/2012 10:19:41 PM - System Checkpoint RP1077: 5/31/2012 10:47:11 PM - System Checkpoint RP1078: 6/1/2012 11:33:07 PM - System Checkpoint RP1079: 6/2/2012 11:58:02 PM - System Checkpoint RP1080: 6/4/2012 8:48:18 AM - System Checkpoint RP1081: 6/5/2012 9:41:04 AM - System Checkpoint RP1082: 6/6/2012 10:41:05 AM - System Checkpoint RP1083: 6/7/2012 11:14:40 AM - System Checkpoint RP1084: 6/8/2012 12:01:43 PM - System Checkpoint RP1085: 6/9/2012 12:36:52 PM - System Checkpoint RP1086: 6/11/2012 9:09:22 AM - System Checkpoint RP1087: 6/12/2012 1:33:48 PM - System Checkpoint RP1088: 6/13/2012 3:50:09 PM - System Checkpoint RP1089: 6/14/2012 4:28:42 PM - System Checkpoint RP1090: 6/15/2012 5:03:00 PM - System Checkpoint RP1091: 6/16/2012 5:07:16 PM - System Checkpoint RP1092: 6/17/2012 6:07:16 PM - System Checkpoint RP1093: 6/19/2012 9:14:51 AM - System Checkpoint RP1094: 6/20/2012 10:12:58 AM - System Checkpoint . ==== Installed Programs ====================== . . AAC Decoder ABBYY FineReader 5.0 Sprint Plus Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop 6.0 Adobe Reader 9.4.2 Adobe Shockwave Player 11.5 AMD Processor Driver AnyDVD Apple Application Support Apple Mobile Device Support Apple Software Update AquAdvisor ArcSoft Software Suite ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver ATI Parental Control & Encoder Audacity 1.2.6 AutoUpdate Avi2Dvd 0.5 AviSynth 2.5 Bonjour Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner (remove only) Cisco Packet Tracer 5.3 Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) ClamWin Free Antivirus 0.96.1 ConvertHelper 2.2 Coupon Printer for Windows Critical Update for Windows Media Player 11 (KB959772) DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Version Checker DivX Web Player Duplicate Music Files Finder 1.5.5 DVD Decrypter (Remove Only) DVD Flick DVD Shrink 3.2 DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.0 Easy-Link internet launch pad EPSON Printer Software ffdshow [rev 2844] [2009-03-30] Free RAR Extract Frog 1.00 H.264 Decoder HandBrake 0.9.3 HealthMonitor 3.0 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Image Resizer Powertoy for Windows XP ImTOO DVD Ripper Platinum 5 iTunes iTunes Library Updater J2SE Runtime Environment 5.0 Update 5 Java Auto Updater Java 6 Update 24 LADSPA_plugins-win-0.4.15 LAME v3.98.2 for Audacity LeapFrog Connect LeapFrog My Pals Plugin LeapFrog Tag Junior Plugin Libra 0.9.2 LiveUpdate 2.6 (Symantec Corporation) Macromedia Dreamweaver MX Macromedia Extension Manager Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable MKV Splitter Mozilla Firefox (3.5.9) MSN MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 8 OGA Notifier 2.0.0048.0 pdfsam PeerGuardian 2.0 Picasa 3 PrimoPDF QuickTime REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver Recover My Files ScanToWeb Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2586448) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Skins Spybot - Search & Destroy Thomas & Friends - Railway Adventures TuneUp Companion 1.1.9 Turbo Lister 2 Ultra PDF Tools 1.5 (build 90618) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Outlook 2007 Junk Email Filter (KB2596560) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) VC80CRTRedist - 8.0.50727.762 Videora iPod Converter 4.04 VLC media player 1.0.0 Vuze WebFldrs XP Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 . ==== Event Viewer Messages From Past Week ======== . 6/18/2012 4:32:35 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\D. 6/18/2012 11:16:29 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\D. 6/16/2012 10:38:27 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\D. 6/16/2012 10:32:03 AM, error: Service Control Manager [7022] - The HealthMonitor service hung on starting. 6/15/2012 3:30:57 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D. . ==== End Of File ===========================
- June 21, 2012
- 15 replies

Sign In

ATVman

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by ATVman

Infected with Happili Trojan

Infected with Happili Trojan

Infected with Happili Trojan

Infected with Happili Trojan

Infected with Happili Trojan

Infected with Happili Trojan

Infected with Happili Trojan

Infected with Happili Trojan

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information