thistlepie
-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by thistlepie
-
-
I uninstalled and cleaned up the programs, then ran Security Check. Here are the results:
Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
-
Okay, I tested several dozen different searches and it looks like it worked! No more redirects, as far as I can see. Is there any more to do after that?
-
I deleted the detected files and rebooted but the problem was not resolved. I ran Microsoft Safety Scanner and it did not find any problems. The redirection persists--what should we do next?
Attached is the AdwCleaner log file.
-
Ran AdwCleaner, attached is the log file!
-
Ran Combofix, attached is the log file.
-
I ran TDSSKiller which found 4 threats. Cure was not an option for any, so I didn't touch anything. Attached are the two result logs found in the C directory.
-
Yes, same computer as before. I ran the MBAM scan after we finished up last time and didn't see Trojan.Happili anymore, so I assumed the redirect problem was fixed. But we discovered the next day the redirection was still happening.
She uses Firefox and has seen the problem with Google and Yahoo! Search. She's minimized her search engine usage until we solve the problem, but is using Duckduckgo when necessary. I attempted to resolve the problem myself and optimized Internet Explorer (even though she doesn't use IE), but that didn't do anything, apparently.
Attaching dds.txt, attach.txt and the RK results below!
Thanks!
-
Hi, just to clarify: should I upload the files as attachments to the post or copy and paste into my next reply?
-
Hello (again)!
A week ago, I received help from MrCharlie to resolve a Trojan.Happili infection on my mother's computer after she complained of being redirected to suspicious sites when clicking on links from a Google search.
We resolved the Happili problem (thanks, MrC!), but my mother still had the redirection issue. I'm pretty sure it's the Google Redirect Virus, which (as I'm sure you know) is very tricky. I'd really appreciate someone's help nipping this last issue in the bud.
Thank you!
-
Oh great! Everything's been updated, the clean-up tools uninstalled. I ran a last MBAM scan and it came out clean!
Thank you SO much for your help. You're a life (and computer!) saver!
-
Here is the AdwCleaner log:
# AdwCleaner v2.103 - Logfile created 12/27/2012 at 10:37:56
# Updated 25/12/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Colleen - BESS
# Boot Mode : Normal
# Running from : C:\Users\Colleen\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\ProgramData\APN
Deleted on reboot : C:\ProgramData\Trymedia
Deleted on reboot : C:\Users\Colleen\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Users\Colleen\AppData\Roaming\iWin
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-
96357B70F4FE}
File Deleted :
C:\Users\Colleen\AppData\Roaming\Mozilla\Firefox\Profiles\lpiikmba.default\sea
rchplugins\safesearch.xml
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low
Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\StartNow Toolbar
Key Deleted :
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-
85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Internet
Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-
CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-
EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-
B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted :
HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-
576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-
8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-
8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-
9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-
8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-
9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-
8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-
AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-
9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-
8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-
9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-
8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-
A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-
A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low
Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low
Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted :
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted :
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted :
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A
-ABED-442A-BE86-96357B70F4FE}
Key Deleted :
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow
Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-
90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-
294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-
160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-
3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-
FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-
E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-
BF73323DF4E7}
Key Deleted :
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar
[{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar
[{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.19393
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
File :
C:\Users\Colleen\AppData\Roaming\Mozilla\Firefox\Profiles\lpiikmba.default\pre
fs.js
Deleted : user_pref("extensions.FAS-SAT.my-keyword-url",
"\"hxxp://asksearch.ask.com/redirect?client=ff&src=kw[...]
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)
\\Ask.com\\");
Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled",
true);
Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "V8");
Deleted : user_pref("extensions.asktb.config-updated", true);
Deleted : user_pref("extensions.asktb.crumb", "2011.08.05+09.07.14-
toolbar005iad-US-U291dGhmaWVsZCxNSSxVbml0ZW[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask",
"hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYUS");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-
weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget",
"USMI0794");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget",
"F");
Deleted : user_pref("extensions.asktb.guid", "63bcbd84-3e71-4f2e-862c-
73d3558d2cfe");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts",
"[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1324583611514");
Deleted : user_pref("extensions.asktb.last-search-timestamp",
"1323609010660");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.location", "Southfield,MI,United
States");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
Deleted : user_pref("extensions.asktb.o", "100000042");
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.sa", "NO");
Deleted : user_pref("extensions.asktb.search-history-queries",
"ftaforall.net||souvenirs||art or no art||satel[...]
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build",
false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open",
false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.facemoods.first_time", false);
Deleted : user_pref("extensions.facemoods.newTab", false);
Deleted : user_pref("keyword.URL", "hxxp://asksearch.ask.com/redirect?
client=ff&src=kw&tb=FAS-SAT&o=APN10458&i[...]
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.install_folder",
"C:\\Program Files (x86)\\StartNo[...]
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow
Toolbar");
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage",
"lf.startnow.com");
-\\ Google Chrome v23.0.1271.97
File : C:\Users\Colleen\AppData\Local\Google\Chrome\User
Data\Default\Preferences
Deleted [l.165] : homepage = "hxxp://www.ask.com/?
l=dis&o=APN10458cr&gct=hp&apn_ptnrs=^AKI&apn_dtid=^YYYYYY^YY^US&[...]
*************************
AdwCleaner[R1].txt - [10888 octets] - [27/12/2012 10:02:57]
AdwCleaner[R2].txt - [10949 octets] - [27/12/2012 10:25:06]
AdwCleaner[R3].txt - [11010 octets] - [27/12/2012 10:37:25]
AdwCleaner[s1].txt - [10360 octets] - [27/12/2012 10:37:56]
########## EOF - C:\AdwCleaner[s1].txt - [10421 octets] ##########
And here is the Security Check log:
Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
-
Ran it, and here's the log! I don't have any concerns about what we're deleting--let's do it!
-
Good morning! I ran Combofix and am attaching the log below.
-
Okay, so...
I made a new system backup point, downloaded MBAR, and ran it--the results being that there were no items to remove...? Are we in the clear or are these Happili files trickier than we thought...?
I'm attaching the mbar-log and system-log files as requested.
Thanks!
-
Okay, that worked! Here's the RogueKiller log:
RogueKiller V8.4.1 [Dec 24 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : (username) [Admin rights]
Mode : Scan -- Date : 12/26/2012 21:20:06
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3500620AS +++++
--- User ---
[MBR] 67767806c023251ec20a2d7f68bf180b
[bSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 463782 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 949827060 | Size: 13154 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_12262012_02d2120.txt >>
RKreport[1]_S_12262012_02d2120.txt
-
Hello! Thank you for your quick response.
I ran MBAM and here is the log for it:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.27.01
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19393
(username) :: BESS [administrator]
12/26/2012 8:40:30 PM
mbam-log-2012-12-26 (20-40-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207249
Time elapsed: 2 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Users\(username)\AppData\Local\Mozilla\Microsoft Help\gpsqesyf.dll (Trojan.Happili) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Help (Trojan.Happili) -> Data: rundll32 "C:\Users\(username)\AppData\Local\Mozilla\Microsoft Help\gpsqesyf.dll",h264OutVideoInitW -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\(username)\AppData\Local\Mozilla\Microsoft Help\gpsqesyf.dll (Trojan.Happili) -> Delete on reboot.
(end)
However, when I tried to run RogueKiller, Norton Anti-Virus blocked it from working. The notice said that "SONAR" had blocked it, and it deleted the RogueKiller .exe file off my desktop. I tried it a second time with no luck. What should I do next? Should I run RogueKiller with Norton disabled?
Thank you!
-
Hello!
I ran Malwarebytes Anti-Malware and discovered three instances of Trojan.Happili on my mother's computer. I've been looking through past threads for Happili removal and as it seemed like a case-by-case sort of process, I didn't want to do anything to potentially make matters worse.
I could really use your help. I did not remove the files via MBAM, but here is the log of the quick scan in which I discovered the Happili files.
Thank you very much!
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.26.13
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19393
12/26/2012 5:47:50 PM
mbam-log-2012-12-26 (17-56-17).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207264
Time elapsed: 3 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Users\(username)\AppData\Local\Mozilla\Microsoft Help\gpsqesyf.dll (Trojan.Happili) -> No action taken.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Help (Trojan.Happili) -> Data: rundll32 "C:\Users\(username)\AppData\Local\Mozilla\Microsoft Help\gpsqesyf.dll",h264OutVideoInitW -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\(username)\AppData\Local\Mozilla\Microsoft Help\gpsqesyf.dll (Trojan.Happili) -> No action taken.
(end)
Google Redirect Virus
in Resolved Malware Removal Logs
Posted
Will do! Thank you AGAIN for your help!