Jump to content

Search the Community

Showing results for tags 'happili'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 3 results

  1. So, after trying several methods given to other's posts here, I'm still having problems, and it's time to ask for help. I first noticed that I had issues when Google and Bing started redirecting searches. I started working on it then, but it all kinda snowballed from there. Today I had to advanced boot into repair mode and do a System Restore that way, as the FBI Moneypak Ransomware kept me out of Safe Mode. And I still get redirects. Over the past 2 weeks, the free trial of MWBPro has found: Trogan.Agent, Riskware.Tool.CK, Trogan.Agent.NIX, Exploit.Drop.GS, Trogan.Agent.MRGGen, Password.Stealer, Adware.Agent, Affiliate.Downloader, Trogan.Agent.GNI, and a few Trogan.Happili. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16438 BrowserJavaVersion: 10.7.2 Run by PhantomV48 at 15:27:16 on 2012-12-18 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.1566 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files\Soluto\soluto.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe C:\Program Files\CrashPlan\CrashPlanService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Soluto\SolutoService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\ProgramData\TVersity\Media Server\MediaServer.exe C:\ProgramData\TVersity\Media Server\berkelium.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\SOUNDMAN.EXE C:\Program Files\SmartTechnology\Software\ProfilerU.exe C:\Program Files\SmartTechnology\Software\SaiMfd.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Microsoft Device Center\itype.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe C:\Windows\System32\rundll32.exe C:\Program Files\CrashPlan\CrashPlanTray.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe C:\Users\PhantomV48\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Everything\Everything.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\PhantomV48\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Desura\desura.exe C:\Program Files (x86)\Common Files\Desura\desura_service.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Users\PhantomV48\appdata\local\freenet\freenet.exe C:\Users\PhantomV48\appdata\local\freenet\wrapper\freenetwrapper.exe C:\Program Files (x86)\Java\jre7\bin\java.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\PhantomV48\Local Settings\Apps\F.lux\flux.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Program Files (x86)\Striiv\Agent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://duckduckgo.com/ BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28B11B7M05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1 uRun: [Dropbox] rundll32.exe C:\Users\PhantomV48\AppData\Local\Dropbox\lguowmji.dll,pango_win32_get_context uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry mRun: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\PHANTO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Bitcoin.lnk - C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe StartupFolder: C:\Users\PHANTO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\PhantomV48\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\USBKVM~1.LNK - C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\PHANTO~1\AppData\Local\Temp\f5tmp\urxvpn.cab DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\PHANTO~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://a2fp3.alpineaccess.com/vdesk/terminal/InstallerControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - C:\Users\PHANTO~1\AppData\Local\Temp\f5tmp\urxshost.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\PHANTO~1\AppData\Local\Temp\f5tmp\urxhost.cab DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab TCP: NameServer = 192.168.11.1 TCP: Interfaces\{6921B691-83AA-4DB0-AD45-C97B0968F2BC} : DHCPNameServer = 192.168.11.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [soundMan] SOUNDMAN.EXE x64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe x64-Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-15 56208] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-7-12 17720] R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2012-5-14 54728] R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 151656] R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2012-8-16 222720] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-3 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-3 676936] R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-5 5739008] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896] R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-8-28 598032] R3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-11-21 131912] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-10-31 66728] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-3 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 SaiK0CC3;SaiK0CC3;C:\Windows\System32\drivers\SaiK0CC3.sys [2011-9-20 183104] R3 SaiU0CC3;SaiU0CC3;C:\Windows\System32\drivers\SaiU0CC3.sys [2011-9-20 47168] R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824] R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\System32\drivers\covpnv64.sys [2011-11-28 44112] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-10-10 36328] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560] S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;C:\Windows\System32\drivers\BUSB2902.sys [2012-5-14 460864] S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;C:\Windows\System32\drivers\busbwdm.sys [2012-5-14 49728] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-5-13 79360] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168] S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2012-5-15 18512] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-13 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992] S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-10-1 31800] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\RpcAgentSrv.exe [2012-5-13 95896] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-10-10 125416] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-10-10 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-10-10 159208] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-15 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-12-18 20:16:37 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07484E81-C48F-4753-9E1F-F531817173D0}\mpengine.dll 2012-12-14 08:37:31 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-13 08:00:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-12-13 08:00:45 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2012-12-12 10:41:31 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-12 10:41:31 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-12-12 10:39:51 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-12-12 10:39:49 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-12-07 08:16:52 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{411AC2D2-F9E0-448C-93BC-77CF7FFE5A2F}\gapaengine.dll 2012-12-05 17:26:59 -------- d-----w- C:\Users\PhantomV48\AppData\Roaming\Bitcoin 2012-12-05 17:26:26 -------- d-----w- C:\Program Files (x86)\Bitcoin 2012-12-05 17:17:31 -------- d-----w- C:\Program Files\PeerBlock 2012-12-05 08:51:10 -------- d-----w- C:\Windows\Temp64BE551A-8B5C-1CBA-6421-58FF65D4949C-Signatures 2012-12-05 08:32:50 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-12-05 08:32:47 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-12-05 08:32:47 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-12-05 08:32:47 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-12-05 08:03:10 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-12-05 08:03:10 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-12-05 08:03:08 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-12-05 08:03:08 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-12-05 08:03:06 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-12-05 08:03:05 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-12-05 08:03:05 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-12-04 14:44:59 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-12-04 14:44:56 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-12-04 14:44:56 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-12-04 14:44:55 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-12-04 14:44:54 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-12-04 14:44:21 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-12-04 14:44:21 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-12-04 14:44:21 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-12-04 14:44:21 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-12-04 14:44:21 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-12-04 14:44:20 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-12-04 00:47:05 -------- d-----w- C:\$RECYCLE.BIN 2012-12-04 00:13:23 98816 ----a-w- C:\Windows\sed.exe 2012-12-04 00:13:23 256000 ----a-w- C:\Windows\PEV.exe 2012-12-04 00:13:23 208896 ----a-w- C:\Windows\MBR.exe 2012-12-03 23:57:55 -------- d-----w- C:\TDSSKiller_Quarantine 2012-12-03 23:46:14 -------- d-----w- C:\Users\PhantomV48\AppData\Roaming\Malwarebytes 2012-12-03 23:46:01 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-03 23:45:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-03 23:45:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-03 23:32:08 -------- d-----w- C:\Users\PhantomV48\AppData\Local\Dropbox 2012-12-01 20:19:47 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-12-01 20:11:58 -------- d-----w- C:\Program Files\iPod 2012-12-01 20:11:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-01 20:11:15 -------- d-----w- C:\Program Files\iTunes 2012-12-01 20:11:15 -------- d-----w- C:\Program Files (x86)\iTunes 2012-12-01 19:24:16 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll 2012-12-01 19:24:16 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll 2012-12-01 19:24:16 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll 2012-12-01 19:24:16 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll 2012-12-01 19:24:16 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll 2012-12-01 19:24:16 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll 2012-12-01 19:24:16 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll 2012-11-24 20:21:02 -------- d-----w- C:\Users\PhantomV48\AppData\Roaming\Catalina Marketing Corp 2012-11-24 20:20:59 489712 ----a-w- C:\Users\PhantomV48\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe 2012-11-24 20:08:37 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-11-24 20:08:16 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-23 19:34:28 -------- d-----w- C:\Users\PhantomV48\AppData\Roaming\LibreOffice 2012-11-23 19:25:48 -------- d-----w- C:\Program Files (x86)\Coupons 2012-11-23 19:14:02 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.6 2012-11-23 19:10:54 38400 ----a-w- C:\Windows\SysWow64\imgutil.dll 2012-11-23 19:05:51 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2012-11-23 19:01:55 -------- d-----w- C:\Users\PhantomV48\AppData\Roaming\Soluto 2012-11-23 18:35:28 741480 ------w- C:\Windows\System32\HPDiscoPMB011.dll 2012-11-23 18:33:33 -------- d-----w- C:\Program Files (x86)\HP 2012-11-23 18:33:27 -------- d-----w- C:\Program Files\HP 2012-11-23 18:29:18 -------- d-----w- C:\Users\PhantomV48\AppData\Local\HP 2012-11-23 18:18:40 -------- d-----w- C:\Windows\System32\catroot2 2012-11-21 13:25:26 -------- d-----w- C:\Users\PhantomV48\AppData\Local\Desura 2012-11-21 13:24:17 -------- d-----w- C:\Program Files (x86)\Common Files\Desura 2012-11-21 13:21:14 -------- d-----w- C:\ProgramData\Desura 2012-11-21 13:21:12 -------- d-----w- C:\Program Files (x86)\Desura . ==================== Find3M ==================== . 2012-12-12 01:43:43 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 01:43:43 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-23 19:11:17 1054720 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2012-11-23 19:11:15 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2012-11-23 19:11:15 226304 ----a-w- C:\Windows\System32\elshyph.dll 2012-11-23 19:11:15 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll 2012-11-23 19:11:15 1772032 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-23 19:11:15 158720 ----a-w- C:\Windows\SysWow64\msls31.dll 2012-11-23 19:11:14 718336 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll 2012-11-23 19:11:13 525312 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-23 19:11:13 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe 2012-11-23 19:11:13 135680 ----a-w- C:\Windows\SysWow64\wextract.exe 2012-11-23 19:05:51 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-11-01 03:54:01 66728 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys 2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-10-19 23:18:22 652160 ----a-w- C:\Windows\couponprinter_x64.ocx 2012-10-19 23:18:02 440704 ----a-w- C:\Windows\CouponPrinter.ocx 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll 2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-10-02 17:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-09-30 22:45:03 60416 ----a-w- C:\Windows\ALCFDRTM.VER 2012-09-30 22:45:03 60416 ----a-w- C:\Windows\ALCFDRTM.EXE . ============= FINISH: 15:36:58.96 =============== attach.txt
  2. Firefox is being hijacked by the Happili redirect. I've tried following the directions from prior posts but having no luck getting rid of this problem. A number of other malware/adware issues have been identified and resolved but this happili thing continues to return. Here is my DDS log and Attach.txt is attached. . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.1 Run by bhershberger at 17:54:23 on 2012-04-25 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.2911 [GMT -5:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: COMODO Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.yahoo.com BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe" mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12 mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AESTFltr] "c:\windows\system32\AESTFltr.exe" /NoDlg mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t mRun: [Anvi Smart Defender] c:\program files\anvisoft\anvi smart defender\ASDTray.exe dRunOnce: [RunNarrator] Narrator.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: prmia.org\smweb DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259696327182 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://zmfs.webex.com/client/T27L/sales/ieatgpc.cab TCP: DhcpNameServer = 10.1.100.200 TCP: Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D} : NameServer = 10.1.100.200 TCP: Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D} : DhcpNameServer = 10.1.100.200 TCP: Interfaces\{A7541705-6C9B-4A97-BD45-A8B23253D65D} : DhcpNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\274\g2ax_winlogon.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Authentication Packages = msv1_0 wvauth . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\bhershberger.csc\application data\mozilla\firefox\profiles\kmptt6fy.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\bhershberger.csc\application data\mozilla\plugins\npatgpc.dll FF - plugin: c:\documents and settings\bhershberger\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 31704] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-28 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-28 108392] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-28 1831024] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 494968] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\anvisoft\anvi smart defender\ASDSrv.exe [2012-4-19 643880] S2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512] S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\avhips.sys [2012-4-25 23848] S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968] S2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-3-11 1983232] S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 376096] S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-4-13 409232] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-23 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088] S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-3 112512] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-10-28 23888] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-21 106104] S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\274\g2ax_service.exe [2011-3-1 161144] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-23 136176] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-3 109568] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120425.002\NAVENG.SYS [2012-4-25 86136] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120425.002\NAVEX15.SYS [2012-4-25 1576312] S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?] S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-11-2 232744] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-8-15 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-8-15 369688] . =============== Created Last 30 ================ . 2012-04-25 22:38:54 98816 ----a-w- c:\windows\sed.exe 2012-04-25 22:38:54 518144 ----a-w- c:\windows\SWREG.exe 2012-04-25 22:38:54 256000 ----a-w- c:\windows\PEV.exe 2012-04-25 22:38:54 208896 ----a-w- c:\windows\MBR.exe 2012-04-25 22:12:44 -------- d-----w- c:\documents and settings\bhershberger.csc\application data\Anvisoft 2012-04-25 22:08:06 23848 ----a-w- c:\windows\system32\drivers\avhips.sys 2012-04-25 22:08:06 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys 2012-04-25 22:07:45 -------- d-----w- c:\program files\Anvisoft 2012-04-25 14:42:55 -------- d-----w- c:\documents and settings\bhershberger.csc\application data\SUPERAntiSpyware.com 2012-04-25 14:42:15 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-04-25 14:42:15 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2012-04-25 00:30:58 -------- d-sha-r- C:\cmdcons 2012-04-25 00:20:40 -------- d-----w- c:\windows\setup.pss 2012-04-25 00:20:17 -------- d-----w- c:\windows\setupupd 2012-04-25 00:06:36 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA 2012-04-24 23:59:18 -------- d-----w- c:\documents and settings\all users\application data\Comodo 2012-04-24 23:59:04 -------- d-----w- c:\documents and settings\bhershberger.csc\local settings\application data\COMODO 2012-04-24 23:59:02 42760 ----a-w- c:\windows\system32\certsentry.dll 2012-04-24 23:58:56 -------- d-----w- c:\program files\Comodo 2012-04-24 23:51:10 -------- d-----w- c:\program files\SpywareBlaster 2012-04-24 19:07:46 -------- d-----w- c:\documents and settings\bhershberger.csc\local settings\application data\{70C385F0-8E41-11E1-826D-B8AC6F996F26} 2012-04-18 13:46:13 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-04-13 17:56:05 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-04-12 00:26:33 -------- d-----w- c:\documents and settings\bhershberger.csc\application data\com.digitaldm.editions.10016940 2012-04-12 00:26:19 -------- d-----w- c:\program files\DigitalDM 2012-04-04 14:08:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-04-13 18:56:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-12 02:13:46 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2012-03-12 02:13:46 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2012-03-12 02:13:44 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys 2012-03-12 02:13:20 33984 ----a-w- c:\windows\system32\cmdcsr.dll 2012-03-12 02:13:20 301224 ----a-w- c:\windows\system32\guard32.dll 2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec 2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 17:54:41.20 =============== attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.