Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili/Click-Answers redirect from Google


  • Please log in to reply
5 replies to this topic

#1 lolwut11215

lolwut11215

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 22 April 2012 - 07:29 PM

Hi,
I need some help with some Google redirects, have had click-answers redirect for awhile and now this ridiculous Happili redirect and god knows what else. I have AVG free and Malware Bytes installed but they aren't picking up anything. Be happy to provide logs for anything, appreciate the assistance in advance, thanks. Oh this is for Windows 7 on Firefox, haven't checked other browsers because I don't use them.

Edited by lolwut11215, 22 April 2012 - 07:30 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:19 AM

Posted 22 April 2012 - 07:41 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Reinstall firefox and let me know if you have redirects

#3 lolwut11215

lolwut11215
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 22 April 2012 - 08:17 PM

Just did this and reinstalled Firefox, will update about any redirects when (if) I encounter them, thanks.


from TDSSkiller log:

20:04:13.0049 8052 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
20:04:13.0698 8052 ============================================================
20:04:13.0698 8052 Current date / time: 2012/04/22 20:04:13.0698
20:04:13.0698 8052 SystemInfo:
20:04:13.0698 8052
20:04:13.0698 8052 OS Version: 6.1.7600 ServicePack: 0.0
20:04:13.0698 8052 Product type: Workstation
20:04:13.0698 8052 ComputerName: PONKYBALL-PC
20:04:13.0698 8052 UserName: ponkyball
20:04:13.0698 8052 Windows directory: C:\Windows
20:04:13.0698 8052 System windows directory: C:\Windows
20:04:13.0698 8052 Running under WOW64
20:04:13.0698 8052 Processor architecture: Intel x64
20:04:13.0698 8052 Number of processors: 6
20:04:13.0698 8052 Page size: 0x1000
20:04:13.0698 8052 Boot type: Normal boot
20:04:13.0698 8052 ============================================================
20:04:14.0419 8052 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:04:14.0424 8052 \Device\Harddisk0\DR0:
20:04:14.0424 8052 MBR partitions:
20:04:14.0424 8052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:04:14.0424 8052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800
20:04:14.0454 8052 C: <-> \Device\Harddisk0\DR0\Partition1
20:04:14.0454 8052 Initialize success
20:04:14.0454 8052 ============================================================
20:04:31.0455 7052 ============================================================
20:04:31.0455 7052 Scan started
20:04:31.0455 7052 Mode: Manual;
20:04:31.0455 7052 ============================================================
20:04:32.0237 7052 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:04:32.0238 7052 1394ohci - ok
20:04:32.0265 7052 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:04:32.0267 7052 ACPI - ok
20:04:32.0284 7052 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:04:32.0285 7052 AcpiPmi - ok
20:04:32.0316 7052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:04:32.0319 7052 adp94xx - ok
20:04:32.0354 7052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:04:32.0356 7052 adpahci - ok
20:04:32.0405 7052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:04:32.0406 7052 adpu320 - ok
20:04:32.0467 7052 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:04:32.0468 7052 AeLookupSvc - ok
20:04:32.0597 7052 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
20:04:32.0600 7052 AFD - ok
20:04:32.0621 7052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:04:32.0622 7052 agp440 - ok
20:04:32.0779 7052 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
20:04:32.0779 7052 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
20:04:32.0784 7052 Akamai ( HiddenFile.Multi.Generic ) - warning
20:04:32.0784 7052 Akamai - detected HiddenFile.Multi.Generic (1)
20:04:32.0830 7052 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:04:32.0831 7052 ALG - ok
20:04:32.0848 7052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:04:32.0848 7052 aliide - ok
20:04:32.0886 7052 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
20:04:32.0888 7052 AMD External Events Utility - ok
20:04:32.0933 7052 AMD FUEL Service - ok
20:04:32.0951 7052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:04:32.0951 7052 amdide - ok
20:04:32.0986 7052 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
20:04:32.0986 7052 amdiox64 - ok
20:04:32.0997 7052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:04:32.0997 7052 AmdK8 - ok
20:04:33.0191 7052 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
20:04:33.0240 7052 amdkmdag - ok
20:04:33.0300 7052 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
20:04:33.0302 7052 amdkmdap - ok
20:04:33.0326 7052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:04:33.0326 7052 AmdPPM - ok
20:04:33.0362 7052 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:04:33.0363 7052 amdsata - ok
20:04:33.0382 7052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:04:33.0383 7052 amdsbs - ok
20:04:33.0420 7052 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:04:33.0421 7052 amdxata - ok
20:04:33.0460 7052 androidusb (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\androidusb.sys
20:04:33.0461 7052 androidusb - ok
20:04:33.0516 7052 anodlwf (4ccf421e6c4b2a4cbce000715911f7cc) C:\Windows\system32\DRIVERS\anodlwfx.sys
20:04:33.0516 7052 anodlwf - ok
20:04:33.0586 7052 AODDriver4.01 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:04:33.0587 7052 AODDriver4.01 - ok
20:04:33.0600 7052 AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:04:33.0601 7052 AODDriver4.1 - ok
20:04:33.0661 7052 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:04:33.0662 7052 AppID - ok
20:04:33.0685 7052 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:04:33.0686 7052 AppIDSvc - ok
20:04:33.0703 7052 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:04:33.0703 7052 Appinfo - ok
20:04:33.0787 7052 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:04:33.0788 7052 Apple Mobile Device - ok
20:04:33.0814 7052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:04:33.0814 7052 arc - ok
20:04:33.0834 7052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:04:33.0834 7052 arcsas - ok
20:04:33.0905 7052 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:04:33.0906 7052 aspnet_state - ok
20:04:33.0928 7052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:04:33.0929 7052 AsyncMac - ok
20:04:33.0947 7052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:04:33.0948 7052 atapi - ok
20:04:33.0982 7052 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
20:04:33.0983 7052 AtiHDAudioService - ok
20:04:34.0008 7052 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
20:04:34.0009 7052 AtiHdmiService - ok
20:04:34.0041 7052 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:04:34.0045 7052 AudioEndpointBuilder - ok
20:04:34.0054 7052 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:04:34.0058 7052 AudioSrv - ok
20:04:34.0207 7052 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
20:04:34.0228 7052 AVGIDSAgent - ok
20:04:34.0269 7052 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:04:34.0270 7052 AVGIDSDriver - ok
20:04:34.0287 7052 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:04:34.0288 7052 AVGIDSEH - ok
20:04:34.0303 7052 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:04:34.0303 7052 AVGIDSFilter - ok
20:04:34.0342 7052 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
20:04:34.0343 7052 Avgldx64 - ok
20:04:34.0358 7052 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:04:34.0359 7052 Avgmfx64 - ok
20:04:34.0394 7052 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:04:34.0395 7052 Avgrkx64 - ok
20:04:34.0414 7052 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
20:04:34.0415 7052 Avgtdia - ok
20:04:34.0463 7052 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:04:34.0464 7052 avgwd - ok
20:04:34.0487 7052 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:04:34.0488 7052 AxInstSV - ok
20:04:34.0524 7052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:04:34.0526 7052 b06bdrv - ok
20:04:34.0559 7052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:04:34.0560 7052 b57nd60a - ok
20:04:34.0561 7052 Scan interrupted by user!
20:04:34.0561 7052 Scan interrupted by user!
20:04:34.0561 7052 Scan interrupted by user!
20:04:34.0561 7052 ============================================================
20:04:34.0561 7052 Scan finished
20:04:34.0561 7052 ============================================================
20:04:34.0569 3704 Detected object count: 1
20:04:34.0569 3704 Actual detected object count: 1
20:04:42.0430 3704 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:04:42.0430 3704 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip


from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-22 20:06:04
-----------------------------
20:06:04.700 OS Version: Windows x64 6.1.7600
20:06:04.700 Number of processors: 6 586 0xA00
20:06:04.700 ComputerName: PONKYBALL-PC UserName: ponkyball
20:06:07.279 Initialize success
20:06:12.793 AVAST engine download error: 0
20:06:20.197 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
20:06:20.199 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
20:06:20.208 Disk 0 MBR read successfully
20:06:20.210 Disk 0 MBR scan
20:06:20.212 Disk 0 Windows 7 default MBR code
20:06:20.222 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:06:20.227 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1430697 MB offset 206848
20:06:20.241 Disk 0 scanning C:\Windows\system32\drivers
20:06:27.014 Service scanning
20:06:37.940 Modules scanning
20:06:37.945 Disk 0 trace - called modules:
20:06:37.955 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:06:37.958 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a94060]
20:06:37.962 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa80049128c0]
20:06:37.966 5 PCTCore64.sys[fffff880010dbf38] -> nt!IofCallDriver -> [0xfffffa800481e520]
20:06:37.970 7 ACPI.sys[fffff88000f76781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8004812060]
20:06:37.974 Scan finished successfully
20:06:45.750 Disk 0 MBR has been saved successfully to "C:\Users\ponkyball\Desktop\MBR.dat"
20:06:45.754 The log file has been saved successfully to "C:\Users\ponkyball\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:19 AM

Posted 22 April 2012 - 08:24 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 lolwut11215

lolwut11215
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 23 April 2012 - 09:22 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.22.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
ponkyball :: PONKYBALL-PC [administrator]

4/23/2012 9:14:11 PM
mbam-log-2012-04-23 (21-14-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205592
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



For ESET what should I set up proxy as? It won't run without configuring this setup first when I click on START.

MiniToolBox by Farbar Version: 18-01-2012
Ran by ponkyball (administrator) on 23-04-2012 at 21:16:00
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:19 AM

Posted 23 April 2012 - 10:52 PM

Restart the PC and running scanner again

Also mini toolbox log is incomplete.Rescan and post the new log

good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users