Trojan.Happili

Hi there.
A while back MBAM picked up Trojan.Happili and SuperAntiSpyware found a plethora of tracking cookies (not the usual ones, SASP didn’t take too kindly to these). I assumed it was gone, but afterward I still got redirects to random websites. Now the internet on this computer rarely works; I am very lucky to get it to work at this moment.
I’ll attach the logs that I read that you need. Hopefully someone can help. :slight_smile:

and the others…

Hi there two programmes to run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-842925246-789336058-682003330-1003\..\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}: "URL" = http://mystart.magentic.com/?search={searchTerms}&loc=search_box
IE - HKU\S-1-5-21-842925246-789336058-682003330-1003\..\SearchScopes\{DD46D9B4-F3C2-4A9A-8B03-A29FCFB6FB75}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2998365&CUI=UN26681122017394306&UM=2
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-842925246-789336058-682003330-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O33 - MountPoints2\{18b02b22-293f-11df-881c-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KitSetup.exe

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download MiniToolBox, save it to your desktop and run it.

https://dl.dropbox.com/u/73555776/minitoolbox.JPG

Checkmark the following checkboxes:

[]Flush DNS
[
]Report IE Proxy Settings
[]Reset IE Proxy Settings
[
]Report FF Proxy Settings
[]Reset FF Proxy Settings
[
]List content of Hosts
[]List IP configuration
[
]List Winsock Entries
[]List last 10 Event Viewer log
[
]List Installed Programs
[]List Devices
[
]List Users, Partitions and Memory size.
[*]List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using “Reset FF Proxy Settings” option Firefox should be closed.

Here they are. I hope you meant that you needed the OTL log that was after the scan after the fix.

OK after this run could you try the internet and let me know of any errors you get

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]
:Files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
netsh winsock reset catalog /c

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Right now it seems to be very fast but it is still redirecting. This has happened before though; it gives me a few minutes of normal internet and returns later. This is the second time.
I should also mention that my default search engine was changed to conduit a while ago.

What browser is that in ? As I believe AVG uses the conduit engine

chrome

Are you able to reset the search engine in Chrome, as the indicators are that Google is the main search

yeah, I did that a while ago. I didn’t know if conduit would have caused any of this.

How is the computer behaving now ?

The computer’s behavior is fine now. It’s just the internet that it’s giving me a hard time. The connection manager tells me that I am connected but I am not.
The diagnostics option in the help and support center showed that under network adapters, the default ip gateway, dhcp server, and the dns server search order all failed with 100 percent packet loss.

Are you actually able to connect to the net ?

The most it can do is send a request.

OK lets have a look see

Please download MiniToolBox, save it to your desktop and run it.

https://dl.dropbox.com/u/73555776/minitoolbox.JPG

Checkmark the following checkboxes:

[]Flush DNS
[
]Report IE Proxy Settings
[]Reset IE Proxy Settings
[
]Report FF Proxy Settings
[]Reset FF Proxy Settings
[
]List content of Hosts
[]List IP configuration
[
]List Winsock Entries
[]List last 10 Event Viewer log
[
]List Installed Programs
[]List Devices
[
]List Users, Partitions and Memory size.
[*]List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using “Reset FF Proxy Settings” option Firefox should be closed.

Here they are

OK you have access to the router by the looks of it… What firewall do you or did you have ?

The default XP firewall.

Could you run the fixit on this page please http://support.microsoft.com/kb/936211 and let me know what it reports

Sorry for the really late reply. I haven’t been able to get the internet to work right whenever I finally have time to work on it.
It didn’t report anything except for Groove GFS browser. I have never seen that before. It said it was causing a half a second delay on loading pages, and after a quick Google search, it seems that people who have this have the same problem.