I have the happili.com virus on my computer. I would appreciate any help in getting this removed. I cant Use my Keyboard. Downloaded TDSSKiller. did not detect anything. I downloaded and ran the ComboFix.exe. The script ComboFix 12-03-29.02 - Dan and Yulichka 03/29/2012 17:18:16.1.2 - x86 .. . .. .Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3316.1777 [GMT -4:00] Running from: c:\users\Dan and Yulichka\Desktop\ComboFix.exe AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Downloaded Program Files\IDropPTB.dll . . ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 ))))))))))))))))))))))))))))))) . . 2012-03-29 21:08 . 2012-03-29 21:08 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C0C1B1F-4B6D-43A5-A913-9AD74EF322E5}\offreg.dll 2012-03-29 20:43 . 2012-03-29 20:43 -------- d-----w- c:\users\Dan and Yulichka\AppData\Roaming\Tific 2012-03-29 05:21 . 2012-03-29 08:12 -------- d-----w- C:\NBRT 2012-03-29 00:45 . 2009-06-12 11:18 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-03-29 00:44 . 2012-03-29 00:44 -------- d-----w- c:\windows\system32\drivers\NBRTWizard 2012-03-29 00:44 . 2012-03-29 00:44 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard 2012-03-28 23:52 . 2012-03-29 00:18 -------- d-----w- c:\users\Dan and Yulichka\AppData\Local\NPE 2012-03-27 22:48 . 2012-03-27 22:48 -------- d-----w- c:\users\Dan and Yulichka\AppData\Roaming\QuickScan 2012-03-27 22:47 . 2012-03-27 22:49 -------- d-----w- c:\programdata\SmartPCScan 2012-03-27 22:41 . 2012-03-27 22:41 -------- d-----w- c:\users\Dan and Yulichka\AppData\Roaming\Malwarebytes 2012-03-27 22:41 . 2012-03-27 22:41 -------- d-----w- c:\programdata\Malwarebytes 2012-03-27 22:41 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-27 22:41 . 2012-03-27 22:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-27 22:29 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C0C1B1F-4B6D-43A5-A913-9AD74EF322E5}\mpengine.dll 2012-03-27 10:23 . 2012-03-27 10:23 -------- d-----w- C:\N360_BACKUP 2012-03-26 20:15 . 2012-03-26 20:15 -------- d-----w- C:\6cd7a14f8dd9e6bd8dba1c00a2 2012-03-26 00:09 . 2012-03-26 00:09 -------- d-----w- c:\users\Dan and Yulichka\AppData\Roaming\Ukpazuy 2012-03-26 00:09 . 2012-03-26 00:09 -------- d-----w- c:\users\Dan and Yulichka\AppData\Roaming\Yfuhhou 2012-03-13 22:18 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 22:18 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-13 22:18 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-13 22:18 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-13 22:18 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-13 22:18 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 22:18 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-03-13 22:17 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-13 22:17 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-04 08:01 . 2012-03-04 08:01 -------- d-----w- c:\program files\MSXML 4.0 2012-03-03 00:21 . 2012-03-03 00:21 -------- d-----w- c:\users\Dan and Yulichka\AppData\Local\GrantaGateway 2012-03-03 00:20 . 2012-03-03 00:20 -------- d-----w- c:\programdata\FLEXnet 2012-03-02 23:45 . 2012-03-04 17:51 -------- d-----w- c:\users\Dan and Yulichka\AppData\Local\Autodesk 2012-03-02 23:39 . 2012-03-02 23:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2012-03-02 23:35 . 2012-03-02 23:35 -------- d-----w- C:\MITSI 2012 Temporary Files 2012-03-02 23:34 . 2012-03-02 23:34 -------- d-----w- c:\program files\Microsoft Chart Controls 2012-03-02 23:33 . 2012-03-02 23:33 -------- d-----w- c:\program files\Microsoft WSE 2012-03-02 23:32 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2012-03-02 23:32 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2012-03-02 23:32 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2012-03-02 23:32 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2012-03-02 23:32 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2012-03-02 23:26 . 2012-03-02 23:53 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2012-03-02 23:26 . 2012-03-02 23:52 -------- d-----w- c:\program files\Autodesk 2012-03-02 21:36 . 2012-03-14 23:49 -------- d-----w- c:\users\Dan and Yulichka\AppData\Roaming\Autodesk 2012-03-02 21:36 . 2012-03-14 23:49 -------- d-----w- c:\programdata\Autodesk 2012-03-02 11:46 . 2012-03-02 11:46 -------- d-----w- C:\Autodesk 2012-03-01 21:24 . 2012-03-01 21:25 -------- d-----w- c:\users\Dan and Yulichka\AppData\Local\Akamai . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 13:18 . 2010-11-27 01:16 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-04 00:59 . 2011-12-30 00:11 163616 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys 2012-01-04 00:03 . 2012-01-02 20:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 36597832 *Deregistered* - 36597832 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-02 20:34] . 2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-02 20:34] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB . . ------- File Associations ------- . .scr=DWGTrueViewScriptFile . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-29 17:25 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-03-29 17:28:54 ComboFix-quarantined-files.txt 2012-03-29 21:28 . Pre-Run: 35,618,500,608 bytes free Post-Run: 35,776,946,176 bytes free . - - End Of File - - 93CCBFAD6D30091661A4D4EEF8372873