Jump to content

Malwarebytes

help with "intervalhehehe" problem

- - - - -
Started by The Gsta, Dec 13 2008 03:16 PM

  • This topic is locked This topic is locked
No replies to this topic

#1
The Gsta
Posted 13 December 2008 - 03:16 PM

    New Member

  • Members
  • Pip
  • 1 posts
just like everyone else i got the problem after havin downloaded the WINRAR program..
so ive followed the pre hijack this instuctions ... ive ran the spybot search and destroy scan AND I ALSO IMMUNIZED EVERYTHING.I did the MBAM scan and the panda scan and i just finished with the High Jaack This scan ... so here are the logs in that order...any help will be greatly appreciated!!!

--------------------------------------------------------------MBAM (LOG 1)--------------------------------------------------------------

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

13/12/2008 8:13:46 AM
mbam-log-2008-12-13 (08-13-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 109651
Time elapsed: 2 hour(s), 12 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 7
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f09ec4c3-2dd5-4887-cc1e-468317e49555} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f09ec4c3-2dd5-4887-cc1e-468317e49555} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffe41cca-04f0-5789-6be6-f64c7a744af2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ffe41cca-04f0-5789-6be6-f64c7a744af2} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\44163430150637485466217191968204 (Rogue.Antivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\htgnszbrxfrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explore (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\SpyShredder (Rogue.SpyShredder) -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\BASE (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\DELETED (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\SAVED (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081110042654236.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081110043519240.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081110050534513.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081110050828220.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081110051225582.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081110052058932.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081110053741113.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081110054231683.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081112011320528.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081112145258205.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081113003746527.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081113015233072.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081113062201171.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081113063115629.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081114014923748.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081114020153826.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081115153223463.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regsvr32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imglog.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

--------------------------------------------------------PANDA SCAN (LOG 2)--------------------------------------------------

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-12-13 16:32:32
PROTECTIONS: 1
MALWARE: 65
SUSPECTS: 1
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Services de scurit Vidotron Antivirus 6.0.0 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSmartSearch.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SpyShredder1.zip
00035783 dialer.dk Dialers No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91433D86-9F27-402C-B5E3-DEBDD122C339}
00122030 adware/fastvideoplayer Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B5DD9A64-5C4B-4A48-BE56-97C1A8F85708}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285407.TXT
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285238.TXT
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281297.TXT
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281307.TXT
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281298.TXT
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281306.TXT
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281305.TXT
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281304.TXT
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281301.TXT
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281300.TXT
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281299.TXT
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287096.TXT
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287095.TXT
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285003.TXT
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285169.TXT
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285349.TXT
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00280868.TXT
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276611.TXT
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276610.TXT
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276609.TXT
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00280867.TXT
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276637.TXT
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276636.TXT
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276612.TXT
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276591.TXT
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276583.TXT
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276584.TXT
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285112.TXT
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285086.TXT
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275985.TXT
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285232.TXT
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285170.TXT
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284967.TXT
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275978.TXT
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285213.TXT
00147814 Cookie/AspinallsOnlineCasino TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284966.TXT
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285420.TXT
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281295.TXT
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281294.TXT
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285164.TXT
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Billy\Cookies\billy@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285181.TXT
00167706 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285123.TXT
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\home\Cookies\home@fe.lea.lycos[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285074.TXT
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285313.TXT
00167756 Cookie/Sexsuche TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285072.TXT
00167764 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284444.TXT
00167764 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285119.TXT
00167764 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282321.TXT
00167765 Cookie/Hitbox TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284995.TXT
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285260.TXT
00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285329.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276439.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276445.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276447.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276448.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276449.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276455.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276456.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276457.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276458.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276470.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276387.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276472.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276473.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276483.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276484.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276485.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276486.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276490.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276491.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276492.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276493.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276438.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276527.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276528.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276529.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276536.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276537.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276538.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276539.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276386.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276385.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276384.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276369.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276368.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276367.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276366.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276352.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276351.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276350.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276349.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276073.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276072.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276437.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284983.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276071.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276526.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284631.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275919.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275918.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284630.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276436.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275590.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284629.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275589.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283821.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283820.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283819.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283818.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283750.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283749.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275588.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275587.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275482.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275481.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275480.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275479.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285822.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285823.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285824.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285825.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00286260.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283748.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283729.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283728.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283727.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281675.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283726.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276471.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282271.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282270.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282269.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282257.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282258.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282259.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282260.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282263.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282264.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282265.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282266.TXT
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282268.TXT
00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285012.TXT
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285156.TXT
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276626.TXT
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276627.TXT
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276628.TXT
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276630.TXT
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284941.TXT
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Billy\Cookies\billy@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276629.TXT
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285071.TXT
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Billy\Cookies\billy@bs.serving-sys[1].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285209.TXT
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285202.TXT
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285212.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287412.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281727.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00286819.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00286610.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287285.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287426.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287309.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287583.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282341.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285258.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287269.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287322.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287293.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282332.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287596.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287608.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284445.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287572.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282322.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287327.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287332.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287362.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287317.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287397.TXT
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287619.TXT
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285301.TXT
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285146.TXT
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285325.TXT
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275983.TXT
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275984.TXT
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284972.TXT
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281669.TXT
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281350.TXT
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281351.TXT
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284992.TXT
00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285377.TXT
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285040.TXT
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285001.TXT
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285038.TXT
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285016.TXT
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276644.TXT
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276618.TXT
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276616.TXT
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285285.TXT
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276607.TXT
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276541.TXT
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276540.TXT
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276634.TXT
00180154 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285082.TXT
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285320.TXT
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285185.TXT
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281673.TXT
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285148.TXT
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\home\Cookies\home@valueclick[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276109.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276111.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284273.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284272.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284271.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283963.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284274.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275940.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275939.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283962.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281183.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276112.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283960.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275937.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284580.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284940.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275725.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275724.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00283959.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284581.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275723.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281185.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275722.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281187.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275356.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275355.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275354.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00276110.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281289.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00286414.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00286415.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00286416.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00286417.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00286530.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00286531.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00286532.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00286533.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281290.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281291.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281292.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284582.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287259.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287260.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287261.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287262.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284583.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281182.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00275938.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282928.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282927.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00282926.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281842.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281843.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281844.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287393.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00287394.TXT
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00281845.TXT
00206953 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284964.TXT
00251542 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285437.TXT
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285412.TXT
00262033 adware/emediacodec Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{134F7664-943D-3BB9-65F5-70B91DF46C86}
00452515 Adware/MxLiveMedia Adware No 0 Yes No C:\WINDOWS\system32\zcmpvxqdmnfcidgdi.exe
00452526 Adware/MxLiveMedia Adware No 0 Yes No C:\WINDOWS\system32\cont_mxlivemedia-remove.exe
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285361.TXT
02261869 Cookie/Sextracker TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00285153.TXT
02890416 Trj/Autorun.KZ Virus/Trojan No 0 Yes No C:\WINDOWS\BACKINF.TAB
02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00284947.TXT
04335322 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{2E52D870-DDFF-4E89-A323-10F584C418A8}\RP731\A0569583.exe[C:\System Volume Information\_restore{2E52D870-DDFF-4E89-A323-10F584C418A8}\RP731\A0569583.exe][explore.exe]
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location =
;===============================================================================
================================================================================
=
===================
No C:\IBMTOOLS\APPS\RRPC\DATA1.CAB[setup.EXE][HOTVIEW.EXE] =
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description =
;===============================================================================
================================================================================
=
===================
182048 HIGH MS07-069 =
176382 HIGH MS07-057 =
170906 HIGH MS07-045 =
170904 HIGH MS07-043 =
164913 HIGH MS07-033 =
160623 HIGH MS07-027 =
150253 HIGH MS07-016 =
141030 HIGH MS06-072 =
137568 HIGH MS06-067 =
133387 MEDIUM MS06-065 =
126083 HIGH MS06-042 =
120814 HIGH MS06-021 =
;===============================================================================
================================================================================
=
===================

--------------------------------------------------------HighJackThis Scan (LOG 3)------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:06 PM, on 13/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.google.com
O1 - Hosts: 61.157.217.210 www.google.co.uk
O1 - Hosts: 61.157.217.210 www.myspace.com
O1 - Hosts: 61.157.217.210 www.youtube.com
O1 - Hosts: 61.157.217.210 www.facebook.com
O1 - Hosts: 61.157.217.210 www.antispy.com
O1 - Hosts: 61.157.217.210 www.yahoo.com
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk
O1 - Hosts: 61.157.217.210 www.antispyware.com
O1 - Hosts: 61.157.217.210 antispyware.com
O1 - Hosts: 61.157.217.210 antispy.com
O1 - Hosts: 61.157.217.210 www.msn.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.gg.com
O1 - Hosts: 123.251.143.110 www.ghfhj.com
O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com
O1 - Hosts: 123.251.143.110 www.1.com
O1 - Hosts: 123.251.143.110 www.3.com
O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com
O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfld.com
O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com
O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasndfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com
O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com
O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com
O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com
O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com
O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com
O1 - Hosts: 61.157.217.210 www.live.com
O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com
O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com
O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com
O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com
O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com
O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\pkR.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Yamaha DS-XG Driver] C:\WINDOWS\system32\vdriver.exe
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [ms1src] c:\program files\common files\system\ms1src.exe /install
O4 - HKLM\..\Run: [Win08E1FE06.exe] C:\Arquivos de programas\Win08E1FE06.exe
O4 - HKLM\..\Run: [] C:\Windows\System32\Win08E1FE06.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yamaha DS-XG Driver] C:\WINDOWS\system32\vdriver.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10529 bytes



so if anyone can help me i would greatly apreciate it... thanks!
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us