Jump to content

intervalhehehe continued


Recommended Posts


So like many others I somehow got this intervalhehehe thing downloaded into my computer, and foolishly just thought that by following instructions I could fix it all on my own.

I have downloaded the malwar software and ran the scan it got rid of the intrevalhehehe thing, however like others whenever I go on the internet I get the stupid chinese script and fake microsoft security message. I have got my logs from the malwar scan and am currently still working on the panda active scan and will post those as well, I have seen the instructions regarding the hijackthis software but would like some input before I scan anything further.

Here are my logs, please help! Thank you!

Malwarebytes' Anti-Malware 1.30

Database version: 1450

Windows 5.1.2600 Service Pack 2

12/2/2008 2:47:16 PM

mbam-log-2008-12-02 (14-47-16).txt

Scan type: Quick Scan

Objects scanned: 65662

Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 13

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Program Files\iWin Games\iWinGamesHookIE.dll (Adware.BHO) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{495874fe-4a82-4ad1-9476-0b957e0b95eb} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e3ed53c5-7ad5-4df5-9734-afb6e7e5d9db} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explore (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\iWin Games\iWinGamesHookIE.dll (Adware.BHO) -> Delete on reboot.

C:\WINDOWS\system32\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Greetings and welcome to the forum. The best thing to do to get you fixed up would be to continue with the HJT instructions and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7

One of the experts will reply and give you advice on the next steps, and if you aren't comfortable using a particular tool in the pre HJT posting instructions, just post the logs you have done in the forum mentioned above and ask for carification and the expert assisting you will advise you on what to do and how to do it to continue the process. Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.