Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer - Bhobj.dll


  • Please log in to reply
4 replies to this topic

#1 Danjo

Danjo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 25 November 2006 - 04:09 AM

Internet Explorer closes because of bhobj.dll.

Please review my Hijack List Log.

Much Appreciated,

Daniel

Logfile of HijackThis v1.99.1
Scan saved at 08:53:59, on 25/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Acrobat 5.0\Distillr\AcroTray.exe
D:\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O1 - Hosts: 192.246.40.62 etguidauth.evenbalance.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Acrobat

5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: CBHOBJObj Object - {8A406068-D45C-40B9-A096-38AC717FB608} - C:\WINDOWS\BHOBJ.dll
O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinPatrol] D:\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL

/WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = D:\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/...cab?11561885511

09
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09D1F820-06C3-4899-9EDD-262FB1CD8C40}: NameServer =

195.184.228.6 195.184.228.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{09D1F820-06C3-4899-9EDD-262FB1CD8C40}: NameServer =

195.184.228.6 195.184.228.7
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner -

C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program

Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program

Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program

Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program

Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program

Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:35 AM

Posted 25 November 2006 - 07:57 AM

Hi Danjo, :thumbsup:

We're studying your log right now and will be back to you a.s.a.p.

Thanks for your patience. :flowers:

#3 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:35 AM

Posted 26 November 2006 - 04:37 AM

Hi Danjo, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

1. Unfortunately I see no firewall in your runing processes which probably means that you have none. I urge you to install one since it's your first defense against malware. There are several good but for free programmes available like:

Sygate
Kerio
Zone alarm

For a tutorial on Firewalls click: Understanding and Using Firewalls!

2. Run HijackThis, click Scan and checkmark the following entries:

O2 - BHO: CBHOBJObj Object - {8A406068-D45C-40B9-A096-38AC717FB608} - C:\WINDOWS\BHOBJ.dll

Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

3. Download ATF Cleaner by Atribune. Do not run it yet.

4. Download, install, and update AVG Anti-Spyware 7.5

1. Save the installer to desktop
2. Double click the installer, select your language, and then select OK
3. Click NEXT>>Do or don't read the "User License Agreement"
Select I Agree>>>NEXT>>>INSTALL
4. AVG will now install and afterwards click FINISH
5. AVG Anti-Spyware 7.5 should now Load
6. Click the Update tab at the top. Under Manual Update click Start update.
7. After the update finishes (the status bar at the bottom will display "Update successful")
8. Close AVG Anti-Spyware 7.5. Do not run it yet.

5. Reboot and as the computer starts up, just before Windows starts to load, tap the F8 key a few times and then choose Safe Mode from the menu that will appear.

6. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following file in bold if listed:

C:\WINDOWS\BHOBJ.dll

7. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

8. Then run AVG Anti-Spyware 7.5 and click on the Scanner tab at the top
  • Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected and uncheck "Only if Threats are found"
  • Click back to the "Scan" tab and then click on Complete System Scan.
    This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware 7.5 will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware 7.5 will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Please post the AVG report along with a new HijackThis log.

#4 Danjo

Danjo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 28 November 2006 - 06:55 PM

My F-secure Anit Virus has a firewall. Is that adequate?

I've followed your instructions. Here is my Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 23:48:24, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
D:\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O1 - Hosts: 192.246.40.62 etguidauth.evenbalance.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinPatrol] D:\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = D:\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156188551109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09D1F820-06C3-4899-9EDD-262FB1CD8C40}: NameServer = 195.184.228.6 195.184.228.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{09D1F820-06C3-4899-9EDD-262FB1CD8C40}: NameServer = 195.184.228.6 195.184.228.7
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

AVG Report -

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:43:32 28/11/2006

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Program Files\HijackThis\backups\backup-20061128-224530-323.dll -> Adware.Webdir : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{062561C0-57F5-4410-89F2-9287C2A5E210}\RP390\A0057953.dll -> Adware.Webdir : Cleaned with backup (quarantined).
HKU\S-1-5-21-1659004503-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A406068-D45C-40B9-A096-38AC717FB608} -> Adware.WebDir : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.86:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.86:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.86:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.87:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.87:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.87:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.87:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.91:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.91:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.91:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.91:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.110:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.110:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.110:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.110:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.18:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.164:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.164:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.164:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.164:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.59:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.59:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.60:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.60:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.60:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.60:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.61:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.61:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.61:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.61:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.62:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.62:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.63:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.63:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.168:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.114:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.114:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.114:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.114:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.115:C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\c6w9ym0i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.115:C:\RECYCLER\NPROTECT\00012185.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.115:C:\RECYCLER\NPROTECT\00012187.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.115:C:\RECYCLER\NPROTECT\00012188.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

#5 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:35 AM

Posted 30 November 2006 - 07:19 AM

Hi Danjo, :thumbsup:

My F-secure Anit Virus has a firewall. Is that adequate?


It is, so if you like it that's okay.

Both logs look clean so you're almost ready to go.

1. Clean your Cache and Cookies in IE:

* Close all instances of Outlook Express and Internet Explorer
* Go to Control Panel > Internet Options > General tab
* Click the "Delete Cookies" button
* Next to it, Click the "Delete Files" button
* When prompted, place a check in: "Delete all offline content", click OK

Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

* Go to Tools > Options.
* Click Privacy in the menu on the left side of the Options window.
* Click the Clear button located to the right of each option (History, Cookies, Cache).
* Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Clean other Temporary files + Recycle bin

* Go to start > run and type: cleanmgr and click ok.
* Let it scan your system for files to remove.
* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
* Press OK to remove them.

If you're very active on the internet (daily) clean up every two weeks, if not so active once a month.

2. Remove previous restore points and set a new one to purge any malware that may have been backed up:

Click Start>Help and Support>Undo changes to your computer with System Restore
Click Create A Restore Point then click Next. Give it a name it and then click Create

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

This will remove all previous restore points except the newly created one.

3. In order to prevent future infections follow these recommendations:

a. Visit Windows Update on a regular basis to stay current with critical updates.

b. Install and run the following free programs:

* Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here!

* Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found
here! Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

* SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here!

* SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here!

* IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Keep all these programs (including your anti-virus) up-to-date and run them regularly.
If you do not update regularly they will not be able to catch any of the new variants that may come out.

c. I recommend you to read Tony Klein's excellent article: So how did I get infected in the first place?

d. If you want to fight back the Malware Writers, please take a look here!

Glad I was able to help and if there are any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BleepingComputer Forums, we also help people with other computer problems! Do not forget to tell your friends about us!

Good luck! :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users