Tech Support Forum - View Single Post

tetonbob · 01-20-2007, 09:59 AM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download combofix.exe to your desktop.

* IMPORTANT !!! Place it on your Desktop. We'll use this shortly.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

OIN Search (or anything by OIN)
Viewpoint Manager (or anything by Viewpoint)

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R3 - URLSearchHook: (no name) - {2BABA278-41BF-423E-B9E9-40A6722FCCE9} - C:\WINDOWS\System32\bzfxukua.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Csou] "C:\WINDOWS\System32\TSKS~1\nslookup.exe" -vt yazr
O4 - HKCU\..\Run: [Com] C:\Documents and Settings\Jammie\Application Data\s?curity\t?skmgr.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/16a9ed0aa72cfdc...p/RdxIE601.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/p...im/install.cab
O20 - AppInit_DLLs:[/url]

Close HijackThis now.

---------------------------------------------------------------------------------------------

Run ComboFix

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\combofix.exe" /v bzfxukua

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------

I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

Please download and install this excellent and FREE anti-virus program:

Please download Active Virus Shield (powered by Kaspersky) and save it to your desktop.

Please remember to register for your Activation Code using a legitimate email address.
Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:
Then please update the program and run a systemwide scan. Allow it to neutralize all that it finds.
When done, launch Active Virus Shield's main window.
Click the Scan button on the left, and then click Detected.
In the ensuing window, click the Save As button to save a copy of the log.
Copy and paste that log in your next reply.

Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

---------------------------------------------------------------------------------------------

You don't seem to have a firewall program installed. Using a firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:

.

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.

After the install is complete, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked
- Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please ensure that you've copied the entire HJT log. To do so press Ctrl+A to select all, Ctrl+C to copy all, then Ctrl+V to paste all into a thread.

Please return with results from:

C:\ComboFix.txt
ActiveVirusShield
HJT

01-20-2007, 09:59 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,675 OS: 2000 Pro; XP Pro; XP Home	Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Download combofix.exe to your desktop. * IMPORTANT !!! Place it on your Desktop. We'll use this shortly. --------------------------------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: OIN Search (or anything by OIN) Viewpoint Manager (or anything by Viewpoint) --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked R3 - URLSearchHook: (no name) - {2BABA278-41BF-423E-B9E9-40A6722FCCE9} - C:\WINDOWS\System32\bzfxukua.dll O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKCU\..\Run: [Csou] "C:\WINDOWS\System32\TSKS~1\nslookup.exe" -vt yazr O4 - HKCU\..\Run: [Com] C:\Documents and Settings\Jammie\Application Data\s?curity\t?skmgr.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/16a9ed0aa72cfdc...p/RdxIE601.cab O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/p...im/install.cab O20 - AppInit_DLLs:[/url] Close HijackThis now. --------------------------------------------------------------------------------------------- Run ComboFix Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK "%userprofile%\desktop\combofix.exe" /v bzfxukua When finished, it shall produce a log for you. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer. Please download and install this excellent and FREE anti-virus program: Please download Active Virus Shield (powered by Kaspersky) and save it to your desktop. Please remember to register for your Activation Code using a legitimate email address. Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process: Then please update the program and run a systemwide scan. Allow it to neutralize all that it finds. When done, launch Active Virus Shield's main window. Click the Scan button on the left, and then click Detected. In the ensuing window, click the Save As button to save a copy of the log. Copy and paste that log in your next reply. Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable. --------------------------------------------------------------------------------------------- You don't seem to have a firewall program installed. Using a firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice: Comodo Personal Firewall ZoneAlarm Tiny Personal Firewall OutPost Firewall . --------------------------------------------------------------------------------------------- Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "*Accept* License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version. After the install is complete, go back into the Control Panel and double-click the Java Icon. Under Temporary Internet Files, click the Delete Files button. There are three options in the window to clear the cache - Leave ALL 3 Checked Downloaded Applets Downloaded Applications Other Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. --------------------------------------------------------------------------------------------- Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- Please ensure that you've copied the entire HJT log. To do so press Ctrl+A to select all, Ctrl+C to copy all, then Ctrl+V to paste all into a thread. Please return with results from: C:\ComboFix.txt ActiveVirusShield HJT __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009