[Hijack This Log[INACTIVE]]

hi wolf44, welcome to BestTechie.

What problems are you having with your computer? The HJT log appears clean, so the next move depends on what is wrong.

-Ryan

[Computer Virus (combofix Log & Hijackthis Log Included)[INACTIVE]]

Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {57A3B35B-DFD7-6AA7-4166-03ED08EB8586} - C:\Program Files\vlkavjuf\ejvjuavk.dll

O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O21 - SSODL: hstsys - {EE10C817-A6A2-45A8-B903-A8553ADBEA10} - C:\WINDOWS\hstsys.dll (file missing)

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Close all open windows except for HiJack This and click fix checked.

1. Please open Notepad

• Click Start , then Run
  
• Type notepad .exe in the Run Box.
  

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\htunistock.dll
C:\WINDOWS\hstsys.dll

Folder::
C:\Program Files\vlkavjuf\
C:\WINDOWS\privacy_danger\

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
  
• A new HijackThis log.
  

Also, do you have a flash drive, CD (or I'm pretty sure that it will fit on a floppy disk) that you could put smitfraudfix onto?

-Ryan

[Computer Virus (combofix Log & Hijackthis Log Included)[INACTIVE]]

OK, so let's postpone that for now... please run ComboFix again and post the log, as well as an uninstall list from HiJack This.

-Ryan

[Computer Virus (combofix Log & Hijackthis Log Included)[INACTIVE]]

Are you logging into the same account in safe mode that you regularly use? If not, please try again, or put the smitfraudfix folder in the C:\ drive.

-Ryan

[Computer Virus (combofix Log & Hijackthis Log Included)[INACTIVE]]

Can you try running it in safemode?

-Ryan

[Irritating Shield In Taskbar[INACTIVE]]

Sorry for the delay in replying; had a few real life projects I needed to get finished for today.

== Clear Temporary Files ==

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

• Close all Internet Explorer, Firefox, and Opera windows before continuing.
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

== Kaspersky Web Scanner ==

Please do an online scan with Kaspersky WebScanner

You will need to use Internet Explorer to do this

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
  
• Once the files have been downloaded click on NEXT
  
  
• Now click on Scan Settings
  
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
    
  • Extended (if available otherwise Standard)
    
  • Scan Options:
    
  • Scan Archives
    Scan Mail Bases
    

  [*]Click OK

  [*]Now under select a target to scan:

  • Select My Computer
    

  [*]This will program will start and scan your system.

  [*]The scan will take a while so be patient and let it run.

  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:
    

  [*]Save the file to your desktop.

== Request Logs ==

Please post the log from the Kaspersky scan.

-Ryan

[Computer Virus (combofix Log & Hijackthis Log Included)[INACTIVE]]

Sorry for the delay in replying; had a few real life projects I needed to get finished for today.

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please save this report to your desktop.

Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Please download FixWareout from here:

http://downloads.subratam.org/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.

The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.

Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt), the smitfraudfix report that you saved earlier and a new Hijackthis log.

-Ryan

[Computer Virus (combofix Log & Hijackthis Log Included)[INACTIVE]]

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
  
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

-Ryan

[Irritating Shield In Taskbar[INACTIVE]]

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

== SmitFraudFix Part 2 ==

Please reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, a menu with options should appear;
  
• Select the first option, to run Windows in Safe Mode, then press "Enter".
  
• Choose your usual account.
  

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

== Remove Programs ==

Please go to Add/Remove Programs in the Control Panel, and remove the following programs

• IE Custom Tools
  IE Safety Features
  Java™ 6 Update 2
  

Reboot your computer.

== Install Latest Java ==

Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

Once it has finished downloading, double click it, and follow the prompts to install.

If it asks to reboot, select Yes.

== Request logs ==

In your next post, please attach a new HiJack This log and the log SmitfraudFix produced (can be found at C:\rapport.txt. Also let me know how the computer is running.

-Ryan

[Computer Virus (combofix Log & Hijackthis Log Included)[INACTIVE]]

Hi intocomputing2, and welcome to BestTechie! I'm Ryan, and I'll be helping you with your computer.

OK, since you have an avast!, let's make sure it is updated, then use it to run a boot time scan.

== Update avast! ==

Right click on the a in the taskbar and select Updating, then select Program.

Avast! will tell you when it has completed the update. If core files were updated, you may get a message asking you to restart. Please allow the computer to restart if prompted.

== Schedule a Boot-Time Scan ==

After you have updated avast! right click the a icon in the taskbar and click Start Avast! AntiVirus.

After this, you will need to Schedule Boot-Time Scan with avast! While all the steps needed to perform this are listed below, you may find a visual tutorial helpful as well.

• Click on the up arrow icon in the left corner, and select Schedule Boot-Time Scan.
  Next, choose:
  • Scan all local disks
    
  • scan archive files
    

Click on Schedule. Avast! will notify you that a system restart is needed. Please select Yes

Your computer will then restart, and avast! will perform the scan prior to Windows loading.

IMPORTANT NOTE: When avast! finds an infected item, it may give you a dialog box with recommended actions. If this happens, please select Move to Chest.

== Request logs ==

Please post the log of the avast scan. It can be found at C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt

I would also like to see an Uninstall list. To obtain an uninstall list, please do the following:

• Open HijackThis, click Config, click Misc Tools
  Click "Open Uninstall Manager"
  Click "Save List" (generates uninstall_list.txt)
  

-Ryan

[Irritating Shield In Taskbar[INACTIVE]]

Hi Acynonix, and welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report and an uninstall log into your next reply.

To obtain an Uninstall list.

• Open HijackThis, click Config, click Misc Tools
  Click "Open Uninstall Manager"
  Click "Save List" (generates uninstall_list.txt)
  

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

-Ryan

[Spyware[INACTIVE]]

== Remove Programs ==

Please go to Add/Remove Programs in the Control Panel, and remove the following programs

• IE Custom Tools
  IE Safety Features
  Information Center
  J2SE Runtime Environment 5.0 Update 3
  

Reboot your computer.

== Install Latest Java ==

Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

Once it has finished downloading, double click it, and follow the prompts to install.

If it asks to reboot, select Yes.

== SmitFraud Scan ==

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

-Ryan

[Spyware[INACTIVE]]

Welcome to BestTechie. I'm Ryan, and I'll be helping you clean your computer.

I would like to see an Uninstall list.

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

-Ryan

[Search Engine Hijack, Tried It All.....[INACTIVE]]

OK. Send me a PM when you are able to post again.

-Ryan

[Search Engine Hijack, Tried It All.....[INACTIVE]]

Hi there, and welcome to Besttechie! I'm Ryan, and I'll be helping you with your computer troubles.

You will want to print out these instructions, or save them to notepad so that you can refer to them later.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

• Close all Internet Explorer, Firefox, and Opera windows before continuing.
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please do an online scan with Kaspersky WebScanner

You will need to use Internet Explorer to do this

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
  
• Once the files have been downloaded click on NEXT
  
  
• Now click on Scan Settings
  
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
    
  • Extended (if available otherwise Standard)
    
  • Scan Options:
    
  • Scan Archives
    Scan Mail Bases
    

  [*]Click OK

  [*]Now under select a target to scan:

  • Select My Computer
    

  [*]This will program will start and scan your system.

  [*]The scan will take a while so be patient and let it run.

  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:
    

  [*]Save the file to your desktop.

  [*]Copy and paste that information in your next post.

Next, go to start > Run and paste in the following: ipconfig >> dns.txt && notepad dns.txt and then press enter. Notepad will open, post the contents of it, along with the Kaspersky log.

-Ryan

[My New Blog - Need Help!]

It doesn't come with it installed, you have to install it via a script in the control panel, but yes, it is a tad easier than installing wordpress your self.

It is a good idea to not use the same company to host your DNS info that hosts your website, as they could hijack the DNS should you try to cancel the account. If you do use it to initially buy the domain, you should transfer it to another registrar as soon as you can.

-Ryan

[My New Blog - Need Help!]

I've used Quality Host Online for the past nine months, but just transfered to DreamHost. I was outgrowing the plan I was on, and DreamHost seemed the most cost-effective for me to move to. It also allowed me to cancel one hosting plan and consolidate the hosting for my sites into one account.

-Ryan

[My New Blog - Need Help!]

For the blog software, I recommend WordPress. Its free, easy to install and use, and there are tons of themes that are free and availble for anyone to use.

As for forums, I've used Simple Machines Forum or phpBB. Like WordPress, both of these are free to use, and have tons of themes availible for download and use.

Even though there are free themes, it does not mean that your site will look bad. All of the themes are good, and there are some amazing themes out there for free.

-Ryan

[Hijackthis Log[INACTIVE]]

The following programs can be uninstalled:

• Java 2 Runtime Environment, SE v1.4.2_14
  Java 2 SDK, SE v1.4.2_14
  

Double-click VundoFix.exe to run it.

• Right click the listbox and select Add more files? Add the following files, one per line
  • C:\WINDOWS\system32\ursss.dll
    C:\WINDOWS\system32\urqnolj.dll
    

  [*]Click the Remove Vundo button.

  [*]You will receive a prompt asking if you want to remove the files, click YES

  [*]Once you click yes, your desktop will go blank as it starts removing Vundo.

  [*]When completed, it will prompt that it will reboot your computer, click OK.

  [*]Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above instructions when VundoFix appears at reboot.

Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)

O2 - BHO: (no name) - {126D2E44-3B1D-46B6-BE67-D5BCF68AEEFD} - C:\WINDOWS\system32\urqnolj.dll

O2 - BHO: (no name) - {450AA662-3EEA-4E6C-B549-B13847E549CD} - C:\WINDOWS\system32\hggdb.dll (file missing)

O2 - BHO: (no name) - {EFFCB1DD-4F7E-43B0-B4DA-7C74C1675AF8} - C:\WINDOWS\system32\ursss.dll

O20 - Winlogon Notify: urqnolj - C:\WINDOWS\SYSTEM32\urqnolj.dll

O20 - Winlogon Notify: ursss - C:\WINDOWS\system32\ursss.dll

O23 - Service: DomainService - - C:\WINDOWS\system32\bnomnoxs.exe

Close all open windows except for HiJack This and click fix checked.

Still in HiJackThis:

• Click on the "Config..." button on the bottom right
  
• Click on the tab "Misc Tools"
  
• click on "delete an NT service"
  
• Copy and paste this in: DomainService
  
• Click "ok", then reboot
  

If you would please rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.

[Hijackthis Log[INACTIVE]]

Hi, and welcome to BestTechie. I'm Ryan, and I'll be helping you with your issue.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
  
• Click the Scan for Vundo button.
  
• Once it's done scanning, click the Remove Vundo button.
  
• You will receive a prompt asking if you want to remove the files, click YES
  
• Once you click yes, your desktop will go blank as it starts removing Vundo.
  
• When completed, it will prompt that it will reboot your computer, click OK.
  
• Please post the contents of C:\vundofix.txt, and Uninstall List, and a new HiJackThis log.
  

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

To obtain the uninstall list:

• Open HijackThis, click Config, click Misc Tools
  Click "Open Uninstall Manager"
  Click "Save List" (generates uninstall_list.txt)
  

-Ryan

[Hjt Log Please Look Thank You![RESOLVED]]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

[Hjt Log Please Look Thank You![RESOLVED]]

All you need to do to uninstall the logmein software is either clear the O16 entry using HJT (if using Internet Explorer), or remove the plugin (if using Firefox).

Since the issues that you are experiencing don't appear to be due to malware, I recommend that you post about any remaining issues in the PC Support forum, where they can provide further assistance (and probably better than I could, since its not malware).

-Ryan

[Hjt Log Please Look Thank You![RESOLVED]]

You have to go to each computer to set it up the first time, but after that, its just as simple as going to the site, selecting which computer you want to connect to, and connecting.

-Ryan

[Hjt Log Please Look Thank You![RESOLVED]]

Logmein.com offers a few solutions. I use the free one to connect to a few computers.

If you were the one that installed the VNC software, then I wouldn't worry about it.

-Ryan

[Hjt Log Please Look Thank You![RESOLVED]]

Did you fix the O23 HJT entry I said to?