Tech Support Forum - View Single Post - Need help on this hijackthis.log, please..

**POADB** · 06-16-2006, 11:19 AM

A new version of SmitFraudFix is available.

I would like you to delete the current version you have, and re-download the new version and run it again.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

********************************SAFE MODE*********************************

REBOOT TO SAFE MODE

Restart the computer. The computer begins processing a set of instructions known as BIOS.
As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
Continue to do so until the 'Windows Advanced Options' menu appears.
Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode.

*********************************SMITFRAUDFIX********************************

Open the SmitfraudFix Folder,

Double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry?"
Answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll.
Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C:\ (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Run HJT and fix the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKCU\..\Run: [algchk.exe] C:\WINDOWS\system32\algchk.exe

Delete the following files and folders:[b]

C:\Documents and Settings\All Users\Application Data\SecTaskMan\
C:\WINDOWS\winlogon.exe
C:\WINDOWS\system32\algchk.exe

Please reboot your computer.

Re run Panda.

In your next post please provide logs from:
1. HJT
2. Panda
3. C:\rapport.txt

06-16-2006, 11:19 AM	#5 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	A new version of SmitFraudFix is available. I would like you to delete the current version you have, and re-download the new version and run it again. Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. ******************************SAFE MODE***************************** REBOOT TO SAFE MODE Restart the computer. The computer begins processing a set of instructions known as BIOS. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the 'Windows Advanced Options' menu appears. Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode. *****************************SMITFRAUDFIX**************************** Open the SmitfraudFix Folder, Double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter*. Wait for the tool to complete and disk cleanup to finish. You will be prompted : "Registry cleaning - Do you want to clean the registry?" Answer Yes* by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually. Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C:\ (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Run HJT and fix the following items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe O4 - HKCU\..\Run: [algchk.exe] C:\WINDOWS\system32\algchk.exe Delete the following files and folders:[b] C:\Documents and Settings\All Users\Application Data\SecTaskMan\ C:\WINDOWS\winlogon.exe C:\WINDOWS\system32\algchk.exe Please reboot your computer. Re run Panda. In your next post please provide logs from: 1. HJT 2. Panda 3. C:\rapport.txt __________________