Help Please - HJT file ewido to follow
- Thread starter psmith03
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
First, go HERE and follow the instructions. Then, continue with the instructions below.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
026f6c61.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\System32\adrotate.dll (file missing)
O4 - HKLM\..\Run: [Hsmundaa] C:\Program Files\Uuej\Tcauc.exe
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKCU\..\Run: [026f6c61.exe] C:\Documents and Settings\jadlo\Local Settings\Application Data\026f6c61.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
Fix all 015-Trusted zone entries.
Fix all 016-DPF entries.
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: polymorphreg - C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
C:\Documents and Settings\jadlo\Local Settings\Application Data\026f6c61.exe
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard :wave: :wave:
First, go HERE and follow the instructions. Then, continue with the instructions below.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
026f6c61.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\System32\adrotate.dll (file missing)
O4 - HKLM\..\Run: [Hsmundaa] C:\Program Files\Uuej\Tcauc.exe
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKCU\..\Run: [026f6c61.exe] C:\Documents and Settings\jadlo\Local Settings\Application Data\026f6c61.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
Fix all 015-Trusted zone entries.
Fix all 016-DPF entries.
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: polymorphreg - C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
C:\Documents and Settings\jadlo\Local Settings\Application Data\026f6c61.exe
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard :wave: :wave:
howard_hopkinso
Posts: 21,238 +17
Run HJT and click on the config button, then the misc tools button. Click the delete file on reboot button and browse to C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll. Click on the artm_new.dll file and click open. You will be prompted to reboot your computer, click yes.
Once your computer has restarted do the following.
Run HJT and click on the config button, then the misc tools button. Click the delete file on reboot button and browse to C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll. Click on the polymorph.dll file and click open. You will be prompted to reboot your computer, click yes.
Once your computer has restarted do the following.
Run HJT and click on the config button, then the misc tools button. Click the delete file on reboot button and browse to C:\Documents and Settings\jadlo\Local Settings\Application Data\026f6c61.exe. Click on the 026f6c61.exe file and click open. You will be prompted to reboot your computer, click yes.
Once your computer has restarted do the following.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
026f6c61.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [026f6c61.exe] C:\Documents and Settings\jadlo\Local Settings\Application Data\026f6c61.exe
You must fix all 015 Trusted zone entries, no matter what they are.
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: polymorphreg - C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
C:\Documents and Settings\jadlo\Local Settings\Application Data\026f6c61.exe
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
Once your computer has restarted do the following.
Run HJT and click on the config button, then the misc tools button. Click the delete file on reboot button and browse to C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll. Click on the polymorph.dll file and click open. You will be prompted to reboot your computer, click yes.
Once your computer has restarted do the following.
Run HJT and click on the config button, then the misc tools button. Click the delete file on reboot button and browse to C:\Documents and Settings\jadlo\Local Settings\Application Data\026f6c61.exe. Click on the 026f6c61.exe file and click open. You will be prompted to reboot your computer, click yes.
Once your computer has restarted do the following.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
026f6c61.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [026f6c61.exe] C:\Documents and Settings\jadlo\Local Settings\Application Data\026f6c61.exe
You must fix all 015 Trusted zone entries, no matter what they are.
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: polymorphreg - C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll
C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
C:\Documents and Settings\jadlo\Local Settings\Application Data\026f6c61.exe
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
The exact same entries I asked you to fix are still there, including the 015-Trusted zone entries.
Why haven`t you fixed them?
Do you have adiminstrator privilidges?
If not, We`re wasting our time.
You said earlier and I quote.
Could you please explain, what you mean by allowed to?
Regards Howard
Why haven`t you fixed them?
Do you have adiminstrator privilidges?
If not, We`re wasting our time.
You said earlier and I quote.
Could you please explain, what you mean by allowed to?
Regards Howard
addt'l info
Sorry, I am a super super everyday computer user. Computer techie I am not. I have never looked at a file folder or a directory or anything else in my life. Fortunately, the instructions you have given have been easy to understand, but maybe I am not doing something right. Please try to be patient with me. I will try to go thru the steps I took and hope that helps?
This past time:
I ran HJT, browsed saw artm_new.dll & requested the delete file on reboot
I ran HJT, browsed saw polymorph.dll & requested the delete file on reboot
I ran HJT, browsed DID NOT see 026f6c61.exe
booted into safe mode, logged in under the administrator user option
turned off system restore, turned on show all files... hidden and system...
opened task manager, 026f6c61.exe was not showing in processes
closed task manager
still in safe mode, Ran HJT
in the logfile, the only files showing that you had listed to fix were:
2 - 020 ones
there were no R0, R3, 04, and no 015 files (I thought this was good)
I clicked the fix button, closed HJT
I tried to locate the 3 files /directories you mentioned (polymorph, artm, 026f6c61) they were not there
I rebooted to normal mode, ran HJT & here I am...
Thanks again for your patience.
Sorry, I am a super super everyday computer user. Computer techie I am not. I have never looked at a file folder or a directory or anything else in my life. Fortunately, the instructions you have given have been easy to understand, but maybe I am not doing something right. Please try to be patient with me. I will try to go thru the steps I took and hope that helps?
This past time:
I ran HJT, browsed saw artm_new.dll & requested the delete file on reboot
I ran HJT, browsed saw polymorph.dll & requested the delete file on reboot
I ran HJT, browsed DID NOT see 026f6c61.exe
booted into safe mode, logged in under the administrator user option
turned off system restore, turned on show all files... hidden and system...
opened task manager, 026f6c61.exe was not showing in processes
closed task manager
still in safe mode, Ran HJT
in the logfile, the only files showing that you had listed to fix were:
2 - 020 ones
there were no R0, R3, 04, and no 015 files (I thought this was good)
I clicked the fix button, closed HJT
I tried to locate the 3 files /directories you mentioned (polymorph, artm, 026f6c61) they were not there
I rebooted to normal mode, ran HJT & here I am...
Thanks again for your patience.
howard_hopkinso
Posts: 21,238 +17
Ok, no problem.
When you boot into safe mode, you should log in on your own account name and not the administrator account.
Please post a fresh HJT log.
Regards Howard
When you boot into safe mode, you should log in on your own account name and not the administrator account.
Please post a fresh HJT log.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
Well done. Your HJT is clean, except for one suspicious entry.
O21 - SSODL: CDRecorder001 - {A3BC5E20-0235-1ABF-9CE1-00AA00512001} - C:\WINDOWS\System32\bjgish32.dll
If you don`t recognise it, let HJT fix it. I can`t find any info on that .dll file.
Regards Howard
O21 - SSODL: CDRecorder001 - {A3BC5E20-0235-1ABF-9CE1-00AA00512001} - C:\WINDOWS\System32\bjgish32.dll
If you don`t recognise it, let HJT fix it. I can`t find any info on that .dll file.
Regards Howard
- Status
