Help With Hijack This Log....
- Thread starter rastaman
- Start date
- Status
Please follow the instructions in the sticky thread at the top of the forum, with the title Follow these instructions BEFORE posting your HJT log.
Only THEN please post your HJT log as a .TXT attachment, as per the instructions in that thread.
Only THEN please post your HJT log as a .TXT attachment, as per the instructions in that thread.
First, reboot into safe mode, disable system restore, and show all hidden files and folders in explorer.
1, Open add/remove programs in control panel and uninstall if present...
RXtoolbar
Bearshare
2, Open Task manager, and end any process listed in these instructions that's running
3, run HJT, and let it fix...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
/* Fix between these lines only if not recognised/wanted */
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.iastate.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21
/* Fix between these lines only if not recognised/wanted */
O2 - BHO: (no name) - {019B28EC-CC2B-98DC-7B15-ECDC3A68B1B8} - C:\WINDOWS\System32\lmjkeqot.dll (file missing)
O2 - BHO: (no name) - {B8F55D3A-E8F3-B500-A4DC-90CB589F0DBB} - C:\WINDOWS\System32\ilwqwkaq.dll (file missing)
O4 - HKLM\..\Run: [cP] C:\documents and settings\kalipopo\local settings\temp\cP.exe
O4 - HKLM\..\Run: [DoWrmjOf] C:\documents and settings\kalipopo\local settings\temp\DoWrmjOf.exe
O4 - HKLM\..\Run: [8Qr] C:\documents and settings\kalipopo\local settings\temp\8Qr.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKCU\..\Run: [dBvERSfnT] qasnt91.exe
O4 - HKCU\..\Run: [Tihe] C:\Documents and Settings\kalipopo\Application Data\uatr.exe
O4 - HKCU\..\Run: [Cgbubmrf] C:\Documents and Settings\kalipopo\Application Data\??mbols\n?pdb.exe
O4 - HKCU\..\Run: [Jkvpoz] C:\WINDOWS\System32\n?tepad.exe
O4 - HKCU\..\Run: [Scae] C:\Documents and Settings\kalipopo\Application Data\cesa.exe
4, Open Explorer/My Computer and delete the following files/directories in bold...
C:\documents and settings\kalipopo\local settings\temp\{every file in this folder}
C:\Program Files\BearShare\
C:\Program Files\RXToolBar\
C:\Documents and Settings\kalipopo\Application Data\uatr.exe
C:\Documents and Settings\kalipopo\Application Data\??mbols\
C:\WINDOWS\System32\n?tepad.exe
C:\Documents and Settings\kalipopo\Application Data\cesa.exe
5, Re-enable system restore, and reboot to windows normally. Run HJT, and post a fresh log
1, Open add/remove programs in control panel and uninstall if present...
RXtoolbar
Bearshare
2, Open Task manager, and end any process listed in these instructions that's running
3, run HJT, and let it fix...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
/* Fix between these lines only if not recognised/wanted */
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.iastate.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21
/* Fix between these lines only if not recognised/wanted */
O2 - BHO: (no name) - {019B28EC-CC2B-98DC-7B15-ECDC3A68B1B8} - C:\WINDOWS\System32\lmjkeqot.dll (file missing)
O2 - BHO: (no name) - {B8F55D3A-E8F3-B500-A4DC-90CB589F0DBB} - C:\WINDOWS\System32\ilwqwkaq.dll (file missing)
O4 - HKLM\..\Run: [cP] C:\documents and settings\kalipopo\local settings\temp\cP.exe
O4 - HKLM\..\Run: [DoWrmjOf] C:\documents and settings\kalipopo\local settings\temp\DoWrmjOf.exe
O4 - HKLM\..\Run: [8Qr] C:\documents and settings\kalipopo\local settings\temp\8Qr.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKCU\..\Run: [dBvERSfnT] qasnt91.exe
O4 - HKCU\..\Run: [Tihe] C:\Documents and Settings\kalipopo\Application Data\uatr.exe
O4 - HKCU\..\Run: [Cgbubmrf] C:\Documents and Settings\kalipopo\Application Data\??mbols\n?pdb.exe
O4 - HKCU\..\Run: [Jkvpoz] C:\WINDOWS\System32\n?tepad.exe
O4 - HKCU\..\Run: [Scae] C:\Documents and Settings\kalipopo\Application Data\cesa.exe
4, Open Explorer/My Computer and delete the following files/directories in bold...
C:\documents and settings\kalipopo\local settings\temp\{every file in this folder}
C:\Program Files\BearShare\
C:\Program Files\RXToolBar\
C:\Documents and Settings\kalipopo\Application Data\uatr.exe
C:\Documents and Settings\kalipopo\Application Data\??mbols\
C:\WINDOWS\System32\n?tepad.exe
C:\Documents and Settings\kalipopo\Application Data\cesa.exe
5, Re-enable system restore, and reboot to windows normally. Run HJT, and post a fresh log
- Status
Similar threads
