TechSpot

New member...need help w/HJT log

By NDNMojo
Jun 11, 2005
  1. Hello, I am new here and need some help! I have posted my HJT log to see if there is anything wacky going on. I have run my virus scan and I have 3 trojans that I can't get rid of. Before running HJT, I ran ad aware, spybot S&D, CWS Shreder and have spyware guard running. I ahve attached my log and appreciate any help that anyone can give.


    Thanx,

    NDN
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Boot in Safe Mode.
    Switch System restore OFF.


    There are some questionable items here:
    C:\Army\
    C:\PROGRA~1\OBJECT~1\WINDOW~1\
    If they are legal/installed by you, then OK, otherwise UNinstall anything to do with them.
    The references between the dotted lines underneath should be fixed, regardless!

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    ...................................................................................................
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
    O4 - Startup: SMPMEnvSetup.lnk = C:\Army\SMPMEnvSetup.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

    FIX all O16 - DPF: entries

    O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
    O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe (file missing)
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: McAfee Internet Security (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE" /SERVICE (file missing)
    O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
    ...................................................................................................
    Now click on the Fix Checked button in HJT.

    When done, from between the dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Unless you know these, also delete:
    C:\Army\
    C:\PROGRA~1\OBJECT~1\WINDOW~1\

    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Boot normal. When all OK, switch System Restore back on.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.