also @ TechSpot: Windows 8 Release Preview leaked, Microsoft may raise OEM prices

TechSpot

New member...need help w/HJT log

Discussion in 'Virus and Malware Removal' started by NDNMojo, Jun 11, 2005.

Thread Status:
Not open for further replies.

  1. NDNMojo Newcomer, in training

    Hello, I am new here and need some help! I have posted my HJT log to see if there is anything wacky going on. I have run my virus scan and I have 3 trojans that I can't get rid of. Before running HJT, I ran ad aware, spybot S&D, CWS Shreder and have spyware guard running. I ahve attached my log and appreciate any help that anyone can give.


    Thanx,

    NDN
    NDNMojo, Jun 11, 2005
    #1

  2. RealBlackStuff Newcomer, in training

    Boot in Safe Mode.
    Switch System restore OFF.

    There are some questionable items here:
    C:\Army\
    C:\PROGRA~1\OBJECT~1\WINDOW~1\
    If they are legal/installed by you, then OK, otherwise UNinstall anything to do with them.
    The references between the dotted lines underneath should be fixed, regardless!

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    ...................................................................................................
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
    O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
    O4 - Startup: SMPMEnvSetup.lnk = C:\Army\SMPMEnvSetup.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

    FIX all O16 - DPF: entries

    O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
    O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe (file missing)
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: McAfee Internet Security (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE" /SERVICE (file missing)
    O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
    ...................................................................................................
    Now click on the Fix Checked button in HJT.

    When done, from between the dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Unless you know these, also delete:
    C:\Army\
    C:\PROGRA~1\OBJECT~1\WINDOW~1\

    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Boot normal. When all OK, switch System Restore back on.
    RealBlackStuff, Jun 12, 2005
    #2
Thread Status:
Not open for further replies.