bcastner
Premium,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
| reply to Action_Man
Re: [Trojan] HJT log : A little help please.
TeaTimer is an excellent tool for the prevention of spyware but it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose Yes at the Warning prompt.
• Expand the Tools menu.
• Click Resident.
• Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
• In the File menu click Exit to exit Spybot Search & Destroy.
• Download and Unzip to your Desktop: »www.techsupportforum.com/sectool···imer.zip
• Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
1. Open HijackThis again, System scan only. Checkmark these items:
O2 - BHO: (no name) - {22D8E815-4A5E-4dfb-845E-AAB64207F5BD} - (no file)
O4 - HKLM\..\RunServices: [tk] F:\windows\System32\tk.exe
Click "Fix checked" and when the log panel clears exit HijackThis.
2. Download -- but do not yet run -- ComboFix©
Download this file -- to your Desktop -- [/b]from any of these sources:
Right-click on the header of the Code box below, where on the right side it says: "Copy to clipboard":
Open a new Notepad session - (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .
• Disconnect from the Internet.
• Disable your Antivirus. If the Antivirus software you use has any Script Blocking features, be certain to disable these as well.
Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• A window will open with a warning. Accept any Disclaimers to start the fix.
Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown in this little picture:
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
•!• A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
3. Run the BitDefender Online Scanner using Internet Explorer (Only):
»www.bitdefender.com/scan8/ie.htm
• Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
• You'll be prompted to install the activex control,please do so.
• Once installed, Disable your current Antivirus program, then click the 'Click here to scan' button.
• The virus signatures will then load.
• The scan will take quite some time so please be patient.
• Once the scan has finished select the 'Detected Problems' tab.
• Click on 'Click here to export scan'.
• Save the file as an HTML file to your desktop.
• Re-enable your Antivirus program.
• Click on the saved file and allow it to open with IE.
• Go to 'Edit', 'Select All' then Copy and Paste that log result into a new Notepad session, with a filename you can easily locate later.
Post back to the Forum a brand new HijackThis log, and the results of your BitDefender scan.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
