Sponsored By

njustice

Members
  • Content Count

    51
  • Joined

  • Last visited

About njustice

  • Rank
    Malware Zapper

Contact Methods

  • Website URL
    http://www.pctorium.com
  • ICQ
    0
  1. njustice

    Ignore List Error (as Notified By Spyware Doctor)

    Hi there, and welcome to the forums! Disable Spyware Doctor: Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor: Click the Spyware Doctor icon in the System Tray. Click Settings. Click Startup Settings under Pick a Category. Uncheck Run at Windows startup. Click Apply and Exit Spyware Doctor Once your log is clean you can re-enable Spyware Doctor. HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder (eg....C:\Program Files\HijackThis) for it and place the program into that new folder. Also, please be sure to RENAME hijackthis.exe to analyze.exe by RightClicking hijackthis.exe and selecting Rename. This is important! Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ O4 - Startup: MP3 Rocket (silent).lnk = C:\Program Files\MP3 Rocket\MP3Rocket_on_startup.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm027YYGB O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe Click on Fix Checked when finished and exit HijackThis. Next download AVG Anti-Spyware from HERE and save that file to your desktop. This is a 30 day trial of the program Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files. On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. [*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. [*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine". [*]Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: Lauch AVG Anti-Spyware by double-clicking the icon on your desktop. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Next select the "Reports" icon at the top. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan along with a new hijackthis log.
  2. njustice

    Web Page Designer Wanted!

    If you still need someone give me a PM.
  3. njustice

    Welcome Back Everyone!

    Awesome Jeff
  4. njustice

    Ok, Here It Is.........

    Liz you are welcome, now moving this topic into the Hijackthis logs resolved forum. Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
  5. njustice

    Ok, Here It Is.........

    HI Liz, I would recommend you change all passwords you use, other than that.... CNGRATULATINS! at last, your system is clean and free of spyware! Want to keep it that way? Here are some simple steps you can take to reduce the chance of infection in the future. Please do these steps as soon as possible if you haven't already. 1. Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. a. Windows Update: http://v5.windowsupdate.microsoft.com/en/default.asp 2. Adjust your security settings for ActiveX: Go to Internet Options/Security/Internet, press 'default level', then OK. Now press "Custom Level." In the ActiveX section, set the first option, 'Download signed controls', to 'Prompt; set the second option, 'Download unsigned controls', to 'Disable'; and finally, set 'Initialize and Script ActiveX controls not marked as safe" to 'Disable'. 3. Download and install the following free programs a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html b. SpywareGuard: http://www.wilderssecurity.net/spywareguard.html c. IE/Spyad: https://netfiles.uiuc.edu/ehowes/www/resource.htm d. Bugoff: http://www.majorgeeks.com/download4308.html 4. Install Spyware Detection and Removal Programs: You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware. a. AdAware: http://www.lavasoft.de/ b. Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright "Foistware". You will find the list here: http://www.spywarewarrior.com/rogue_anti-spyware,htm 5. Install 'Spoofstick" Spoofstick is a simple browser extension that helps users detect spoofed (fake) websites. This extension is free and installs in Internet Explorer and Mozilla Firefox. a. http://www.corestreet.com/spoofstick 6. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. See the links below: a. ZoneAlarm b. Kerio 7. Reset System Restore If you are using Windows ME or Windows XP, please reset your System Restore. a. Turn off system restore by right clicking on "My Computer" and go to "Properties"->"System Restore" and check the box for "Turn off System Restore". Click "Apply" and then "OK". Restart your computer. Reverse these steps and turn "System Restore" back on and create a new restore point. 8. Use GoogleToolbar - It's free, blocks popups and takes seconds to install. Use the toolbar without the advanced features enabled(check this during install), the toolbar is completely inert--it doesn't send any information to Google whatsoever as you surf. a. GoogleToolbar 9. RegScrubXP 3.25 - Safely cleans junk out of the Windows. 2000/XP system registry. All changes made to the registry are fully restorable to it's original condition. a. RegScrubXP 3.25 10. Online Virus Scans - Run these on a regular basis(I usually do about once a month or suspect a problem): a. http://www.pandasoftware.com/activescan/co...n_principal.htm b. http://www.windowsecurity.com/trojanscan/ c. http://housecall.trendmicro.com/ d. http://www.bitdefender.com/scan/licence.php 11. Alternative Browsers - Using an alternative browser other than IE will IMMENSELY reduce the risk of infection: a. Firefox<==my #1 choice b. Avant c. Opera Good luck, and thanks for coming to our forums for help with your security and malware issues.
  6. njustice

    Ok, Here It Is.........

    Hi Liz, here is an easier way to cleanout those files: Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove.
  7. njustice

    Ok, Here It Is.........

    Hi Liz, your link to HijackFree won't work for me. ================ Double-click on KillBox to launch it, then click to enable Delete on Reboot. Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes. C:\WINDOWS\SYSTEM32\ps1.exe C:\DOCUMENTS AND SETTINGS\LIZ\LOCAL SETTINGS\TEMP\blank.gif C:\DOCUMENTS AND SETTINGS\LIZ\LOCAL SETTINGS\TEMP\motoin.exe C:\sp.exe C:\WINDOWS\cfgmgr52.dll C:\WINDOWS\unstall.exe C:\PROGRAM FILES\MySearch C:/WINDOWS/DOWNLOADED PROGRAM FILES/M67M.OCX C:/WINDOWS/DOWNLOADED PROGRAM FILES/MEDIAACCX.DLL C:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\DFBJLT8E\upd208[1].exe C:\WINDOWS\cfgmgr52.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.1\WONWebLauncherControl.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.2\WONWebLauncherControl.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.3\WONWebLauncherControl.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.4\WONWebLauncherControl.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.5\WONWebLauncherControl.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.6\WONWebLauncherControl.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.7\WONWebLauncherControl.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.8\WONWebLauncherControl.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.9\WONWebLauncherControl.ocx C:\WINDOWS\Downloaded Program Files\m67m.inf C:\WINDOWS\Downloaded Program Files\m67m.ocx C:\WINDOWS\Downloaded Program Files\pcs_0006.exe C:\WINDOWS\Downloaded Program Files\popcaploader.dll C:\WINDOWS\Downloaded Program Files\popcaploader.inf C:\WINDOWS\Downloaded Program Files\WONWebLauncherControl.ocx C:\WINDOWS\lhzgzhbk.exe C:\WINDOWS\Live_Sex.exe C:\WINDOWS\system\UpdInst.exe C:\WINDOWS\temp\upd208.exe C:\WINDOWS\unstall.exe ============== Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!) [*]C:\Windows\Temp\ [*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\ [*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\ [*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested. [*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\ [*]Empty your "Recycle Bin" =============== Make sure Ewido, Adaware and Spybot are updated, fix what they find rebooting inbetween each scan. Report back on how your computer is running.
  8. njustice

    Ok, Here It Is.........

    Liz, go ahead and post the report after your done with the other scan.
  9. njustice

    Ok, Here It Is.........

    Liz, after consulting with other experts we feel that the two files you scanned at Jotti's are in fact bad. Double-click on KillBox to launch it, then click to enable Delete on Reboot. Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes. C:\log.txt C:\win.txt C:\windows.txt C:\WINDOWS\pcconfig.dat C:\WINDOWS\uccspecb.sys C:\WINDOWS\ojojo.dll Also for peace of mind please do the following online scans: http://www.pandasoftware.com/activescan/co...n_principal.htm http://www.windowsecurity.com/trojanscan/ Report back any files that cannot be removed. Let me know how your computer is running.
  10. njustice

    Ok, Here It Is.........

    Hi Liz, I need you to go HERE and browse to the files below, one at a time then Submit for analysis. Please copy and paste the Scanner results and Status back here. C:\WINDOWS\pcconfig.dat C:\WINDOWS\uccspecb.sys
  11. njustice

    Ok, Here It Is.........

    Liz, I need you to do the following as well: Download WinPFind.zip from HERE and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Disconnect from the net and stay offline until all steps are complete. Perform these steps for each account. Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option 4 to Merge Winlogon Notify Defaults, Press enter, wait a few moments. Then double-click WinPFind.exe inside c:\WinPFind to launch the program. Then click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more. When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of your clipboard in your next reply.
  12. njustice

    Ok, Here It Is.........

    Hi Liz, when your done removing the following items, can you post the exact messages your getting for the 2 'new hardware found' boxes? Liz: O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab Rick: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab Jade: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab Skye: You have Hijackthis running from the temporary directory it needs to be in a folder of it's own like the other accounts. I also recommend you remove weatherbug via add/remove programs since it usually comes bundled with crapware. Desktop Weather is a better alternative like Rick is using in his account. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab After removing items please reboot your computer run Hijackthis and check if items have been removed. If any items are not removed let me know which ones and for what account(s).
  13. njustice

    Ok, Here It Is.........

    Download Killbox here: http://www.downloads.subratam.org/KillBox.zip Unzip to desktop. Double-click on KillBox to launch it, then click to enable Delete on Reboot. Please type in the following complete file path into the top box of KillBox : C:\WINDOWS\imgurla.exe Now, click on the little red circle button (with a white "X") and click "Yes" to delete and then "Yes" to "Reboot now". If it doesn't reboot on its own, then you reboot the computer yourself. Once restarted, Run HiJackThis and click "Scan", then post new logs from all accounts on your computer.
  14. njustice

    Ok, Here It Is.........

    Hi Liz, if possible then yes I would like to see the log...thanks Njustice!
  15. njustice

    Ok, Here It Is.........

    Liz....did you run l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter on hubby's account? If not, please do so and tell me which account is setup as Administrator/Owner. Also....do the following under Admin/Owner account: Download rkfiles.zip and unzip it to its own permanent folder. Important! Reboot in SAFE MODE !! Start in Safe Mode Using the F8 method: Restart the computer in Safe Mode. As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears. Use the arrow keys to select the Safe Mode menu item. Press the Enter key. Locate the rkfiles.bat file and double-click it to run it. It will start scanning your computer and could take a little while so be patient. When the DOS window closes, reboot back to normal mode. Post the contents of C:\log.txt back here and I will review it when it comes in.