njustice

Members
  • Content Count

    51
  • Joined

  • Last visited

Everything posted by njustice

  1. Hi there, and welcome to the forums! Disable Spyware Doctor: Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor: Click the Spyware Doctor icon in the System Tray. Click Settings. Click Startup Settings under Pick a Category. Uncheck Run at Windows startup. Click Apply and Exit Spyware Doctor Once your log is clean you can re-enable Spyware Doctor. HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder (eg....C:\Program Files\HijackTh
  2. Liz you are welcome, now moving this topic into the Hijackthis logs resolved forum. Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
  3. HI Liz, I would recommend you change all passwords you use, other than that.... CNGRATULATINS! at last, your system is clean and free of spyware! Want to keep it that way? Here are some simple steps you can take to reduce the chance of infection in the future. Please do these steps as soon as possible if you haven't already. 1. Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. a. Windows Update: http://v5.windowsupdate.microsoft.com/en/default.asp 2. Adjust your sec
  4. Hi Liz, here is an easier way to cleanout those files: Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove.
  5. Hi Liz, your link to HijackFree won't work for me. ================ Double-click on KillBox to launch it, then click to enable Delete on Reboot. Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes. C:\WINDOWS\SYSTEM32\ps1.exe C:\DOCUMENTS AND SETTINGS\LIZ\LOCAL SETTINGS\TEMP\blank.gif C:\DOCUMENTS AND SETTINGS\LIZ\LOCAL SETTINGS\TEMP\motoin.exe C:\sp.exe C:\WINDOWS\cfgmgr52.dll C:\WINDOWS\un
  6. Liz, go ahead and post the report after your done with the other scan.
  7. Liz, after consulting with other experts we feel that the two files you scanned at Jotti's are in fact bad. Double-click on KillBox to launch it, then click to enable Delete on Reboot. Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes. C:\log.txt C:\win.txt C:\windows.txt C:\WINDOWS\pcconfig.dat C:\WINDOWS\uccspecb.sys C:\WINDOWS\ojojo.dll Also for peace of mind please do the following online s
  8. Hi Liz, I need you to go HERE and browse to the files below, one at a time then Submit for analysis. Please copy and paste the Scanner results and Status back here. C:\WINDOWS\pcconfig.dat C:\WINDOWS\uccspecb.sys
  9. Liz, I need you to do the following as well: Download WinPFind.zip from HERE and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Disconnect from the net and stay offline until all steps are complete. Perform these steps for each account. Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option 4 to Merge Winlogon Notify Defaults, Press enter, wait a few moments. Then double-click WinPFind.exe inside c:\WinPFind to launch the program. Then click on the Star
  10. Hi Liz, when your done removing the following items, can you post the exact messages your getting for the 2 'new hardware found' boxes? Liz: O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab Rick: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control)
  11. Download Killbox here: http://www.downloads.subratam.org/KillBox.zip Unzip to desktop. Double-click on KillBox to launch it, then click to enable Delete on Reboot. Please type in the following complete file path into the top box of KillBox : C:\WINDOWS\imgurla.exe Now, click on the little red circle button (with a white "X") and click "Yes" to delete and then "Yes" to "Reboot now". If it doesn't reboot on its own, then you reboot the computer yourself. Once restarted, Run HiJackThis and click "Scan", then post new logs from all accounts on your computer.
  12. Hi Liz, if possible then yes I would like to see the log...thanks Njustice!
  13. Liz....did you run l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter on hubby's account? If not, please do so and tell me which account is setup as Administrator/Owner. Also....do the following under Admin/Owner account: Download rkfiles.zip and unzip it to its own permanent folder. Important! Reboot in SAFE MODE !! Start in Safe Mode Using the F8 method: Restart the computer in Safe Mode. As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears. Use the arrow keys to select the Safe Mode menu item. Press the Enter key. Locate the
  14. CsrLiz344, - You may wish to print out a copy of these instructions to follow while you complete this procedure. =============== Go to Add/Remove programs and remove(uninstall) the following, if present: Viewpoint Toolbar =============== Go to www.trendmicro.com, if your using Firefox or Netscape go to be.trendmicro-europe.com and then: 1. Click "Free Online Scan". 2. Click "Scan now, it's free". It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's done: 1. Select all available drives. 2. Check(tick) "Auto Clean". 3. Click "Scan". When i
  15. Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log. IMPORTANT: Do NOT run any other files in the l2mfix folder unless you ar
  16. Download L2mfix from one of these two locations: http://www.atribune.org/downloads/l2mfix.exe http://www.downloads.subratam.org/l2mfix.exe Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into th
  17. culinfi, =============== Let's look for, and delete, any program segments(prefetches) that might be present, and are associated with the 'problems' we're trying to remove from this system. To do this, let's: 1) Click "Start | Search", then search for each of these program's base name(s), in all files and folders: fpapli.exe* 2) Then if any are found in the 'prefetch' folder, delete them. Look closely, since the 'base' name will have a bunch of random numbers and letters attached to it. =============== Next, Open a command prompt by: 1. Clicking "Start", then "Run...". 2. Enter "cmd"
  18. culinfl, Hello! and welcome to our forums. =============== Go to add/remove programs and uninstall AWS..aka Weatherbug. We'll get you a safer alternative when were done cleaning up your computer. =============== Go to www.trendmicro.com, and then: 1. Click "Free Online Scan". 2. Click "Scan now, it's free". It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's done: 1. Select all available drives. 2. Check(tick) "Auto Clean". 3. Click "Scan". When it completes, copy the full filename of any files that cannot be cleaned or deleted and post the
  19. ------------------------------------------------------------------------- Hello, Please download this self extracting file to your My Downloads folder or My Received Files (dependent on your Operating System): http://www.merijn.org/files/hijackthis_sfx.exe Click the "Save" button. Navigate to My Documents>Chose My Downloads or My Received Files folder once inside that folder click "Save". Now go to the folder you saved HijackThis_sfx.exe in. Double click HijackThis_sfx.exe and select Unzip. When done click "OK". Close the WinZip self Extractor window. Navigate to C:\Program Files\HijackThi
  20. [A] One....Two....Three....CRUNCH!......it takes three licks to get to the center of a Tootsie Pop! Paper or Plastic?
  21. -B is used to restart your computer after files have been reorganized.
  22. I don't see it.... By the way I have IconWorkshop 5.0 if you need my services.
  23. Along with a² free.... ------------------------------------------------------------------------- Run these two free online scans allowing them to fix or delete anything they locate, please note any item they could not remove and the location, post this information in your next thread. http://www.pandasoftware.com/activescan/co...n_principal.htm http://www.windowsecurity.com/trojanscan/ -------------------------------------------------------------------------