njustice

Hi there, and welcome to the forums! Disable Spyware Doctor: Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor: Click the Spyware Doctor icon in the System Tray. Click Settings. Click Startup Settings under Pick a Category. Uncheck Run at Windows startup. Click Apply and Exit Spyware Doctor Once your log is clean you can re-enable Spyware Doctor. HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder (eg....C:\Program Files\HijackTh

If you still need someone give me a PM.

Awesome Jeff

Liz you are welcome, now moving this topic into the Hijackthis logs resolved forum. Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

HI Liz, I would recommend you change all passwords you use, other than that.... CNGRATULATINS! at last, your system is clean and free of spyware! Want to keep it that way? Here are some simple steps you can take to reduce the chance of infection in the future. Please do these steps as soon as possible if you haven't already. 1. Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. a. Windows Update: http://v5.windowsupdate.microsoft.com/en/default.asp 2. Adjust your sec

Hi Liz, here is an easier way to cleanout those files: Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove.

Hi Liz, your link to HijackFree won't work for me. ================ Double-click on KillBox to launch it, then click to enable Delete on Reboot. Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes. C:\WINDOWS\SYSTEM32\ps1.exe C:\DOCUMENTS AND SETTINGS\LIZ\LOCAL SETTINGS\TEMP\blank.gif C:\DOCUMENTS AND SETTINGS\LIZ\LOCAL SETTINGS\TEMP\motoin.exe C:\sp.exe C:\WINDOWS\cfgmgr52.dll C:\WINDOWS\un

Liz, go ahead and post the report after your done with the other scan.

Liz, after consulting with other experts we feel that the two files you scanned at Jotti's are in fact bad. Double-click on KillBox to launch it, then click to enable Delete on Reboot. Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes. C:\log.txt C:\win.txt C:\windows.txt C:\WINDOWS\pcconfig.dat C:\WINDOWS\uccspecb.sys C:\WINDOWS\ojojo.dll Also for peace of mind please do the following online s

Hi Liz, I need you to go HERE and browse to the files below, one at a time then Submit for analysis. Please copy and paste the Scanner results and Status back here. C:\WINDOWS\pcconfig.dat C:\WINDOWS\uccspecb.sys

Liz, I need you to do the following as well: Download WinPFind.zip from HERE and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Disconnect from the net and stay offline until all steps are complete. Perform these steps for each account. Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option 4 to Merge Winlogon Notify Defaults, Press enter, wait a few moments. Then double-click WinPFind.exe inside c:\WinPFind to launch the program. Then click on the Star

Hi Liz, when your done removing the following items, can you post the exact messages your getting for the 2 'new hardware found' boxes? Liz: O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab Rick: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control)

Download Killbox here: http://www.downloads.subratam.org/KillBox.zip Unzip to desktop. Double-click on KillBox to launch it, then click to enable Delete on Reboot. Please type in the following complete file path into the top box of KillBox : C:\WINDOWS\imgurla.exe Now, click on the little red circle button (with a white "X") and click "Yes" to delete and then "Yes" to "Reboot now". If it doesn't reboot on its own, then you reboot the computer yourself. Once restarted, Run HiJackThis and click "Scan", then post new logs from all accounts on your computer.

Hi Liz, if possible then yes I would like to see the log...thanks Njustice!

Liz....did you run l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter on hubby's account? If not, please do so and tell me which account is setup as Administrator/Owner. Also....do the following under Admin/Owner account: Download rkfiles.zip and unzip it to its own permanent folder. Important! Reboot in SAFE MODE !! Start in Safe Mode Using the F8 method: Restart the computer in Safe Mode. As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears. Use the arrow keys to select the Safe Mode menu item. Press the Enter key. Locate the