Cretemonster

Members
  • Content Count

    12
  • Joined

  • Last visited

Everything posted by Cretemonster

  1. Expired is NO GOOD for nuttin! First thing will be to disable Symantec through Msconfigs StartUp and Services tabs! All the Norton or Symantec entries should be terminated! Now,for some good free Antivirus Software AVG http://www.grisoft.com/doc/40/lng/us/tpl/tpl01 Antivir http://www.free-av.com/ avast! 4 Home Edition http://www.avast.com/eng/avast_4_home.html BitDefender Free Edition v7 http://www.bitdefender.com/bd/site/products.php?p_id=24 a-squared Free http://www.emsisoft.com/en/software/free/ ClamAV http://www.clamwin.com/ Free Firewall Software Kerio Personal Firewall http://www.kerio.c
  2. Looking Good!!! Hows it running? At this point I would start getting rid of all the stuff that has been used to clean up the PC! Only Keep what you really want! All the scanning programs,aside from HijackThis,can go! Are all the Symantec products working and can you update them and use the scan OK? Is there a Firewall with the Symantec product? Be sure that SpywareBlaster got installed and that System Restore is disabled! Post back and ask all the questions you want and let me know about the questions I asked!
  3. Good Deal!! Did all those files go peacefully? Now,this file you are searching for,it may look just like the legit file-> USERINIT.EXE Trick is to look at the Date and Size of the file Good File-> C:\WINDOWS\SYSTEM32\USERINIT.EXE Created 08/29/2002 04:00 AM Size 22,016bytes or 21.5 KB Bad File-> C:\WINDOWS\SYSTEM32\??erinit.exe (The ? can be anything) Created 01/11/2005 07:15 AM Size 401,408 bytes or 392 KB Thats the file you want to delete! You will notice,when you place the Pointer over the bad file,all that will be displayed is the Date Created and The Size! You may need to be in
  4. Howdy Hector, Good job getting rid of Qoologic!! There is definatly some trash left to take out! Download the following! The attached Zip folder with a reg file I fixed up for you!(Unzip and Extract All) LQfix Unzip it and save it to your desktop, don't use it yet! CCleaner: http://www.filehippo.com/download_ccleaner.html This is to help keep those Temporary Files Cleaned Up! CleanUp! 4.0: http://downloads.stevengould.org/cleanup/CleanUp40.exe Restart in Safe Mode! From LQfix Folder-> Doubleclick LQfix.bat that you saved on your desktop before. A doswindow will open and close again, this
  5. Be sure System Restore is Disabled! http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam Last lets get a hefty Reg Cleaner and move out all dead registry entries! RegSupreme Pro 1.1.0.32 http://majorgeeks.com/RegSupreme_Pro_d4256.html Once downloaded and launched,Click Yes to Update the Cache-> Click "Registry Cleaner"-> Click "Aggresive" and "Start"-> Fix everything it finds-> Name the Backup it creates and Save it somewhere safe! Wait until Safe Mode to run it! Take special note,Any registry cleaner such as this,is not intended for daily,weekly or even monthly use! It sho
  6. OK Hector you get the credit for motivating me to find out what the deal is with this new Qoologic Infection and thats exactly what I have done! Download Process Explorer from here http://www.sysinternals.com/Files/ProcessExplorerNt.zip Right Click the Zip file and Select "Extract All" Open Process Explorer by double clicking "procexp.exe" Once opened,locate this process jjaaoo.exe Double Click that process and Select Strings-> Place a Tick in Memory-> Give a second to load and Click Save-> Save that to the Desktop! Post those results! After this is over,we need to get all the program
  7. Well this has me scratching my head! So whats the Verdict on the .cpl file,is it gone or not? Make a Post with all 3 logs again In Safe Mode,run WinPFind Restart Normal,Run the VB Script and produce a HijackThis Startup List Log! Post all 3 logs! What is the Status of System Restore? Enabled or Disabled! Are you getting any kind of PopUps or Redirects?
  8. Good Job Hector,you did Killbox C:\WINDOWS\SYSTEM32\conres.cpl??? There are a few more to kill as well,Delete on Reboot,into Safe Mode! Run the files through Killbox again! C:\WINDOWS\system32\ddjjllw.dll C:\WINDOWS\system32\jjoob.dll C:\WINDOWS\System32\jjaaoo.exe C:\WINDOWS\system32\yrjreqhj.exe Remove the 04 again with HijackThis O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\jjaaoo.exe reg_run After the files are gone,run the Hoster again just as you did before! Until we know for sure you are clean please install these for added protection! Winhelp2002 Hosts File http://www.mvps.org/winh
  9. C:\WINDOWS\SYSTEM32\conres.cpl<<<<<< Get that File Scanned First,before Deleting! What was the Outcome of that file Scan? Post a HijackThis Startup log so I can check the Policy Keys again!
  10. Have HijackThis Fix this one O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\jjaaoo.exe reg_run Go to Safe Mode and do one more Scan with WinPFind! Restart and Post a fresh HijackThis log and the log from WinPFind!
  11. Holy Smokes!!!!!!!! First get this file scanned at the 2 sites below C:\WINDOWS\SYSTEM32\conres.cpl http://virusscan.jotti.org/ http://www.virustotal.com/flash/index_en.html If scans all clear-> Remove it from the Deletion list! You know what to do if it Scans Nasty! Next,Download the Attachment to your desktop and Unzip it! Download the Hoster from here: http://www.funkytoad.com/download/hoster.zip Press "Restore Original Hosts" and press "OK"!! Exit Program!! Copy&Paste the list of files below into Killbox and use the Instructions that follow! C:\WINDOWS\SYSTEM32\conres.cpl<<
  12. Hey Jeff and Hector! Dont mean to butt in but this Qoo Crap is Ticking me off! Hector if you will,please Download WinPFind: http://www.bleepingcomputer.com/files/winpfind.php Right Click the Zip Folder and Select "Extract All" Don't use it yet! Restart in Safe Mode Doubleclick WinPFind.exe and Click "Start Scan" It will scan the entire System, so please be patient! Once the Scan is Complete-> Locate WinPFind.txt in the WinPFind Folder and place those in the Next Post! Produce another HijackThis StartUp log and Use the TrackQoo VB Script as well Save the report from both of those! You can f