Still having problems
- Thread starter shinatoo
- Start date
- Status
The following lines are suspect:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
What problems are you experiencing?
Regards
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
What problems are you experiencing?
Regards
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Aluria Security Center
aol toolbar 3.0
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
SecurityCenter.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing
O4 - Global Startup: Aluria Security Center.lnk = C:\Program Files\Aluria Security Center\SecurityCenter.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\Program Files\Aluria Security Center\SecurityCenter.exe
c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
Reboot into normal mode and turn system restore back on.
Regards Howard :wave: :wave:
PDusome. The R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 entry is safe. It`s the loopback adapter to the local host.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Aluria Security Center
aol toolbar 3.0
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
SecurityCenter.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing
O4 - Global Startup: Aluria Security Center.lnk = C:\Program Files\Aluria Security Center\SecurityCenter.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\Program Files\Aluria Security Center\SecurityCenter.exe
c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
Reboot into normal mode and turn system restore back on.
Regards Howard :wave: :wave:
PDusome. The R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 entry is safe. It`s the loopback adapter to the local host.
Done and Done
I found nothing in your post other than what was in the HJT log.
Main problems that started all of this were "destroyer.exe" and "troj_controler".
But while running the myriad of programs suggested the most bothersome item was "Look2me". I never could get the suggested look2me remover to work so I used the one from simplytec.it
Here is my new HJT file.
I'll keep you up to date on what new things pop up.
-- verbose hjt log removed --
Have you really followed all the steps as you said in your first post? That's the second time you've failed to follow step 4. In other words, please post your HJT log as a .txt attachment, and NOT pasted into the post. - Spike
I found nothing in your post other than what was in the HJT log.
Main problems that started all of this were "destroyer.exe" and "troj_controler".
But while running the myriad of programs suggested the most bothersome item was "Look2me". I never could get the suggested look2me remover to work so I used the one from simplytec.it
Here is my new HJT file.
I'll keep you up to date on what new things pop up.
-- verbose hjt log removed --
Have you really followed all the steps as you said in your first post? That's the second time you've failed to follow step 4. In other words, please post your HJT log as a .txt attachment, and NOT pasted into the post. - Spike
You have a Zeno infection.
Reboot into safe mode, disable sytem restore, and show hidden files and folders.
Open Control panel -> add/remove programs, and uninstall if present...
Anything related to/called Zeno
Open task manager and end the following process if running...
qwinqqez.exe
Run HJT, and fix...
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinqqez.exe
Open Explorer, and delete the following files if present...
C:\WINDOWS\system32\qwinqqez.exe
qwinnsap.exe (use windows search to check for it - may not be present)
twinorag.exe (use windows search to check for it - may not be present)
%USERPROFILE%\Start Menu\Programs\Startup\Zeno.lnk (repeat for all user profiles)
%ALLUSERSPROFILE%\Start Menu\Programs\Startup\Zeno.lnk
Open regedit (start -> run -> regedit) and delete he following keys if present...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\Enhanced Ads by Zeno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\Zeno Search Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run "BrowserUpdateSched"
Re-enable system restore, reboot to normal mode, and let's see if we've gotten rid of it successfully.
Reboot into safe mode, disable sytem restore, and show hidden files and folders.
Open Control panel -> add/remove programs, and uninstall if present...
Anything related to/called Zeno
Open task manager and end the following process if running...
qwinqqez.exe
Run HJT, and fix...
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinqqez.exe
Open Explorer, and delete the following files if present...
C:\WINDOWS\system32\qwinqqez.exe
qwinnsap.exe (use windows search to check for it - may not be present)
twinorag.exe (use windows search to check for it - may not be present)
%USERPROFILE%\Start Menu\Programs\Startup\Zeno.lnk (repeat for all user profiles)
%ALLUSERSPROFILE%\Start Menu\Programs\Startup\Zeno.lnk
Open regedit (start -> run -> regedit) and delete he following keys if present...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\Enhanced Ads by Zeno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\Zeno Search Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run "BrowserUpdateSched"
Re-enable system restore, reboot to normal mode, and let's see if we've gotten rid of it successfully.
howard_hopkinso
Posts: 21,238 +17
Your HJT log is clean.
If you ever need to post a HJT log again.
Please post it as a .txt attachment and not copied and pasted into your thread. If you fail to do this, your thread will be deleted.
Regards Howard
If you ever need to post a HJT log again.
Please post it as a .txt attachment and not copied and pasted into your thread. If you fail to do this, your thread will be deleted.
Regards Howard
- Status
Latest posts
-
Bending metal: The changing server business- Arbie replied
-
Ryzen 7 5800X3D vs. Ryzen 7 7800X3D, Ryzen 9 7900X3D and 7950X3D- Q Wales replied
