Still having problems

By shinatoo
Jun 1, 2006
  1. I followed all of the steps but am still having issues.

    My Log
  2. PDusome

    PDusome TS Rookie Posts: 21

    The following lines are suspect:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
    R3 - Default URLSearchHook is missing

    What problems are you experiencing?

  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Aluria Security Center
    aol toolbar 3.0

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).


    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    R3 - Default URLSearchHook is missing

    O4 - Global Startup: Aluria Security Center.lnk = C:\Program Files\Aluria Security Center\SecurityCenter.exe

    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\Program Files\Aluria Security Center\SecurityCenter.exe
    c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html

    Reboot into normal mode and turn system restore back on.

    Regards Howard :wave: :wave:

    PDusome. The R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = entry is safe. It`s the loopback adapter to the local host. :)
  4. shinatoo

    shinatoo TS Rookie Topic Starter

    Done and Done

    I found nothing in your post other than what was in the HJT log.

    Main problems that started all of this were "destroyer.exe" and "troj_controler".

    But while running the myriad of programs suggested the most bothersome item was "Look2me". I never could get the suggested look2me remover to work so I used the one from

    Here is my new HJT file.

    I'll keep you up to date on what new things pop up.

    -- verbose hjt log removed --

    Have you really followed all the steps as you said in your first post? That's the second time you've failed to follow step 4. In other words, please post your HJT log as a .txt attachment, and NOT pasted into the post. - Spike
  5. Spike

    Spike TS Evangelist Posts: 2,168

    You have a Zeno infection.

    Reboot into safe mode, disable sytem restore, and show hidden files and folders.

    Open Control panel -> add/remove programs, and uninstall if present...
    Anything related to/called Zeno

    Open task manager and end the following process if running...

    Run HJT, and fix...
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinqqez.exe

    Open Explorer, and delete the following files if present...
    qwinnsap.exe (use windows search to check for it - may not be present)
    twinorag.exe (use windows search to check for it - may not be present)
    %USERPROFILE%\Start Menu\Programs\Startup\Zeno.lnk (repeat for all user profiles)
    %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Zeno.lnk

    Open regedit (start -> run -> regedit) and delete he following keys if present...
    CurrentVersion\Uninstall\Enhanced Ads by Zeno
    CurrentVersion\Uninstall\Zeno Search Assistant
    CurrentVersion\Run "BrowserUpdateSched"

    Re-enable system restore, reboot to normal mode, and let's see if we've gotten rid of it successfully.
  6. shinatoo

    shinatoo TS Rookie Topic Starter

    Did it. Here you go.

    Edit: I have removed your copied and pasted HJT log
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    If you ever need to post a HJT log again.

    Please post it as a .txt attachment and not copied and pasted into your thread. If you fail to do this, your thread will be deleted.

    Regards Howard :)
  8. shinatoo

    shinatoo TS Rookie Topic Starter

    Thank you very much!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...