coolwebsearch and zenosearch?

[Sienna]

Hello all, :wave:

I've had a problem with popups for so time now but I've managed to just ignore them. I now have a new problem where the web page I'm viewing will automatically change into a "pop up". The screen will suddenly shrink down and go to another web site. It's very annoying, especially since I'm taking an online class this semester.

I saw the thread about how to get rid of coolwebsearch and printed it out last night. I was unable to download the smartkiller for some reason, but besides that I followed all of the steps but I still can't get rid of whatever it is.

When I run ad-aware it say that there are still traces of coolwebsearch and also zenosearch but it's not able to get rid of it.

can anyone help?

 

[A_DOG73]

Yeah

Run your antivirus. If you dont have one, search on this site and get one. I like the AVG Antivirus free edition.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go and have your computer scanned HERE.

Then, go and read both these threads by RBS. Follow all the instructions exactly.

How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.

Then see. How to post your Hijackthis log-file as an ATTACHMENT.

Post a HJT log, only after doing the above.

Regards Howard :wave: :wave:

 

[Sienna]

Thank you A_DOG73 and howard_hopkinso!

howard_hopkinso,

I followed the directons exactly but my computer is still acting up. :knock:

so I've attached my HJT log.

 

[howard_hopkinso]

First, go HERE and follow the instructions.

Then post a fresh HJT log.

Regards Howard

 

[Sienna]

First, go HERE and follow the instructions.

Then post a fresh HJT log.

Regards Howard

wow thanks! that look2me destroyer really helped. I am still getting pop ups but it at least got rid of whatever it was that was changing the webpage I was viewing into popups.

here is my new HJT log

 

[howard_hopkinso]

This is one or the worst HJT logs I have ever seen. Follow the instructions below very carefully. Hopefully we can get your system cleaned up, without the need for a reformat.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Go to add remove programme in your control panel and uninstall anything to do with(if there).

aol toolbar 2.0
EQAdvice
Network

Close control panel.

Click start/run and type services.msc into the run box and press the enter key. When the window appears, maximise it. Locate the following services(if there) and double click on them. Select stop if they are running and set the startup type to disabled.

Microszoft Update Machinezs
9F4D0E0E
Windows Services32

Click apply/ok

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for any of these(if there).

AFB2B3B5B6B8.exe
CheckS02.exe
sys072084332.exe
qldsregp.exe

??plorer.exe
fqxz9h.exe
EQAdvice.exe
LMPDPUI.EXE

eee2.exe
dgfgql.exe
ipnetwork.exe
spytiqwuy.exe

newname2.exe
mscnsz.exe
qssrka.exe
winserv32.exe

pwinmrag.exe
dwdsregt.exe

Click start/run and clear the run box. Copy and paste all these lines, one at a time into the run box and press the enter key. Then, clear the run box and proceed to the next line.

regsvr32 /u C:\WINDOWS\System32\fjqhm32.dll

regsvr32 /u C:\WINDOWS\System32\jzjd32.dll

regsvr32 /u C:\WINDOWS\System32\Inaahl32.dll

regsvr32 /u C:\WINDOWS\System32\tcvqd32.dll

regsvr32 /u C:\WINDOWS\System32\fpwlt32.dll



Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe

O4 - HKLM\..\Run: [>G9a] C:\windows\eee2.exe
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\System32\dgfgql.exe"
O4 - HKLM\..\Run: [0D10111314161B] AFB2B3B5B6B8.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe

O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [kVdtBOn] "C:\WINDOWS\System32\spytiqwuy.exe"
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKLM\..\Run: [sys072084332] C:\WINDOWS\sys072084332.exe

O4 - HKLM\..\Run: [{FC-CD-DE-EC-ZN}] C:\windows\system32\qldsregp.exe CORN001
O4 - HKLM\..\RunServices: [Microszoft Update Machinezs] mscnsz.exe
O4 - HKLM\..\RunServices: [9F4D0E0E] C:\WINDOWS\System32\qssrka.exe
O4 - HKLM\..\RunServices: [Windows Services32] winserv32.exe

O4 - HKCU\..\Run: [Ssrrza] C:\WINDOWS\System32\??plorer.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\pwinmrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe

O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{F403621E-033C-4F2E-B6CB-21A74124EA66}: NameServer = 141.154.0.68 151.203.0.84 Only fix this entry, if it doesn`t belong to your ISP.

O21 - SSODL: mtklefap - {CCEDDCEA-8E3B-465F-E8B6-9CC9F4AB217E} - C:\WINDOWS\System32\fjqhm32.dll
O21 - SSODL: mtkle - {5DA973E6-4095-4C27-24B6-4D702E0668F1} - C:\WINDOWS\System32\jzjd32.dll (file missing)
O21 - SSODL: 00BFCDEC - {6A9E4964-7253-2533-4B38-0628538A2140} - C:\WINDOWS\System32\Inaahl32.dll (file missing)
O21 - SSODL: mtklef - {779D7003-7F90-4855-ABA2-204BCEBBC59C} - C:\WINDOWS\System32\tcvqd32.dll
O21 - SSODL: mtklefa - {E0F3A11E-1E0E-437E-CBA6-20057CD6E5E7} - C:\WINDOWS\System32\fpwlt32.dll

Click on the fix checked button.

Locate and delete the following bold files(if there).

C:\WINDOWS\System32\AFB2B3B5B6B8.exe
C:\WINDOWS\CheckS02.exe
C:\WINDOWS\sys072084332.exe
C:\windows\system32\qldsregp.exe

C:\WINDOWS\System32\??plorer.exe
C:\WINDOWS\System32\fqxz9h.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\WINDOWS\system32\LMPDPUI.EXE

C:\windows\eee2.exe
C:\WINDOWS\System32\dgfgql.exe
C:\Program Files\Network\ipnetwork.exe
C:\WINDOWS\System32\spytiqwuy.exe

C:\\newname2.exe
mscnsz.exe
C:\WINDOWS\System32\qssrka.exe
winserv32.exe

C:\WINDOWS\SYSTEM32\pwinmrag.exe
C:\WINDOWS\SYSTEM32\dwdsregt.exe
C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
C:\WINDOWS\System32\fjqhm32.dll

C:\WINDOWS\System32\jzjd32.dll
C:\WINDOWS\System32\Inaahl32.dll
C:\WINDOWS\System32\tcvqd32.dll
C:\WINDOWS\System32\fpwlt32.dll

Reboot into normal mode and turn system restore back on.

Download AVG free and Zonealarm free from HERE and HERE.

Disconnect from the internet and uninstall your McAfee programme.

Install Zonealarm, followed by AVG free. Reconnect to the net and run the AVG updates.

Do a full system scan with AVG. Delete anything it finds.

Regards Howard

 

[Sienna]

howard_hopkinso,

I didn't realize my system was that bad!

I followed all of those steps. Everything was fine until I installed AVG and Zonealarm. For some reason everytime I tried to connect to the internet, my computer would just shut down and say that I should uninstall any software that was recently installed. So I uninstalled both of them and I am now able to connect to the internet.

Maybe I have too many things installed in my computer?

 

[howard_hopkinso]

You deffinitely need an antivirus programme and a firewall, otherwise your system will be reinfected in no time.

I suspect that it was Zonealarm that caused your shutdown problem. it is a known issue with some systems configurations.

Reinstall AVG ASAP and after running the AVG updates, do a full system scan.

As for a firewall try this one HERE.

Regards Howard