Tech Support Forum - View Single Post - Zeno, Adware-Look2Me, Qoolaid

sUBs · 03-01-2006, 03:09 PM

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

* * * * * *

Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:

Surf Sidekick 3

It may prompt about whether or not you are sure you want to remove this program. Reply Yes to this prompt. It will then uninstall the program.

If there is no Add/Remove Programs entry for this programs, click on Start, then Run and type the following in the Open: field:

C:\Program Files\SurfSideKick 3\Ssk.exe /u

and press the OK button.

A code will be displayed that it will ask you to enter. Enter this code and reboot. Once back to your desktop continue with the rest of the fix.

* * * * * * DISABLING SERVICES * * * * * * * * * * * * * * * * *

Click Start -> Run - type SERVICES.MSC & then click on the OK button

Locate the service - Command Service (cmdService)
Double-click on it to open the Properties dialog.
- Change the Startup type to Disabled & then click on the Apply button
- Stop the service by using the Stop button.
Then start HiJackThis & go to Config... -> Misc.Tools -> Delete an NT service
In the popup box that appears, copy/paste cmdService
Click on the OK button & answer No if prompted to reboot

Repeat steps 1-5 for these other services :-

hoiiyaf
Network Monitor

* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *

Do a HijackThis scan & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [winsysupd] C:\\winsysupd12.exe
O4 - HKLM\..\Run: [winsysban] C:\\winsysban12.exe
O4 - HKLM\..\Run: [gimmygames] c:\\gimmygames12.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [sys09346471615] C:\WINDOWS\sys09346471615.exe
O4 - HKLM\..\Run: [pzhmbc] C:\WINDOWS\system32\pzhmbc.exe
O4 - HKLM\..\Run: [kwugsc] C:\WINDOWS\system32\kwugsc.exe
O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64
O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\system32\guarnset.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\mwinrrai.exe CORN001
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\mwinrrai.exe
O20 - AppInit_DLLs: repairs303169536.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\h60qlgd5160.dll (file missing)

* * * * * *

Download & SAVE ON DESKTOP, the file attached - fix.zip

** It's important that the file must be saved to Desktop

From within it, double-click on fix.exe & allow it to run
It shall reboot your computer automatically & present you with a log which you should post back here. Also post a fresh HJT log

03-01-2006, 03:09 PM	#4 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. * * * * * * Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs: Surf Sidekick 3 It may prompt about whether or not you are sure you want to remove this program. Reply Yes to this prompt. It will then uninstall the program. If there is no Add/Remove Programs entry for this programs, click on Start, then Run and type the following in the Open: field: C:\Program Files\SurfSideKick 3\Ssk.exe /u and press the OK button. A code will be displayed that it will ask you to enter. Enter this code and reboot. Once back to your desktop continue with the rest of the fix. * * * * * * DISABLING SERVICES * * * * * * * * * * * * * * * * * Click Start -> Run - type SERVICES.MSC & then click on the OK button Locate the service - Command Service (cmdService) Double-click on it to open the Properties dialog. - Change the Startup type to Disabled & then click on the Apply button - Stop the service by using the Stop button. Then start HiJackThis & go to Config... -> Misc.Tools -> Delete an NT service In the popup box that appears, copy/paste cmdService Click on the OK button & answer No if prompted to reboot Repeat steps 1-5 for these other services :- hoiiyaf Network Monitor * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * * Do a HijackThis scan & place a check next to these items and select "Fix checked": R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll O4 - HKLM\..\Run: [winsysupd] C:\\winsysupd12.exe O4 - HKLM\..\Run: [winsysban] C:\\winsysban12.exe O4 - HKLM\..\Run: [gimmygames] c:\\gimmygames12.exe O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe O4 - HKLM\..\Run: [sys09346471615] C:\WINDOWS\sys09346471615.exe O4 - HKLM\..\Run: [pzhmbc] C:\WINDOWS\system32\pzhmbc.exe O4 - HKLM\..\Run: [kwugsc] C:\WINDOWS\system32\kwugsc.exe O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64 O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\system32\guarnset.exe O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\mwinrrai.exe CORN001 O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\mwinrrai.exe O20 - AppInit_DLLs: repairs303169536.dll O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\h60qlgd5160.dll (file missing) * * * * * * Download & SAVE ON DESKTOP, the file attached - fix.zip It's important that the file must be saved to Desktop From within it, double-click on fix.exe** & allow it to run It shall reboot your computer automatically & present you with a log which you should post back here. Also post a fresh HJT log __________________ Question - what have you done for the community today? Last edited by sUBs; 03-02-2006 at 11:38 AM.