• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
qbichon

Hijacker keeps coming Back

2 posts in this topic

I canot get rid of this scumbag. I have scanned with spybot and ad-aware. Both of these cannot get rid of the pest. In my IE options Home page it always reverts to (res://vupgr.dll/index.html#96676) and before I scanned the address read (res://qcred.dll/index.html#96676). The scans also come up with *.exe files in my windows/system32 that I cannot delete and neither can spybot or ad-aware. I have tried renaming these files but nothing. It seems that every time I open IE, my registries change or they tried according to spybot as I am constantly declining the changes through spybot warnings. Below is hijackthis log.

 

Logfile of HijackThis v1.97.7

Scan saved at 1:02:47 PM, on 6/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Ontrack\Internet Cleanup\icserv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\crno.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\essspk.exe

C:\WINDOWS\Dit.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\winry32.exe

C:\Program Files\FoneSync 4.0\FoneSyncSystemTray.Exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\DitExp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\JESSE\My Documents\My Iternet\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vupgr.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vupgr.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vupgr.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vupgr.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vupgr.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vupgr.dll/sp.html#96676

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joi Internet

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {15E5E5EB-E087-EF0F-B31A-9BD0E10CEB7B} - C:\WINDOWS\system32\netft.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [winry32.exe] C:\WINDOWS\system32\winry32.exe

O4 - HKCU\..\Run: [FoneSyncSystemTray] "C:\Program Files\FoneSync 4.0\FoneSyncSystemTray.Exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B4F8086C-413B-46F5-8E23-B7B07834A1F3}: NameServer = 170.147.45.175 170.147.113.54

 

:eek:

Share this post


Link to post
Share on other sites

this worked for me. download spywareblaster v1.3 from www.javacoolsoftware.com. click on tools then browser settings. delete the crap and put your own back in. then download inernet explorer Q831167 update from

microsoft updates and install. run adaware,spybot and CWShredder. on adaware custom settings set to deep scan registry, c drive and ie favorites. do all this in one action cos if you stop the bad stuff will reset itself. cant guarantee this will work for you but when i did it the explorer patch replaced the default, home and start pages to clean ones and they stayed there. good luck. :thumbsup:

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0