• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0

Hijacked!!! Please Help!

9 posts in this topic

I have run Ad-aware 6.0, Spybot, Trojan Hunter, Hijackthis, cwshredder, several times each, and I have not been able to get rid of the following problems:


1. My home page is repeatedly reset to the following address: res://qwvtn.dll/index.html#37049


2. I get pop ups for Home Search, Lookfor.cc and Search-to-find, especially when I run a search on Google.


My logfile from Hijackthis is below. I'd greatly appreciate any help that you can provide. Many Thanks.






Logfile of HijackThis v1.97.7

Scan saved at 10:38:51 PM, on 6/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:











C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe


C:\Program Files\Norton AntiVirus\navapsvc.exe





C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe


C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\McAfee\QuickClean\Plguni.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\QuickTime\qttask.exe

c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\iTunes\iTunesHelper.exe



C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe


C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe


C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 28 for hijackthis.zip\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qwvtn.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://qwvtn.dll/index.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://qwvtn.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qwvtn.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://qwvtn.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qwvtn.dll/sp.html#37049

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FC8A44C7-1BDB-6F6E-B17E-626C67C424F9} - C:\WINDOWS\netko.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [blockTracker] c:\hp\bin\BlockTracker.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe


O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe


O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [zunsjeksqzjrg] C:\WINDOWS\System32\oibsmo.exe

O4 - HKLM\..\Run: [sysom.exe] C:\WINDOWS\system32\sysom.exe

O4 - HKLM\..\Run: [apptt.exe] C:\WINDOWS\apptt.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03e9adda40040f...ip/RdxIE601.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

Share this post

Link to post
Share on other sites

Looks like a few of us are getting this one. I'm having the same problems, along with this guy:



Anyone have any ideas? I too have tried EVERYTIHNG

Share this post

Link to post
Share on other sites

Hi, I've got the same problem!

home page is reset to the following address: res://puagi.dll/index.html#96676


Also get pop ups for Home Search, Lookfor.cc and Search-to-find.

Have tried all the programs here to remove the thing, but it comes back with another file name!


Anyone got anything new on this? please

Share this post

Link to post
Share on other sites

I am having the same problems. I posted my problem in a thread last night and have yet to get any help. Now that I realize I'm not the only one looking for the answer I feel just slightly better.


Is there a way for all of our problems to be put into one thread? Maybe that confuses matter further, but I just want to be sure I know WHICH post to find the answer in, once the answer is found and posted.


I too am glad to know I'm not the only one with this problem as before this problem I thought my army of 10+ programs was 10 foot tall and bullet proof. Guess not.



Share this post

Link to post
Share on other sites

I have the same problem, only thing is that my home page is always set to "res://yqdxj.dll/index.html#96676". Even when I change the home page on my own, explorer only keeps that home page once, and then it's back to that other homepage. I have ad-aware as well but I haven't been able to solve this problem.

Share this post

Link to post
Share on other sites
I have the same problem, only thing is that my home page is always set to "res://yqdxj.dll/index.html#96676".  Even when I change the home page on my own, explorer only keeps that home page once, and then it's back to that other homepage.  I have ad-aware as well but I haven't been able to solve this problem.

Same here. "Home Search" is the thing. Not quite sure how it got there, but my brother seems to think he may have accidentally clicked on something.


The homepage address in IE comes up as: res://befqx.dll/index.html#96676


And however many times I 'remove' it, be it with Hijack This, Ad Aware, Spybot etc.... it just respawns the next time I open IE. I run the programs again, they detect it again, it returns after the supposed deletion. Repeat Ad Naseum. Really getting to the end of my tether with it now.

Edited by TheThinWhiteDuke

Share this post

Link to post
Share on other sites

Okay, I've just tried something and it seems to have wiped the ****er out - I simply did a system restore from an automatic checkpoint that was put down three days ago (I'd never even entered system restore before since buying this HD a month ago).


Didn't think it would work, but the piece of shit seems to have been vanquished. Hopefully it won't pop up again and I remain cautious about proclaiming my computer totally free of it, but it hasn't appeared at all since the system restore, and I opened IE about 20 different times just to check.


Well worth trying as far as I'm concerned.

Edited by cnm

Share this post

Link to post
Share on other sites

Your browser hijack is being driven by a virus or trojan. If you delete the

randomly named dll then after rebooting a new one will be created. You

need some good anti-virus software with the latest data files. Delete the

virus then get rid of the hijack. If your anti-virus software doesn't find anything

then its not good enough.

I had an about:blank hijack which kept returning. Running McAfee with the

latest virus definitions found MhtRedir.gen and StartPage-DU. After these

were deleted I used hijackthis to remove the hijack and it has not returned.



Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0