| View previous topic :: View next topic |
| Author |
Message |
shaundurnan
Guest
IP: 62.189.*.*
|
 Posted: Sun Nov 23, 2003 6:11 pm Post subject: qrsrv.net hijacking my browsers |
|
|
I am a new member
I saw a item on qrsrv.net, unfortunatly the fix doesn't work for me.
It effects both Netscape 7.1 and IE 6.0 with all updates
I need help, please
Thanks in Advance
Shaun
following is the Hijack This log
Logfile of HijackThis v1.97.7
Scan saved at 18:25:35, on 23/11/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\pssvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\gearsec.exe
C:\WINNT\System32\Hummbird\inetd32.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINNT\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Cadence VPN\Extranet_serv.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\sally\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: SMapplet - https://www.nwolb.co.uk/nwol/rbs_html/classes/SMapplet.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37627.6300578704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EF21D3C-724B-4C84-9287-BC3F1CBD1143}: NameServer = 158.152.1.43 158.152.1.58
O17 - HKLM\System\CCS\Services\Tcpip\..\{A64AF9BA-2848-4728-B9DB-923D2F89254A}: NameServer = 158.140.182.5,158.140.128.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2C38567-748C-4A76-9187-F04F3BDDDF73}: NameServer = 158.152.1.43,158.152.1.58
|
|
| Back to top |
|
 |
TonyKlein
Site Moderator
Microsoft MVP
Joined: Oct 15, 2002
Posts: 13120
Location: Netherlands
|
| Posted: Sun Nov 23, 2003 6:25 pm Post subject: |
|
|
It's a pretty clean log. As you're referring to qrsrv.net, this is probably about cookies.
Read this first:
The Unofficial Cookie FAQ
Now, in comparison to "real" spyware, cookies really are harmless.
You could put sites you don't want to receive cookies from in the Restricted Zones (Internet Options/Security), or install a dedicated cookie manager like for example Cookie Pal or Cookie Wall, which will allow you to differentiate between cookies you always want to allow, and the ones you always want to block.
You can also use the Internet Options Privacy tab to do that:
Go to the Privacy Tab > Advanced, and check "override automatic cookie handling".
Now set "first party cookies" to 'prompt' , and "third party cookies" to 'block', and not a single cookie will be installed without your express approval.
How to Manage Cookies in Internet Explorer 6
Good luck,
_________________
Tony  CLSID List
|
|
| Back to top |
|
|
shaundurnan
Guest
IP: 62.189.*.*
|
| Posted: Sun Nov 23, 2003 7:18 pm Post subject: |
|
|
Thanks Tony,
or shoudl I say Bedankt
I speak a little dutch
with netscape, I went and cleaned out all my cookies
and started again, 7.1 let you have good control over them.
I also ran pest patrol and norton antivirus for safety sake.
what I am seeing is that when I try to go to certain sites I get the message
"The connection is refused when attempting to contact www.qksrv.net"
IE just says page can't be displayed
it is most annoying as I can't get to that link
the hyper link, on the parent page , contains the qrsrv .net, at least in my browsers
Can I get rid of this by reinstalling netscape and IE
Thanks
Shaun
|
|
| Back to top |
|
|
shaundurnan
Guest
IP: 62.189.*.*
|
| Posted: Sun Nov 23, 2003 7:19 pm Post subject: |
|
|
I also run cookie patrol
Shaun
|
|
| Back to top |
|
|
IP: 62.49.*.*
Guest
|
| Posted: Sun Nov 23, 2003 7:25 pm Post subject: |
|
|
just realise it is qksrv not qrsrv as first mentioned
Thanks
Shaun
|
|
| Back to top |
|
|
TonyKlein
Site Moderator
Microsoft MVP
Joined: Oct 15, 2002
Posts: 13120
Location: Netherlands
|
| Posted: Sun Nov 23, 2003 7:28 pm Post subject: |
|
|
Sounds like something is indeed blocking access to that site, which is something you'd want to do. Do you have an application blocking access to ad sites? I don't recognize that particular error message.
_________________
Tony CLSID List
|
|
| Back to top |
|
|
TonyKlein
Site Moderator
Microsoft MVP
Joined: Oct 15, 2002
Posts: 13120
Location: Netherlands
|
| Posted: Sun Nov 23, 2003 7:30 pm Post subject: |
|
|
... or do you have that site in your Hosts File, in the Internet Options restricted zone, etcetera...
I've never used Netscape, so I'm afraid I can't help you there.
|
|
| Back to top |
|
|
shaundurnan
Cadet
Joined: Nov 23, 2003
Posts: 1
Location: UK
|
| Posted: Mon Nov 24, 2003 5:54 pm Post subject: |
|
|
Thanks Tony
I did indeed have the site in my host file
set to 127.0.0.1 localhost
what would normally do that for me ?
Thanks again, you were a great help
Shaun
|
|
| Back to top |
|
|
TonyKlein
Site Moderator
Microsoft MVP
Joined: Oct 15, 2002
Posts: 13120
Location: Netherlands
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
