The quartz32.dll released by roogoo allows the browser to continuously pop up the advertisement window

EndurerOriginal
1Version

Some netizens reported that no matter which browser is used to access the Internet, a strange web page is always displayed and everything is available. In addition, when you open a web page, the web page does not pop up when you open a browser. After a while, a blank page sometimes pops up.

Use hijackthis to scan logs and find the following suspicious items:
/---------
O1-hosts: 127.20.255 serial.alcohol-soft.com
O1-hosts: 127.20.255 www.alcohol-soft.com
O1-hosts: 127.20.255 images.alcohol-soft.com

O2-BHO: (No Name)-{A5366673-E8CA-11D3-9CD9-0090271D075B}-(no file)

O2-BHO: (No Name)-{A9930D97-9CF0-42A0-A10D-4F28836579D5}-C:/progra ~ 1/kugoo3/kugoo3 ~ 1. ocx (file missing)

O6-hkcu/software/policies/Microsoft/Internet Explorer/restrictions present

O6-hkcu/software/policies/Microsoft/Internet Explorer/Control Panel present

O6-HKLM/software/policies/Microsoft/Internet Explorer/restrictions present

O10-unknown file in Winsock LSP: C:/Windows/system32/quartz32.dll
O10-unknown file in Winsock LSP: C:/Windows/system32/quartz32.dll

O16-DPF: {18f57d30-ef36-4c0e-9343-7bfa6df79b4a} (xlink class)-http://active.micr0media.com/swflash.CAB

O16-DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab)-http://www.systemrequirementslab.com/sysreqlab.cab

O21-ssodl: wpdshserviceobj-{AAA288BA-9A4C-45B0-95D7-94D524869DB5}-C:/Windows/system32/wpdshserviceobj. dll
---------/

Repair suggestions:

Download lspfix from the http://endurer.ys168.com.
Download winsockxpfix from http://www.miisoft.com/soft/22/2006/20060817014.html.

You can refer to the following repair methods:
[System repair series] basic operation index
Http://endurer.blogchina.com/2591241.html

Restart your computer to safe Mode

Set the system to display all files and folders without hiding the known file type extension.

Find the following files:

C:/Windows/system32/quartz32.dll
C:/Windows/system32/wpdshserviceobj. dll

The files found with compression software (such as WinRAR, WinZip) Packaging backup, after all the repair work is completed, the compressed package as an e-mail attachment to the endurer@163.com.

Close all folder and Viewer window, run the lspfix.exe file, select the option "I know what I'm doing", move the quartz32.dll file in the left window to the right window (do not move other files), and select "finish ".

Close all browser windows and folder windows, use hijackthis scan again, check the items that are recommended to be repaired in the preceding column, and click [Fix] (fix) (If you know that something is safe, you can leave it alone ).

For:

/---------
O21-ssodl: wpdshserviceobj-{AAA288BA-9A4C-45B0-95D7-94D524869DB5}-C:/Windows/system32/wpdshserviceobj. dll
---------/

Wpdshserviceobj. dll is probably a file of Windows Media Player (WMP) 11.

If the WMP in the computer does not work properly after the repair, you can recover it from hijackthis.
Or uninstall and reinstall wmp11.

Clear temporary ie folders

Restart your computer to go to Windows. If the Internet cannot open the webpage,

Go to control panel-> network and dial-out link-> write down current network connection settings-> delete current network connection
Restart the computer.
Go to control panel again-> network and dial-out link-> rebuild network connection

You can also run winsockxpfix to fix it.

After receiving the file quartz32.dll from a netizen, I analyzed it briefly:

Quartz32.dll is an advertisement program released by roogoo.

The ie-related items in the Registry are modified.

Pop-up:
Hxxp: // show.roogoo.com/
Hxxp: // show.googleadsenseagent.com
Hxxp: // ads.roogoo.com
Such as advertising web pages.