Results 1 to 10 of 10
  1. #1
    Big D
    Guest

    Default Google/Yahoo Problems

    When I try to access the Google Website, a screen comes up after 30 seconds saying that website can't be displayed. Similarly, I can get onto the Yahoo website but cannot use the search bar - everything is unable to be displayed. Other search engines like Dogpile work fine.

    Any suggestions on how I can correct whatever problem I have?

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Post a hijackthis log....

    Please Download hijackthis from

    http://computercops.biz/zx/phoenix22/hijackthis.zip

    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    After the scan has finished the "scan" button will turn into a "save log" button

    save the log file and paste it here

    Do not delete anything yet, as most things hijackthis finds are harmless and needed.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Guest

    Default

    As instructed, I downloaded Hijackthis and ran the scan. Below is what appeared as a result. Any suggestions as to what I can do to correct my problem?

    Logfile of HijackThis v1.98.0
    Scan saved at 10:00:00 PM, on 8/16/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\SYSTEM~1\soap.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Intuit\QuickBooks Basic\qbw32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\Dwayne\LOCALS~1\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdcanadatrust.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdcanadatrust.com
    F0 - system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
    O1 - Hosts: 127.127.127.127 elite
    O1 - Hosts: 64.191.95.139 www.google.com
    O1 - Hosts: 64.191.95.139 google.com
    O1 - Hosts: 64.191.95.139 www.altavista.com
    O1 - Hosts: 64.191.95.139 altavista.com
    O1 - Hosts: 64.191.95.139 search.yahoo.com
    O1 - Hosts: 64.191.95.139 uk.search.yahoo.com
    O1 - Hosts: 64.191.95.139 ca.search.yahoo.com
    O1 - Hosts: 64.191.95.139 jp.search.yahoo.com
    O1 - Hosts: 64.191.95.139 au.search.yahoo.com
    O1 - Hosts: 64.191.95.139 de.search.yahoo.com
    O1 - Hosts: 64.191.95.139 search.yahoo.co.jp
    O1 - Hosts: 64.191.95.139 www.lycos.de
    O1 - Hosts: 64.191.95.139 www.lycos.ca
    O1 - Hosts: 64.191.95.139 www.lycos.jp
    O1 - Hosts: 64.191.95.139 www.lycos.co.jp
    O1 - Hosts: 64.191.95.139 alltheweb.com
    O1 - Hosts: 64.191.95.139 web.ask.com
    O1 - Hosts: 64.191.95.139 ask.com
    O1 - Hosts: 64.191.95.139 www.ask.com
    O1 - Hosts: 64.191.95.139 www.teoma.com
    O1 - Hosts: 64.191.95.139 search.aol.com
    O1 - Hosts: 64.191.95.139 www.looksmart.com
    O1 - Hosts: 64.191.95.139 search.msn.com
    O1 - Hosts: 64.191.95.139 ca.search.msn.com
    O1 - Hosts: 64.191.95.139 fr.ca.search.msn.com
    O1 - Hosts: 64.191.95.139 search.fr.msn.be
    O1 - Hosts: 64.191.95.139 search.fr.msn.ch
    O1 - Hosts: 64.191.95.139 search.latam.yupimsn.com
    O1 - Hosts: 64.191.95.139 search.msn.at
    O1 - Hosts: 64.191.95.139 search.msn.be
    O1 - Hosts: 64.191.95.139 search.msn.ch
    O1 - Hosts: 64.191.95.139 search.msn.co.in
    O1 - Hosts: 64.191.95.139 search.msn.co.jp
    O1 - Hosts: 64.191.95.139 search.msn.co.kr
    O1 - Hosts: 64.191.95.139 search.msn.com.br
    O1 - Hosts: 64.191.95.139 search.msn.com.hk
    O1 - Hosts: 64.191.95.139 search.msn.com.my
    O1 - Hosts: 64.191.95.139 search.msn.com.sg
    O1 - Hosts: 64.191.95.139 search.msn.com.tw
    O1 - Hosts: 64.191.95.139 search.msn.co.za
    O1 - Hosts: 64.191.95.139 search.msn.de
    O1 - Hosts: 64.191.95.139 search.msn.dk
    O1 - Hosts: 64.191.95.139 search.msn.es
    O1 - Hosts: 64.191.95.139 search.msn.fi
    O1 - Hosts: 64.191.95.139 search.msn.fr
    O1 - Hosts: 64.191.95.139 search.msn.it
    O1 - Hosts: 64.191.95.139 search.msn.nl
    O1 - Hosts: 64.191.95.139 search.msn.no
    O1 - Hosts: 64.191.95.139 search.msn.se
    O1 - Hosts: 64.191.95.139 search.ninemsn.com.au
    O1 - Hosts: 64.191.95.139 search.t1msn.com.mx
    O1 - Hosts: 64.191.95.139 search.xtramsn.co.nz
    O1 - Hosts: 64.191.95.139 search.yupimsn.com
    O1 - Hosts: 64.191.95.139 uk.search.msn.com
    O1 - Hosts: 64.191.95.139 search.lycos.com
    O1 - Hosts: 64.191.95.139 www.lycos.com
    O1 - Hosts: 64.191.95.139 www.google.ca
    O1 - Hosts: 64.191.95.139 google.ca
    O1 - Hosts: 64.191.95.139 www.google.uk
    O1 - Hosts: 64.191.95.139 www.google.co.uk
    O1 - Hosts: 64.191.95.139 www.google.com.au
    O1 - Hosts: 64.191.95.139 www.google.co.jp
    O1 - Hosts: 64.191.95.139 www.google.jp
    O1 - Hosts: 64.191.95.139 www.google.com.ar
    O1 - Hosts: 64.191.95.139 www.google.at
    O1 - Hosts: 64.191.95.139 www.google.be
    O1 - Hosts: 64.191.95.139 www.google.bi
    O1 - Hosts: 64.191.95.139 www.google.com.br
    O1 - Hosts: 64.191.95.139 www.google.cd
    O1 - Hosts: 64.191.95.139 www.google.cg
    O1 - Hosts: 64.191.95.139 www.google.ch
    O1 - Hosts: 64.191.95.139 www.google.cl
    O1 - Hosts: 64.191.95.139 www.google.com.co
    O1 - Hosts: 64.191.95.139 www.google.co.cr
    O1 - Hosts: 64.191.95.139 www.google.de
    O1 - Hosts: 64.191.95.139 www.google.dk
    O1 - Hosts: 64.191.95.139 www.google.com.do
    O1 - Hosts: 64.191.95.139 www.google.fi
    O1 - Hosts: 64.191.95.139 www.google.fm
    O1 - Hosts: 64.191.95.139 www.google.fr
    O1 - Hosts: 64.191.95.139 www.google.gl
    O1 - Hosts: 64.191.95.139 www.google.gm
    O1 - Hosts: 64.191.95.139 www.google.com.gr
    O1 - Hosts: 64.191.95.139 www.google.com.hk
    O1 - Hosts: 64.191.95.139 www.google.hn
    O1 - Hosts: 64.191.95.139 www.google.co.hu
    O1 - Hosts: 64.191.95.139 www.google.ie
    O1 - Hosts: 64.191.95.139 www.google.co.il
    O1 - Hosts: 64.191.95.139 www.google.it
    O1 - Hosts: 64.191.95.139 www.google.co.kr
    O1 - Hosts: 64.191.95.139 www.google.kz
    O1 - Hosts: 64.191.95.139 www.google.li
    O1 - Hosts: 64.191.95.139 www.google.lu
    O1 - Hosts: 64.191.95.139 www.google.lt
    O1 - Hosts: 64.191.95.139 www.google.lv
    O1 - Hosts: 64.191.95.139 www.google.ms
    O1 - Hosts: 64.191.95.139 www.google.com.mx
    O1 - Hosts: 64.191.95.139 www.google.nl
    O1 - Hosts: 64.191.95.139 www.google.co.nz
    O1 - Hosts: 64.191.95.139 www.google.pl
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - https://www.cbs.gov.on.ca/obra/forms...se/FormCtl.cab
    O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/neta.../custappx3.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/181fbeba92dc908...p/RdxIE601.cab
    O16 - DPF: {94B6A838-7EA3-4C3C-B768-D260DDD685B6} (GetFQDN.ctlTrace) - http://www.rogershelp.com/help/conte...rk/getfqdn.cab

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    You have the Q-HOSTS trojan ....

    Look at the O1 entries ... each url you see there is being blocked...

    http://securityresponse.symantec.com...an.qhosts.html

    Install the Patch....
    http://www.microsoft.com/technet/tre...n/MS03-040.asp

    Run this Removal tool....
    http://securityresponse.symantec.com...oval.tool.html

    THEN

    Do a free on-line virus scan here :-

    Panda Activescan<<<< click here

    and here :-

    Houscall<<<< click here

    Do both scans

    Delete all infected files found ... if houscall lists them as uncleanable ... click the "delete" button.

    THEN

    post a new log and we'll clean up anything that's left

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Guest

    Default

    Thank you for responding to my problem. I followed the instructions given to the letter. The Trojan.Qhosts removal tool did not detect any viruses. After running the Housecall scan I did have one file show up as uncleanable which I deleted. The other scan tool did not work for me after multiple times trying to initiate it - the computer simply froze.

    As requested, I ran a new log which is as follows - which quite does not mean a whole lot to me - are there any other suggestions as to what I can do to rectify my problem? Thanks again for any and all advice you can offer.....

    Logfile of HijackThis v1.98.0
    Scan saved at 6:51:46 PM, on 8/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\SYSTEM~1\soap.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\Dwayne\LOCALS~1\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdcanadatrust.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdcanadatrust.com
    F0 - system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
    O1 - Hosts: 127.127.127.127 elite
    O1 - Hosts: 64.191.95.139 www.google.com
    O1 - Hosts: 64.191.95.139 google.com
    O1 - Hosts: 64.191.95.139 www.altavista.com
    O1 - Hosts: 64.191.95.139 altavista.com
    O1 - Hosts: 64.191.95.139 search.yahoo.com
    O1 - Hosts: 64.191.95.139 uk.search.yahoo.com
    O1 - Hosts: 64.191.95.139 ca.search.yahoo.com
    O1 - Hosts: 64.191.95.139 jp.search.yahoo.com
    O1 - Hosts: 64.191.95.139 au.search.yahoo.com
    O1 - Hosts: 64.191.95.139 de.search.yahoo.com
    O1 - Hosts: 64.191.95.139 search.yahoo.co.jp
    O1 - Hosts: 64.191.95.139 www.lycos.de
    O1 - Hosts: 64.191.95.139 www.lycos.ca
    O1 - Hosts: 64.191.95.139 www.lycos.jp
    O1 - Hosts: 64.191.95.139 www.lycos.co.jp
    O1 - Hosts: 64.191.95.139 alltheweb.com
    O1 - Hosts: 64.191.95.139 web.ask.com
    O1 - Hosts: 64.191.95.139 ask.com
    O1 - Hosts: 64.191.95.139 www.ask.com
    O1 - Hosts: 64.191.95.139 www.teoma.com
    O1 - Hosts: 64.191.95.139 search.aol.com
    O1 - Hosts: 64.191.95.139 www.looksmart.com
    O1 - Hosts: 64.191.95.139 search.msn.com
    O1 - Hosts: 64.191.95.139 ca.search.msn.com
    O1 - Hosts: 64.191.95.139 fr.ca.search.msn.com
    O1 - Hosts: 64.191.95.139 search.fr.msn.be
    O1 - Hosts: 64.191.95.139 search.fr.msn.ch
    O1 - Hosts: 64.191.95.139 search.latam.yupimsn.com
    O1 - Hosts: 64.191.95.139 search.msn.at
    O1 - Hosts: 64.191.95.139 search.msn.be
    O1 - Hosts: 64.191.95.139 search.msn.ch
    O1 - Hosts: 64.191.95.139 search.msn.co.in
    O1 - Hosts: 64.191.95.139 search.msn.co.jp
    O1 - Hosts: 64.191.95.139 search.msn.co.kr
    O1 - Hosts: 64.191.95.139 search.msn.com.br
    O1 - Hosts: 64.191.95.139 search.msn.com.hk
    O1 - Hosts: 64.191.95.139 search.msn.com.my
    O1 - Hosts: 64.191.95.139 search.msn.com.sg
    O1 - Hosts: 64.191.95.139 search.msn.com.tw
    O1 - Hosts: 64.191.95.139 search.msn.co.za
    O1 - Hosts: 64.191.95.139 search.msn.de
    O1 - Hosts: 64.191.95.139 search.msn.dk
    O1 - Hosts: 64.191.95.139 search.msn.es
    O1 - Hosts: 64.191.95.139 search.msn.fi
    O1 - Hosts: 64.191.95.139 search.msn.fr
    O1 - Hosts: 64.191.95.139 search.msn.it
    O1 - Hosts: 64.191.95.139 search.msn.nl
    O1 - Hosts: 64.191.95.139 search.msn.no
    O1 - Hosts: 64.191.95.139 search.msn.se
    O1 - Hosts: 64.191.95.139 search.ninemsn.com.au
    O1 - Hosts: 64.191.95.139 search.t1msn.com.mx
    O1 - Hosts: 64.191.95.139 search.xtramsn.co.nz
    O1 - Hosts: 64.191.95.139 search.yupimsn.com
    O1 - Hosts: 64.191.95.139 uk.search.msn.com
    O1 - Hosts: 64.191.95.139 search.lycos.com
    O1 - Hosts: 64.191.95.139 www.lycos.com
    O1 - Hosts: 64.191.95.139 www.google.ca
    O1 - Hosts: 64.191.95.139 google.ca
    O1 - Hosts: 64.191.95.139 www.google.uk
    O1 - Hosts: 64.191.95.139 www.google.co.uk
    O1 - Hosts: 64.191.95.139 www.google.com.au
    O1 - Hosts: 64.191.95.139 www.google.co.jp
    O1 - Hosts: 64.191.95.139 www.google.jp
    O1 - Hosts: 64.191.95.139 www.google.com.ar
    O1 - Hosts: 64.191.95.139 www.google.at
    O1 - Hosts: 64.191.95.139 www.google.be
    O1 - Hosts: 64.191.95.139 www.google.bi
    O1 - Hosts: 64.191.95.139 www.google.com.br
    O1 - Hosts: 64.191.95.139 www.google.cd
    O1 - Hosts: 64.191.95.139 www.google.cg
    O1 - Hosts: 64.191.95.139 www.google.ch
    O1 - Hosts: 64.191.95.139 www.google.cl
    O1 - Hosts: 64.191.95.139 www.google.com.co
    O1 - Hosts: 64.191.95.139 www.google.co.cr
    O1 - Hosts: 64.191.95.139 www.google.de
    O1 - Hosts: 64.191.95.139 www.google.dk
    O1 - Hosts: 64.191.95.139 www.google.com.do
    O1 - Hosts: 64.191.95.139 www.google.fi
    O1 - Hosts: 64.191.95.139 www.google.fm
    O1 - Hosts: 64.191.95.139 www.google.fr
    O1 - Hosts: 64.191.95.139 www.google.gl
    O1 - Hosts: 64.191.95.139 www.google.gm
    O1 - Hosts: 64.191.95.139 www.google.com.gr
    O1 - Hosts: 64.191.95.139 www.google.com.hk
    O1 - Hosts: 64.191.95.139 www.google.hn
    O1 - Hosts: 64.191.95.139 www.google.co.hu
    O1 - Hosts: 64.191.95.139 www.google.ie
    O1 - Hosts: 64.191.95.139 www.google.co.il
    O1 - Hosts: 64.191.95.139 www.google.it
    O1 - Hosts: 64.191.95.139 www.google.co.kr
    O1 - Hosts: 64.191.95.139 www.google.kz
    O1 - Hosts: 64.191.95.139 www.google.li
    O1 - Hosts: 64.191.95.139 www.google.lu
    O1 - Hosts: 64.191.95.139 www.google.lt
    O1 - Hosts: 64.191.95.139 www.google.lv
    O1 - Hosts: 64.191.95.139 www.google.ms
    O1 - Hosts: 64.191.95.139 www.google.com.mx
    O1 - Hosts: 64.191.95.139 www.google.nl
    O1 - Hosts: 64.191.95.139 www.google.co.nz
    O1 - Hosts: 64.191.95.139 www.google.pl
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - https://www.cbs.gov.on.ca/obra/forms...se/FormCtl.cab
    O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/neta.../custappx3.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/181fbeba92dc908...p/RdxIE601.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {94B6A838-7EA3-4C3C-B768-D260DDD685B6} (GetFQDN.ctlTrace) - http://www.rogershelp.com/help/conte...rk/getfqdn.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    There are several different versions of the q-host trojan...

    Before we clean your computer please read this first :-

    Do you have or have you had Kazaa installed on your computer ?

    This is my "canned" sermon...for Kazaa... if you no longer have it, some of it wont apply to you.

    If you have any concern at all for the security of your computer, you should uninstall Kazaa now

    It is the source of all your problems, now and in the future.....

    Read this about all the malware it contains......and malware/ spyware free alternatives.

    http://forums.winamp.com/showthread.php?threadid=64964

    Should you then decide to get rid of Kazaa....... do this.....

    Uninstall Kazaa from Add/remove programs in control panel....

    Do the same with P2P Networking .... it's a useless Kazaa add on that's been proven to slow down systems.......... If/when asked whether you also want to remove Altnet components, say 'Yes'

    Warning...Before running Kazaabegone Save any music files etc, thet you have in Kazaa shared folders ... once you run Kazaabegone ... these will be lost forever

    If you have removed Kazaa from your computer....run this program as well... kazaabegone <<< Click here it will remove all the rubbish left behind by the Kazaa uninstall.

    ---------------------
    That said.....

    Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-


    ALL the O1 - Hosts: entries in your log

    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/181fbeba92dc908...p/RdxIE601.cab


    Reboot then delete the following files (if found) :-

    C:\Program Files\MyWay ... folder

    C:\WINDOWS\System32\P2P Networking ... folder

    THEN

    Find youe hosts file ... it should be here :-

    C:\WINDOWS\SYSTEM32\DRIVERS\ETC

    open it in notepad, copy the contents and past them here...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Guest

    Default

    Thanks for your reply.

    Once again, all steps were followed in sequence. The hosts file that you wanted copied and pasted follows....Is this what you needed?

    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost


    Thanks again for any additional assistance you can provide....!

    Sincerely appreciative......Big D.

  8. #8
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Your hosts file looks ok now... are you still having problems ?

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  9. #9
    Guest

    Default

    I now appear to have full access to both of those sites.

    Your advice and assistance were fantastic.

    My sincere appreciation and thanks!!

    Big D

  10. #10
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi Big D

    You're very welcome

    Now do yourself a favour ... download and install these 3 programs :-

    1. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
    2. SpywareGuard: http://www.wilderssecurity.net/spywareguard.html
    3. IE/Spyad: https://netfiles.uiuc.edu/ehowes/www/resource.htm

    Along with an anti-virus program and a firewall

    Theses will go a long way towards helping to keep your computer clean and safe.

    steam

    Thread solved ... [/thread]
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -