[Resolved] cannot use search engines

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

robnshan

Thread Starter
Joined
Oct 2, 2003
Messages
5
Hello,

I had the "internet Optimizer" on my computer. I ran ad aware and deleted all the reference to money/DfLy... Anyhow, I also deleted the folder with internet optimizer in it. Now, I cannot use any search engines to search on the web. When I type a URL, no problem. Only trying to search. Here is a copy of my hijack this file after ad aware was run. I seem to have a lot of host files but do not know how to take care of this. I need step by step instructions. Anything else you see hindering me, please let me know.

Thanks in advance

Rob

Logfile of HijackThis v1.97.2
Scan saved at 10:04:19 AM, on 10/4/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\IVASION\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\SAITEK\SAITEK GAMING EXTENSIONS\SAICNFIG.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\OLD HARD DRIVE\MY DOCUMENTS\DOWNLOADS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 127.127.127.127 elite
O1 - Hosts: 207.44.194.56 www.google.com
O1 - Hosts: 207.44.194.56 google.com
O1 - Hosts: 207.44.194.56 www.altavista.com
O1 - Hosts: 207.44.194.56 altavista.com
O1 - Hosts: 207.44.194.56 search.yahoo.com
O1 - Hosts: 207.44.194.56 uk.search.yahoo.com
O1 - Hosts: 207.44.194.56 ca.search.yahoo.com
O1 - Hosts: 207.44.194.56 jp.search.yahoo.com
O1 - Hosts: 207.44.194.56 au.search.yahoo.com
O1 - Hosts: 207.44.194.56 de.search.yahoo.com
O1 - Hosts: 207.44.194.56 search.yahoo.co.jp
O1 - Hosts: 207.44.194.56 www.lycos.de
O1 - Hosts: 207.44.194.56 www.lycos.ca
O1 - Hosts: 207.44.194.56 www.lycos.jp
O1 - Hosts: 207.44.194.56 www.lycos.co.jp
O1 - Hosts: 207.44.194.56 alltheweb.com
O1 - Hosts: 207.44.194.56 web.ask.com
O1 - Hosts: 207.44.194.56 ask.com
O1 - Hosts: 207.44.194.56 www.ask.com
O1 - Hosts: 207.44.194.56 www.teoma.com
O1 - Hosts: 207.44.194.56 search.aol.com
O1 - Hosts: 207.44.194.56 www.looksmart.com
O1 - Hosts: 207.44.194.56 search.msn.com
O1 - Hosts: 207.44.194.56 auto.search.msn.com
O1 - Hosts: 207.44.194.56 ca.search.msn.com
O1 - Hosts: 207.44.194.56 fr.ca.search.msn.com
O1 - Hosts: 207.44.194.56 search.fr.msn.be
O1 - Hosts: 207.44.194.56 search.fr.msn.ch
O1 - Hosts: 207.44.194.56 search.latam.yupimsn.com
O1 - Hosts: 207.44.194.56 search.msn.at
O1 - Hosts: 207.44.194.56 search.msn.be
O1 - Hosts: 207.44.194.56 search.msn.ch
O1 - Hosts: 207.44.194.56 search.msn.co.in
O1 - Hosts: 207.44.194.56 search.msn.co.jp
O1 - Hosts: 207.44.194.56 search.msn.co.kr
O1 - Hosts: 207.44.194.56 search.msn.com.br
O1 - Hosts: 207.44.194.56 search.msn.com.hk
O1 - Hosts: 207.44.194.56 search.msn.com.my
O1 - Hosts: 207.44.194.56 search.msn.com.sg
O1 - Hosts: 207.44.194.56 search.msn.com.tw
O1 - Hosts: 207.44.194.56 search.msn.co.za
O1 - Hosts: 207.44.194.56 search.msn.de
O1 - Hosts: 207.44.194.56 search.msn.dk
O1 - Hosts: 207.44.194.56 search.msn.es
O1 - Hosts: 207.44.194.56 search.msn.fi
O1 - Hosts: 207.44.194.56 search.msn.fr
O1 - Hosts: 207.44.194.56 search.msn.it
O1 - Hosts: 207.44.194.56 search.msn.nl
O1 - Hosts: 207.44.194.56 search.msn.no
O1 - Hosts: 207.44.194.56 search.msn.se
O1 - Hosts: 207.44.194.56 search.ninemsn.com.au
O1 - Hosts: 207.44.194.56 search.t1msn.com.mx
O1 - Hosts: 207.44.194.56 search.xtramsn.co.nz
O1 - Hosts: 207.44.194.56 search.yupimsn.com
O1 - Hosts: 207.44.194.56 uk.search.msn.com
O1 - Hosts: 207.44.194.56 search.lycos.com
O1 - Hosts: 207.44.194.56 www.lycos.com
O1 - Hosts: 207.44.194.56 www.google.ca
O1 - Hosts: 207.44.194.56 google.ca
O1 - Hosts: 207.44.194.56 www.google.uk
O1 - Hosts: 207.44.194.56 www.google.co.uk
O1 - Hosts: 207.44.194.56 www.google.com.au
O1 - Hosts: 207.44.194.56 www.google.co.jp
O1 - Hosts: 207.44.194.56 www.google.jp
O1 - Hosts: 207.44.194.56 www.google.at
O1 - Hosts: 207.44.194.56 www.google.be
O1 - Hosts: 207.44.194.56 www.google.ch
O1 - Hosts: 207.44.194.56 www.google.de
O1 - Hosts: 207.44.194.56 www.google.dk
O1 - Hosts: 207.44.194.56 www.google.fi
O1 - Hosts: 207.44.194.56 www.google.fr
O1 - Hosts: 207.44.194.56 www.google.com.gr
O1 - Hosts: 207.44.194.56 www.google.com.hk
O1 - Hosts: 207.44.194.56 www.google.ie
O1 - Hosts: 207.44.194.56 www.google.co.il
O1 - Hosts: 207.44.194.56 www.google.it
O1 - Hosts: 207.44.194.56 www.google.co.kr
O1 - Hosts: 207.44.194.56 www.google.com.mx
O1 - Hosts: 207.44.194.56 www.google.nl
O1 - Hosts: 207.44.194.56 www.google.co.nz
O1 - Hosts: 207.44.194.56 www.google.pl
O1 - Hosts: 207.44.194.56 www.google.pt
O1 - Hosts: 207.44.194.56 www.google.com.ru
O1 - Hosts: 207.44.194.56 www.google.com.sg
O1 - Hosts: 207.44.194.56 www.google.co.th
O1 - Hosts: 207.44.194.56 www.google.com.tr
O1 - Hosts: 207.44.194.56 www.google.com.tw
O1 - Hosts: 207.44.194.56 google.at
O1 - Hosts: 207.44.194.56 google.be
O1 - Hosts: 207.44.194.56 google.de
O1 - Hosts: 207.44.194.56 google.dk
O1 - Hosts: 207.44.194.56 google.fi
O1 - Hosts: 207.44.194.56 google.fr
O1 - Hosts: 207.44.194.56 google.com.hk
O1 - Hosts: 207.44.194.56 google.ie
O1 - Hosts: 207.44.194.56 google.co.il
O1 - Hosts: 207.44.194.56 google.it
O1 - Hosts: 207.44.194.56 google.co.kr
O1 - Hosts: 207.44.194.56 google.com.mx
O1 - Hosts: 207.44.194.56 google.nl
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37592.9154398148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38
 
Joined
Dec 9, 2000
Messages
45,855
Check and "fix" all the 01 entries in the Scanlog.

Also check and fix:

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

>> you are also a good candidate for the new IE cumulative Patch. See the pinned link at the top of the forum.
 
Joined
Mar 23, 2002
Messages
519
Rollin' Rog , I have a question on what procedure a person should perform first.
It looks as if ( I could be incorrect) robnshan was a victim of the Trojan.Qhosts which
was just discovered October 1st.
Reference:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html

If that is the case then....
Should a person run the "Fix" from Symantec prior to having HijackThis fix the entries ?
Should a person have HijackThis fix the entries and then run the Symantec fix ?
The Symantec fix isn't needed if the entries are fixed with HijackThis.

If it is the Trojan.Qhost, it seems to make alot of registry changes that should be addressed.

Then install the new IE cumulative Patch which you referenced.

Would appreciate any clarification you could provide.
 
Joined
Dec 9, 2000
Messages
45,855
It really won't matter which way you do it, but the problem won't be "fixed" until those Hosts entries are removed, and I don't think that is something the Symantec tool can figure out.
 
Joined
Mar 23, 2002
Messages
519
Thanks Rollin' Rod. I also read the additional post to your pinned thread.
Thanks hewee that link was helpful also.
 

robnshan

Thread Starter
Joined
Oct 2, 2003
Messages
5
Well it took me two times to get rid of all those host files by checking the boxes and clicking fix. I do have my browsers back - wahooo !!! I downloaded the patches from microsoft. However, I did not see anything to download from symantic? Was there something on that page to download for the ghost trojan? I did not see anything. Also, how do I get rid of the trojan from showing up again. Thanks for your help guys !!!!!

rob
 
Joined
Dec 9, 2000
Messages
45,855
The Symantec tool can be found on this page:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html

I grant you it didn't stand out very much on the original liink, just a "named" url called "tool".

Best to run it as it probably checks for registry entries that don't appear in the HijackThis scanlog.

The cumulative update and the Windows Media Player patches should be sufficient. I think, but I'm not absolutely sure, that a similar hijack can be run exploiting an older version of Virtual Machine.

If you want to avoid the Windows Update site for that, you can get it here:

http://www2.whidbey.com/djdenham/VM.htm

If you want to know your current version number for Virtual Machine, open a command prompt and enter:

jview

The one on the Whidbey site is the last and will be 3810
 

robnshan

Thread Starter
Joined
Oct 2, 2003
Messages
5
Well I think I am rid of it. Thanks very much for your help. I cant believe how great everyone is to help out each other here !!!

The only problem I have now is when I boot up, It takes several times. I come up with a warning saying my display adapter is damaged or incompatible. Could I have done something in the removal of my Qhost? Should I reload my video drivers or is it the monitor drivers?

Thanks
 
Joined
Dec 9, 2000
Messages
45,855
I can't imagine what in the qhosts removal might have damaged the display adapter, but that sounds like what the message is referring to. So yes, those should be removed and reinstalled.

Sometimes it is sufficient just to remove them from the Device Manager and reboot. Windows "may" automatically redetect and reload the drivers.

But the better method is to check the Vendors page for any updates, and make sure you have the latest. Just follow their instructions for installing, which in most cases is just running their setup program.
 

robnshan

Thread Starter
Joined
Oct 2, 2003
Messages
5
Thanks rollin' rog. You have been a great help. Everything seems back to normal.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top