[SOLVED] My Hijack this logfile. Any baddies in it?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

pileyrei

Thread Starter
Joined
Sep 16, 2003
Messages
594
Hello

I have a rather strange problem!

About two weeks ago I had a bad virus on my pc. I had porn popups left right and center. When I closed one page it opened two more etc. I managed to get rid of all of it using spybot!

Everthing is fine now except for one thing.

Any search engine I use (yahoo, google etc) does not work.

I can access the page but if I type some search criteria in and press enter I get a blank "page cannot be displayed".
I know this had something to do with that virus!

I have tried all sorts......downloads from symantec, adaware, spybot.........


Any ideas how I can get my serach engines working pleasE?
I bet its some dodgey key in the registry!

Thanks

Pilerei
 
Joined
Oct 9, 2001
Messages
9,396
Go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents as a new thread IN THE SECURITY FORUM.
http://forums.techguy.org/f54/s

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

;)
 

pileyrei

Thread Starter
Joined
Sep 16, 2003
Messages
594
Hi All


I was asked to post this here by "Steve". (Apologies, this is a long read!)

Firstly, her is my orginal message:


Hello

I have a rather strange problem!

About two weeks ago I had a bad virus on my pc. I had porn popups left right and center. When I closed one page it opened two more etc. I managed to get rid of all of it using spybot!

Everthing is fine now except for one thing.

Any search engine I use (yahoo, google etc) does not work.

I can access the page but if I type some search criteria in and press enter I get a blank "page cannot be displayed".
I know this had something to do with that virus!

I have tried all sorts......downloads from symantec, adaware, spybot.........


Any ideas how I can get my serach engines working pleasE?
I bet its some dodgey key in the registry!

Thanks

Pileyrei


Here is the reply from Steve:

Go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents as a new thread IN THE SECURITY FORUM.
http://forums.techguy.org/f54/s

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.


And here is my logfile! Anything bad in there that could be causing my problem?

Logfile of HijackThis v1.97.3
Scan saved at 11:23:45, on 15/10/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\mqsvc.exe
c:\winnt\system32\wscript.exe
c:\winnt\system32\wscript.exe
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\loadqm.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\WINNT\System32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aponline.apci.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aponline.apci.com
O1 - Hosts file is located at: C:\WINNT\help\hosts
O1 - Hosts: 88.88.88.88 elite
O1 - Hosts: 207.44.194.56 www.google.akadns.net
O1 - Hosts: 207.44.194.56 www.google.com
O1 - Hosts: 207.44.194.56 google.com
O1 - Hosts: 207.44.194.56 www.altavista.com
O1 - Hosts: 207.44.194.56 altavista.com
O1 - Hosts: 207.44.194.56 search.yahoo.com
O1 - Hosts: 207.44.194.56 uk.search.yahoo.com
O1 - Hosts: 207.44.194.56 ca.search.yahoo.com
O1 - Hosts: 207.44.194.56 jp.search.yahoo.com
O1 - Hosts: 207.44.194.56 au.search.yahoo.com
O1 - Hosts: 207.44.194.56 de.search.yahoo.com
O1 - Hosts: 207.44.194.56 search.yahoo.co.jp
O1 - Hosts: 207.44.194.56 www.lycos.de
O1 - Hosts: 207.44.194.56 www.lycos.ca
O1 - Hosts: 207.44.194.56 www.lycos.jp
O1 - Hosts: 207.44.194.56 www.lycos.co.jp
O1 - Hosts: 207.44.194.56 alltheweb.com
O1 - Hosts: 207.44.194.56 web.ask.com
O1 - Hosts: 207.44.194.56 ask.com
O1 - Hosts: 207.44.194.56 www.ask.com
O1 - Hosts: 207.44.194.56 www.teoma.com
O1 - Hosts: 207.44.194.56 search.aol.com
O1 - Hosts: 207.44.194.56 www.looksmart.com
O1 - Hosts: 207.44.194.56 auto.search.msn.com
O1 - Hosts: 207.44.194.56 search.msn.com
O1 - Hosts: 207.44.194.56 ca.search.msn.com
O1 - Hosts: 207.44.194.56 fr.ca.search.msn.com
O1 - Hosts: 207.44.194.56 search.fr.msn.be
O1 - Hosts: 207.44.194.56 search.fr.msn.ch
O1 - Hosts: 207.44.194.56 search.latam.yupimsn.com
O1 - Hosts: 207.44.194.56 search.msn.at
O1 - Hosts: 207.44.194.56 search.msn.be
O1 - Hosts: 207.44.194.56 search.msn.ch
O1 - Hosts: 207.44.194.56 search.msn.co.in
O1 - Hosts: 207.44.194.56 search.msn.co.jp
O1 - Hosts: 207.44.194.56 search.msn.co.kr
O1 - Hosts: 207.44.194.56 search.msn.com.br
O1 - Hosts: 207.44.194.56 search.msn.com.hk
O1 - Hosts: 207.44.194.56 search.msn.com.my
O1 - Hosts: 207.44.194.56 search.msn.com.sg
O1 - Hosts: 207.44.194.56 search.msn.com.tw
O1 - Hosts: 207.44.194.56 search.msn.co.za
O1 - Hosts: 207.44.194.56 search.msn.de
O1 - Hosts: 207.44.194.56 search.msn.dk
O1 - Hosts: 207.44.194.56 search.msn.es
O1 - Hosts: 207.44.194.56 search.msn.fi
O1 - Hosts: 207.44.194.56 search.msn.fr
O1 - Hosts: 207.44.194.56 search.msn.it
O1 - Hosts: 207.44.194.56 search.msn.nl
O1 - Hosts: 207.44.194.56 search.msn.no
O1 - Hosts: 207.44.194.56 search.msn.se
O1 - Hosts: 207.44.194.56 search.ninemsn.com.au
O1 - Hosts: 207.44.194.56 search.t1msn.com.mx
O1 - Hosts: 207.44.194.56 search.xtramsn.co.nz
O1 - Hosts: 207.44.194.56 search.yupimsn.com
O1 - Hosts: 207.44.194.56 uk.search.msn.com
O1 - Hosts: 207.44.194.56 search.lycos.com
O1 - Hosts: 207.44.194.56 www.lycos.com
O1 - Hosts: 207.44.194.56 www.google.ca
O1 - Hosts: 207.44.194.56 google.ca
O1 - Hosts: 207.44.194.56 www.google.uk
O1 - Hosts: 207.44.194.56 www.google.co.uk
O1 - Hosts: 207.44.194.56 www.google.com.au
O1 - Hosts: 207.44.194.56 www.google.co.jp
O1 - Hosts: 207.44.194.56 www.google.jp
O1 - Hosts: 207.44.194.56 www.google.at
O1 - Hosts: 207.44.194.56 www.google.be
O1 - Hosts: 207.44.194.56 www.google.ch
O1 - Hosts: 207.44.194.56 www.google.de
O1 - Hosts: 207.44.194.56 www.google.se
O1 - Hosts: 207.44.194.56 www.google.dk
O1 - Hosts: 207.44.194.56 www.google.fi
O1 - Hosts: 207.44.194.56 www.google.fr
O1 - Hosts: 207.44.194.56 www.google.com.gr
O1 - Hosts: 207.44.194.56 www.google.com.hk
O1 - Hosts: 207.44.194.56 www.google.ie
O1 - Hosts: 207.44.194.56 www.google.co.il
O1 - Hosts: 207.44.194.56 www.google.it
O1 - Hosts: 207.44.194.56 www.google.co.kr
O1 - Hosts: 207.44.194.56 www.google.com.mx
O1 - Hosts: 207.44.194.56 www.google.nl
O1 - Hosts: 207.44.194.56 www.google.co.nz
O1 - Hosts: 207.44.194.56 www.google.pl
O1 - Hosts: 207.44.194.56 www.google.pt
O1 - Hosts: 207.44.194.56 www.google.com.ru
O1 - Hosts: 207.44.194.56 www.google.com.sg
O1 - Hosts: 207.44.194.56 www.google.co.th
O1 - Hosts: 207.44.194.56 www.google.com.tr
O1 - Hosts: 207.44.194.56 www.google.com.tw
O1 - Hosts: 207.44.194.56 go.google.com
O1 - Hosts: 207.44.194.56 google.at
O1 - Hosts: 207.44.194.56 google.be
O1 - Hosts: 207.44.194.56 google.de
O1 - Hosts: 207.44.194.56 google.dk
O1 - Hosts: 207.44.194.56 google.fi
O1 - Hosts: 207.44.194.56 google.fr
O1 - Hosts: 207.44.194.56 google.com.hk
O1 - Hosts: 207.44.194.56 google.ie
O1 - Hosts: 207.44.194.56 google.co.il
O1 - Hosts: 207.44.194.56 google.it
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://aponline.apci.com
O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://naex014p/TeamWorkspace/Components/outlctlx.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {0C3CE003-3C32-4E03-ABED-325F623EDAEE} (artrnsfr.ARtransfer) - http://allusw01.apci.com/KBtrans.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/028eba64a7c76a4f3c14/netzip/RdxIE2.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {964DD339-E1F3-4EBF-80CE-585296353E20} (APOutlookUtils.Library) - http://naex014p/TeamWorkspace/Components/APOutlookUtils.CAB
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {AF1574C9-94B5-46BF-8580-6EADF940EAC3} (APRuntime.DownloadStub) - http://naex014p/TeamWorkspace/Components/APRuntime.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.apci.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{50FC47A2-DB8B-4668-BA29-19186D9C388D}: NameServer = 69.57.146.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europe.apci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = europe.apci.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com


Thanks very much!

Pileyrei
 

pileyrei

Thread Starter
Joined
Sep 16, 2003
Messages
594
Thanks Steve


I have posted everthing in the security section!

Pileyrei
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

ALL the O1 entries
O17 - HKLM\System\CCS\Services\Tcpip\..\{50FC47A2-DB8B-4668-BA29-19186D9C388D}: NameServer = 69.57.146.14
 

pileyrei

Thread Starter
Joined
Sep 16, 2003
Messages
594
Its kind of obvious looking at it now!

Great, I will try it soon and post back.

Thank you!

Pileyrei
 

pileyrei

Thread Starter
Joined
Sep 16, 2003
Messages
594
Hmmmm


Same problem.....

I havent used Hijack this before. After removing all the entries mentioned a page with backups of the files appeared. I closed this and went onto the net to search. Same problem!

Do I have to reboot first?

Pileyrei
 

pileyrei

Thread Starter
Joined
Sep 16, 2003
Messages
594
Here is the new log after removing them:

Logfile of HijackThis v1.97.3
Scan saved at 12:03:58, on 15/10/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\mqsvc.exe
c:\winnt\system32\wscript.exe
c:\winnt\system32\wscript.exe
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\loadqm.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\WINNT\System32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\unzipped\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aponline.apci.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aponline.apci.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://aponline.apci.com
O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://naex014p/TeamWorkspace/Components/outlctlx.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {0C3CE003-3C32-4E03-ABED-325F623EDAEE} (artrnsfr.ARtransfer) - http://allusw01.apci.com/KBtrans.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/028eba64a7c76a4f3c14/netzip/RdxIE2.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {964DD339-E1F3-4EBF-80CE-585296353E20} (APOutlookUtils.Library) - http://naex014p/TeamWorkspace/Components/APOutlookUtils.CAB
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {AF1574C9-94B5-46BF-8580-6EADF940EAC3} (APRuntime.DownloadStub) - http://naex014p/TeamWorkspace/Components/APRuntime.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.apci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europe.apci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = europe.apci.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
It's the qhost virus follow instruction here
http://forums.techguy.org/t169476/s.html

and use the symantec removal tool and make sure you download & install all the patches mentioned

you will need to reboot before the changes made earlier will be effective
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top