1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[SOLVED] My Hijack this logfile. Any baddies in it?

Discussion in 'Virus & Other Malware Removal' started by pileyrei, Oct 15, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. pileyrei

    pileyrei Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    594
    Hello

    I have a rather strange problem!

    About two weeks ago I had a bad virus on my pc. I had porn popups left right and center. When I closed one page it opened two more etc. I managed to get rid of all of it using spybot!

    Everthing is fine now except for one thing.

    Any search engine I use (yahoo, google etc) does not work.

    I can access the page but if I type some search criteria in and press enter I get a blank "page cannot be displayed".
    I know this had something to do with that virus!

    I have tried all sorts......downloads from symantec, adaware, spybot.........


    Any ideas how I can get my serach engines working pleasE?
    I bet its some dodgey key in the registry!

    Thanks

    Pilerei
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents as a new thread IN THE SECURITY FORUM.
    http://forums.techguy.org/f54/s

    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    ;)
     
  3. pileyrei

    pileyrei Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    594
    Hi All


    I was asked to post this here by "Steve". (Apologies, this is a long read!)

    Firstly, her is my orginal message:


    Hello

    I have a rather strange problem!

    About two weeks ago I had a bad virus on my pc. I had porn popups left right and center. When I closed one page it opened two more etc. I managed to get rid of all of it using spybot!

    Everthing is fine now except for one thing.

    Any search engine I use (yahoo, google etc) does not work.

    I can access the page but if I type some search criteria in and press enter I get a blank "page cannot be displayed".
    I know this had something to do with that virus!

    I have tried all sorts......downloads from symantec, adaware, spybot.........


    Any ideas how I can get my serach engines working pleasE?
    I bet its some dodgey key in the registry!

    Thanks

    Pileyrei


    Here is the reply from Steve:

    Go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents as a new thread IN THE SECURITY FORUM.
    http://forums.techguy.org/f54/s

    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.


    And here is my logfile! Anything bad in there that could be causing my problem?

    Logfile of HijackThis v1.97.3
    Scan saved at 11:23:45, on 15/10/2003
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\msdtc.exe
    C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
    C:\PROGRA~1\NavNT\DefWatch.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\WINNT\SYSTEM32\DNTUS26.EXE
    C:\WINNT\System32\svchost.exe
    C:\PROGRA~1\NavNT\rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\System32\mqsvc.exe
    c:\winnt\system32\wscript.exe
    c:\winnt\system32\wscript.exe
    C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\loadqm.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    C:\PROGRA~1\NavNT\vptray.exe
    C:\WINNT\System32\internat.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\unzipped\hijackthis\HijackThis.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aponline.apci.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aponline.apci.com
    O1 - Hosts file is located at: C:\WINNT\help\hosts
    O1 - Hosts: 88.88.88.88 elite
    O1 - Hosts: 207.44.194.56 www.google.akadns.net
    O1 - Hosts: 207.44.194.56 www.google.com
    O1 - Hosts: 207.44.194.56 google.com
    O1 - Hosts: 207.44.194.56 www.altavista.com
    O1 - Hosts: 207.44.194.56 altavista.com
    O1 - Hosts: 207.44.194.56 search.yahoo.com
    O1 - Hosts: 207.44.194.56 uk.search.yahoo.com
    O1 - Hosts: 207.44.194.56 ca.search.yahoo.com
    O1 - Hosts: 207.44.194.56 jp.search.yahoo.com
    O1 - Hosts: 207.44.194.56 au.search.yahoo.com
    O1 - Hosts: 207.44.194.56 de.search.yahoo.com
    O1 - Hosts: 207.44.194.56 search.yahoo.co.jp
    O1 - Hosts: 207.44.194.56 www.lycos.de
    O1 - Hosts: 207.44.194.56 www.lycos.ca
    O1 - Hosts: 207.44.194.56 www.lycos.jp
    O1 - Hosts: 207.44.194.56 www.lycos.co.jp
    O1 - Hosts: 207.44.194.56 alltheweb.com
    O1 - Hosts: 207.44.194.56 web.ask.com
    O1 - Hosts: 207.44.194.56 ask.com
    O1 - Hosts: 207.44.194.56 www.ask.com
    O1 - Hosts: 207.44.194.56 www.teoma.com
    O1 - Hosts: 207.44.194.56 search.aol.com
    O1 - Hosts: 207.44.194.56 www.looksmart.com
    O1 - Hosts: 207.44.194.56 auto.search.msn.com
    O1 - Hosts: 207.44.194.56 search.msn.com
    O1 - Hosts: 207.44.194.56 ca.search.msn.com
    O1 - Hosts: 207.44.194.56 fr.ca.search.msn.com
    O1 - Hosts: 207.44.194.56 search.fr.msn.be
    O1 - Hosts: 207.44.194.56 search.fr.msn.ch
    O1 - Hosts: 207.44.194.56 search.latam.yupimsn.com
    O1 - Hosts: 207.44.194.56 search.msn.at
    O1 - Hosts: 207.44.194.56 search.msn.be
    O1 - Hosts: 207.44.194.56 search.msn.ch
    O1 - Hosts: 207.44.194.56 search.msn.co.in
    O1 - Hosts: 207.44.194.56 search.msn.co.jp
    O1 - Hosts: 207.44.194.56 search.msn.co.kr
    O1 - Hosts: 207.44.194.56 search.msn.com.br
    O1 - Hosts: 207.44.194.56 search.msn.com.hk
    O1 - Hosts: 207.44.194.56 search.msn.com.my
    O1 - Hosts: 207.44.194.56 search.msn.com.sg
    O1 - Hosts: 207.44.194.56 search.msn.com.tw
    O1 - Hosts: 207.44.194.56 search.msn.co.za
    O1 - Hosts: 207.44.194.56 search.msn.de
    O1 - Hosts: 207.44.194.56 search.msn.dk
    O1 - Hosts: 207.44.194.56 search.msn.es
    O1 - Hosts: 207.44.194.56 search.msn.fi
    O1 - Hosts: 207.44.194.56 search.msn.fr
    O1 - Hosts: 207.44.194.56 search.msn.it
    O1 - Hosts: 207.44.194.56 search.msn.nl
    O1 - Hosts: 207.44.194.56 search.msn.no
    O1 - Hosts: 207.44.194.56 search.msn.se
    O1 - Hosts: 207.44.194.56 search.ninemsn.com.au
    O1 - Hosts: 207.44.194.56 search.t1msn.com.mx
    O1 - Hosts: 207.44.194.56 search.xtramsn.co.nz
    O1 - Hosts: 207.44.194.56 search.yupimsn.com
    O1 - Hosts: 207.44.194.56 uk.search.msn.com
    O1 - Hosts: 207.44.194.56 search.lycos.com
    O1 - Hosts: 207.44.194.56 www.lycos.com
    O1 - Hosts: 207.44.194.56 www.google.ca
    O1 - Hosts: 207.44.194.56 google.ca
    O1 - Hosts: 207.44.194.56 www.google.uk
    O1 - Hosts: 207.44.194.56 www.google.co.uk
    O1 - Hosts: 207.44.194.56 www.google.com.au
    O1 - Hosts: 207.44.194.56 www.google.co.jp
    O1 - Hosts: 207.44.194.56 www.google.jp
    O1 - Hosts: 207.44.194.56 www.google.at
    O1 - Hosts: 207.44.194.56 www.google.be
    O1 - Hosts: 207.44.194.56 www.google.ch
    O1 - Hosts: 207.44.194.56 www.google.de
    O1 - Hosts: 207.44.194.56 www.google.se
    O1 - Hosts: 207.44.194.56 www.google.dk
    O1 - Hosts: 207.44.194.56 www.google.fi
    O1 - Hosts: 207.44.194.56 www.google.fr
    O1 - Hosts: 207.44.194.56 www.google.com.gr
    O1 - Hosts: 207.44.194.56 www.google.com.hk
    O1 - Hosts: 207.44.194.56 www.google.ie
    O1 - Hosts: 207.44.194.56 www.google.co.il
    O1 - Hosts: 207.44.194.56 www.google.it
    O1 - Hosts: 207.44.194.56 www.google.co.kr
    O1 - Hosts: 207.44.194.56 www.google.com.mx
    O1 - Hosts: 207.44.194.56 www.google.nl
    O1 - Hosts: 207.44.194.56 www.google.co.nz
    O1 - Hosts: 207.44.194.56 www.google.pl
    O1 - Hosts: 207.44.194.56 www.google.pt
    O1 - Hosts: 207.44.194.56 www.google.com.ru
    O1 - Hosts: 207.44.194.56 www.google.com.sg
    O1 - Hosts: 207.44.194.56 www.google.co.th
    O1 - Hosts: 207.44.194.56 www.google.com.tr
    O1 - Hosts: 207.44.194.56 www.google.com.tw
    O1 - Hosts: 207.44.194.56 go.google.com
    O1 - Hosts: 207.44.194.56 google.at
    O1 - Hosts: 207.44.194.56 google.be
    O1 - Hosts: 207.44.194.56 google.de
    O1 - Hosts: 207.44.194.56 google.dk
    O1 - Hosts: 207.44.194.56 google.fi
    O1 - Hosts: 207.44.194.56 google.fr
    O1 - Hosts: 207.44.194.56 google.com.hk
    O1 - Hosts: 207.44.194.56 google.ie
    O1 - Hosts: 207.44.194.56 google.co.il
    O1 - Hosts: 207.44.194.56 google.it
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://aponline.apci.com
    O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://naex014p/TeamWorkspace/Components/outlctlx.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {0C3CE003-3C32-4E03-ABED-325F623EDAEE} (artrnsfr.ARtransfer) - http://allusw01.apci.com/KBtrans.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/028eba64a7c76a4f3c14/netzip/RdxIE2.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {964DD339-E1F3-4EBF-80CE-585296353E20} (APOutlookUtils.Library) - http://naex014p/TeamWorkspace/Components/APOutlookUtils.CAB
    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
    O16 - DPF: {AF1574C9-94B5-46BF-8580-6EADF940EAC3} (APRuntime.DownloadStub) - http://naex014p/TeamWorkspace/Components/APRuntime.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.apci.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{50FC47A2-DB8B-4668-BA29-19186D9C388D}: NameServer = 69.57.146.14
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europe.apci.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = europe.apci.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com


    Thanks very much!

    Pileyrei
     
  4. pileyrei

    pileyrei Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    594
    Thanks Steve


    I have posted everthing in the security section!

    Pileyrei
     
  5. pileyrei

    pileyrei Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    594
    BTW: this is a work pc! :p

    Pileyrei
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,187
    First Name:
    Derek
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    ALL the O1 entries
    O17 - HKLM\System\CCS\Services\Tcpip\..\{50FC47A2-DB8B-4668-BA29-19186D9C388D}: NameServer = 69.57.146.14
     
  7. pileyrei

    pileyrei Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    594
    Its kind of obvious looking at it now!

    Great, I will try it soon and post back.

    Thank you!

    Pileyrei
     
  8. pileyrei

    pileyrei Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    594
    Hmmmm


    Same problem.....

    I havent used Hijack this before. After removing all the entries mentioned a page with backups of the files appeared. I closed this and went onto the net to search. Same problem!

    Do I have to reboot first?

    Pileyrei
     
  9. pileyrei

    pileyrei Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    594
    Here is the new log after removing them:

    Logfile of HijackThis v1.97.3
    Scan saved at 12:03:58, on 15/10/2003
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\msdtc.exe
    C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
    C:\PROGRA~1\NavNT\DefWatch.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\WINNT\SYSTEM32\DNTUS26.EXE
    C:\WINNT\System32\svchost.exe
    C:\PROGRA~1\NavNT\rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\System32\mqsvc.exe
    c:\winnt\system32\wscript.exe
    c:\winnt\system32\wscript.exe
    C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\loadqm.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    C:\PROGRA~1\NavNT\vptray.exe
    C:\WINNT\System32\internat.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
    C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\unzipped\hijackthis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\unzipped\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aponline.apci.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aponline.apci.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://aponline.apci.com
    O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://naex014p/TeamWorkspace/Components/outlctlx.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {0C3CE003-3C32-4E03-ABED-325F623EDAEE} (artrnsfr.ARtransfer) - http://allusw01.apci.com/KBtrans.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/028eba64a7c76a4f3c14/netzip/RdxIE2.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {964DD339-E1F3-4EBF-80CE-585296353E20} (APOutlookUtils.Library) - http://naex014p/TeamWorkspace/Components/APOutlookUtils.CAB
    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
    O16 - DPF: {AF1574C9-94B5-46BF-8580-6EADF940EAC3} (APRuntime.DownloadStub) - http://naex014p/TeamWorkspace/Components/APRuntime.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.apci.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europe.apci.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = europe.apci.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = europe.apci.com,ape.apci.com,apci.com,america.apci.com,asiapac.apci.com
     
  10. pileyrei

    pileyrei Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    594
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,187
    First Name:
    Derek
    It's the qhost virus follow instruction here
    http://forums.techguy.org/t169476/s.html

    and use the symantec removal tool and make sure you download & install all the patches mentioned

    you will need to reboot before the changes made earlier will be effective
     
  12. pileyrei

    pileyrei Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    594
    Thank you!

    Rebooted........and fixed!

    Thank you so much

    Regards

    Pileyrei
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/172077

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice