«

Hi,

Today, I used Spybot to get rid of a lot of unwanted stuff on my
computer. However, now, I notice that whenever I search Google, a
page comes up first before the real search results.

For example, if I searched for "movies" it first displays a page with
links to to a lot of sites, that don't look legit, that will help me
find movies. This is a copy of the search results:

Dvds only $2.19.
We specialize in liquidating large stocks of dvds. Make $400 - $500
every weekend selling closeout dvds on ebay, at the flea market, in
your store etc...

Unlimited Movie Downloads - $1 a Month
Get your own Movies, Music & More. Unlimited movie downloads. Join
today, only $1 a month

Find Daily Web Deals -- Save money!
Find best deals and discounts on the internet! Free coupon codes,
discount listings, and lots more.

Free Unlimited Movie Downloads
Click here to begin downloading all your favorite movies for free. All
the latest titles available.

Download Unlimited Movies. Only 99 Cents / Month
Unlimited New and Old Movies. Movies not released yet? Download it
here first guaranteed! Over a million titles Less than $1 a Month.

Unlimited Movie Downloads only $0.75/mo!
Download any Movie! Even new releases. Only $0.75 a month. Burn your
own DVDs or VCD's and play them on your TV. Napsters best replacement.

get paid to watch movie trailers
get paid to watch movie trailers - Surveys4Money.com guide to online
survey companies that pay you to watch movie trailers and tv clips - a
FreeLotteriesOnline.com recommended site

Use a CREDIT CARD to get premium porn
Credit card age verifcation is required. Use your credit card to prove
your of legal age and you can start enjoying porn.

Unlimited Movie Downloads - $1 a Month
Get your own Movies, Music & More. Unlimited movie downloads. Join
today, only $1 a month

Unlimited Movie Downloads - $1 a Month
Get your own Movies, Music & More. Unlimited movie downloads. Join
today, only $1 a month
***

Then, when I hit next on the bottom of the page, it takes me to
Google's real search results. Does anyone have idea what this is and
how to get rid of it?

Thanks,
Katie

"Katie" <> wrote in message
news: om...
> Hi,
>
> Today, I used Spybot to get rid of a lot of unwanted stuff on my
> computer. However, now, I notice that whenever I search Google, a
> page comes up first before the real search results.

<snippage>

> Thanks,
> Katie

I've found that using AdAware, and SpyBot in conjunction provides much
better results than either one on their own. I'm also presuming that you're
running an up to date AV package.

Box

You are probably infected with the QHosts trojan.

http://www3.ca.com/virusinfo/virus.aspx?ID=37191
http://www.sophos.com/virusinfo/anal...ojqhosts1.html
http://www.symantec.com/avcenter/ven...an.qhosts.html
http://vil.nai.com/vil/content/v_100719.htm
http://www.europe.f-secure.com/v-descs/delude.shtml

http://www.spywareinfo.net/sept30,2003#searchjack
http://www.imilly.com/google.htm

Host file reader:
http://members.shaw.ca/techcd/VB_Pro...FileReader.exe

HijackThis
http://www.tomcoyote.org/hjt/


On 22 Dec 2003 17:24:58 -0800, in
< >
Katie scrawled:

>Hi,
>
>Today, I used Spybot to get rid of a lot of unwanted stuff on my
>computer. However, now, I notice that whenever I search Google, a
>page comes up first before the real search results.
>
>For example, if I searched for "movies" it first displays a page with
>links to to a lot of sites, that don't look legit, that will help me
>find movies. This is a copy of the search results:
>
>Dvds only $2.19.
>We specialize in liquidating large stocks of dvds. Make $400 - $500
>every weekend selling closeout dvds on ebay, at the flea market, in
>your store etc...
>
>Unlimited Movie Downloads - $1 a Month
>Get your own Movies, Music & More. Unlimited movie downloads. Join
>today, only $1 a month
>
>Find Daily Web Deals -- Save money!
>Find best deals and discounts on the internet! Free coupon codes,
>discount listings, and lots more.
>
>Free Unlimited Movie Downloads
>Click here to begin downloading all your favorite movies for free. All
>the latest titles available.
>
>Download Unlimited Movies. Only 99 Cents / Month
>Unlimited New and Old Movies. Movies not released yet? Download it
>here first guaranteed! Over a million titles Less than $1 a Month.
>
>Unlimited Movie Downloads only $0.75/mo!
>Download any Movie! Even new releases. Only $0.75 a month. Burn your
>own DVDs or VCD's and play them on your TV. Napsters best replacement.
>
>get paid to watch movie trailers
>get paid to watch movie trailers - Surveys4Money.com guide to online
>survey companies that pay you to watch movie trailers and tv clips - a
>FreeLotteriesOnline.com recommended site
>
>Use a CREDIT CARD to get premium porn
>Credit card age verifcation is required. Use your credit card to prove
>your of legal age and you can start enjoying porn.
>
>Unlimited Movie Downloads - $1 a Month
>Get your own Movies, Music & More. Unlimited movie downloads. Join
>today, only $1 a month
>
>Unlimited Movie Downloads - $1 a Month
>Get your own Movies, Music & More. Unlimited movie downloads. Join
>today, only $1 a month
>***
>
>Then, when I hit next on the bottom of the page, it takes me to
>Google's real search results. Does anyone have idea what this is and
>how to get rid of it?
>
>Thanks,
>Katie

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

Hi,

Thanks for your responses. I ran a symentac virus scan "FixQhost" and
it didn't find the QHosts trojan on my system. I went to hijack this
and to the host file reader you recommend. Below are my logs:

Hijack This:

Logfile of HijackThis v1.97.7
Scan saved at 3:43:09 PM, on 12/28/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton\defwatch.exe
C:\Program Files\Norton\rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Norton\vptray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AproposClient\Apropos.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Katie\Desktop\HostsFileReader.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Katie\Local Settings\Temp\Temporary
Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R3 - URLSearchHook: IncrediFindBHO Class -
{5D60FF48-95BE-4956-B4C6-6BB168A70310} -
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
sitefinder.verisign.com
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -
C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_11_0 .dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5B25DB7A-1F09-4153-BDDA-6F0B68DF5F46} -
C:\WINDOWS\System32\jjit.dll
O2 - BHO: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} -
C:\WINDOWS\System32\mseclk.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -
C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_11_0 .dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {4AE983B1-4424-424C-B412-A43EF0820E55} - (no
file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program
Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All
Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P
Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\System32\Keyhost.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [YahooStock] C:\WINDOWS\lb1z816m.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\Documents and
Settings\Katie\dp-b23011805.exe
O4 - HKLM\..\Run: [Qwik-Fix] "C:\Program Files\PivX
Qwik-Fix\QwikFix.exe" splash
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msccof.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
Class) - http://download.weatherbug.com/minib...ansporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
- http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://128.164.199.40/activex/AxisCamControl.ocx
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class)
- http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Hosts File Reader:
C:\|356\HOSTS
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

Any insight on what I should do next? Thanks for the help.

-Katie



°Mike° <> wrote in message news:<>...
> You are probably infected with the QHosts trojan.
>
> http://www3.ca.com/virusinfo/virus.aspx?ID=37191
> http://www.sophos.com/virusinfo/anal...ojqhosts1.html
> http://www.symantec.com/avcenter/ven...an.qhosts.html
> http://vil.nai.com/vil/content/v_100719.htm
> http://www.europe.f-secure.com/v-descs/delude.shtml
>
> http://www.spywareinfo.net/sept30,2003#searchjack
> http://www.imilly.com/google.htm
>
> Host file reader:
> http://members.shaw.ca/techcd/VB_Pro...FileReader.exe
>
> HijackThis
> http://www.tomcoyote.org/hjt/
>
>
> On 22 Dec 2003 17:24:58 -0800, in
> < >
> Katie scrawled:
>
> >Hi,
> >
> >Today, I used Spybot to get rid of a lot of unwanted stuff on my
> >computer. However, now, I notice that whenever I search Google, a
> >page comes up first before the real search results.
> >
> >For example, if I searched for "movies" it first displays a page with
> >links to to a lot of sites, that don't look legit, that will help me
> >find movies. This is a copy of the search results:
> >
> >Dvds only $2.19.
> >We specialize in liquidating large stocks of dvds. Make $400 - $500
> >every weekend selling closeout dvds on ebay, at the flea market, in
> >your store etc...
> >
> >Unlimited Movie Downloads - $1 a Month
> >Get your own Movies, Music & More. Unlimited movie downloads. Join
> >today, only $1 a month
> >
> >Find Daily Web Deals -- Save money!
> >Find best deals and discounts on the internet! Free coupon codes,
> >discount listings, and lots more.
> >
> >Free Unlimited Movie Downloads
> >Click here to begin downloading all your favorite movies for free. All
> >the latest titles available.
> >
> >Download Unlimited Movies. Only 99 Cents / Month
> >Unlimited New and Old Movies. Movies not released yet? Download it
> >here first guaranteed! Over a million titles Less than $1 a Month.
> >
> >Unlimited Movie Downloads only $0.75/mo!
> >Download any Movie! Even new releases. Only $0.75 a month. Burn your
> >own DVDs or VCD's and play them on your TV. Napsters best replacement.
> >
> >get paid to watch movie trailers
> >get paid to watch movie trailers - Surveys4Money.com guide to online
> >survey companies that pay you to watch movie trailers and tv clips - a
> >FreeLotteriesOnline.com recommended site
> >
> >Use a CREDIT CARD to get premium porn
> >Credit card age verifcation is required. Use your credit card to prove
> >your of legal age and you can start enjoying porn.
> >
> >Unlimited Movie Downloads - $1 a Month
> >Get your own Movies, Music & More. Unlimited movie downloads. Join
> >today, only $1 a month
> >
> >Unlimited Movie Downloads - $1 a Month
> >Get your own Movies, Music & More. Unlimited movie downloads. Join
> >today, only $1 a month
> >***
> >
> >Then, when I hit next on the bottom of the page, it takes me to
> >Google's real search results. Does anyone have idea what this is and
> >how to get rid of it?
> >
> >Thanks,
> >Katie

On 28 Dec 2003 12:48:46 -0800, in
< >
Katie scrawled:

>Hi,
>
>Thanks for your responses. I ran a symentac virus scan "FixQhost" and
>it didn't find the QHosts trojan on my system. I went to hijack this
>and to the host file reader you recommend. Below are my logs:
>
>Hijack This:
>
>Logfile of HijackThis v1.97.7

<snip>

>Running processes:

<snip>
>C:\Program Files\AproposClient\Apropos.exe

I couldn't find any info on this "AproposClient". It also has a
BHO associated with it -- see **** further below.


>R3 - URLSearchHook: IncrediFindBHO Class -
>{5D60FF48-95BE-4956-B4C6-6BB168A70310} -
>C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

Have HijackThis fix the above.


>O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
>sitefinder.verisign.com

Have HijackThis fix the above. This is the cause of you being
redirected to other sites.


>O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -
>C:\Program Files\AproposClient\AproposPlugin.dll

****


>O2 - BHO: (no name) - {5B25DB7A-1F09-4153-BDDA-6F0B68DF5F46} -
>C:\WINDOWS\System32\jjit.dll

I could find no information on this BHO -- you have far too many
BHOs installed, for my liking.


>O2 - BHO: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
>C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

Have HijackThis fix the above.


>O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} -
>C:\WINDOWS\System32\mseclk.dll

Have HijackThis fix the above.



>O3 - Toolbar: (no name) - {4AE983B1-4424-424C-B412-A43EF0820E55} - (no
>file)

Have HijackThis fix the above.


>O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\System32\Keyhost.exe

Have HijackThis fix the above.


>O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msccof.exe

Have HijackThis fix the above.


>O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
>O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
>O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
>O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

Have HijackThis fix all of the above.


>O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
>Class) - http://download.weatherbug.com/minib...ansporter.cab?

Have HijackThis fix the above.


>O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
>http://128.164.199.40/activex/AxisCamControl.ocx

Have HijackThis fix the above.


>Any insight on what I should do next? Thanks for the help.
>
>-Katie
>
>
>
>°Mike° <> wrote in message news:<>...
>> You are probably infected with the QHosts trojan.

<snip>

>> On 22 Dec 2003 17:24:58 -0800, in
>> < >
>> Katie scrawled:
>>
>> >Hi,
>> >
>> >Today, I used Spybot to get rid of a lot of unwanted stuff on my
>> >computer. However, now, I notice that whenever I search Google, a
>> >page comes up first before the real search results.
>> >
>> >For example, if I searched for "movies" it first displays a page with
>> >links to to a lot of sites, that don't look legit, that will help me
>> >find movies. This is a copy of the search results:
>> >
>> >Dvds only $2.19.
>> >We specialize in liquidating large stocks of dvds. Make $400 - $500
>> >every weekend selling closeout dvds on ebay, at the flea market, in
>> >your store etc...
>> >
>> >Unlimited Movie Downloads - $1 a Month
>> >Get your own Movies, Music & More. Unlimited movie downloads. Join
>> >today, only $1 a month
>> >
>> >Find Daily Web Deals -- Save money!
>> >Find best deals and discounts on the internet! Free coupon codes,
>> >discount listings, and lots more.
>> >
>> >Free Unlimited Movie Downloads
>> >Click here to begin downloading all your favorite movies for free. All
>> >the latest titles available.
>> >
>> >Download Unlimited Movies. Only 99 Cents / Month
>> >Unlimited New and Old Movies. Movies not released yet? Download it
>> >here first guaranteed! Over a million titles Less than $1 a Month.
>> >
>> >Unlimited Movie Downloads only $0.75/mo!
>> >Download any Movie! Even new releases. Only $0.75 a month. Burn your
>> >own DVDs or VCD's and play them on your TV. Napsters best replacement.
>> >
>> >get paid to watch movie trailers
>> >get paid to watch movie trailers - Surveys4Money.com guide to online
>> >survey companies that pay you to watch movie trailers and tv clips - a
>> >FreeLotteriesOnline.com recommended site
>> >
>> >Use a CREDIT CARD to get premium porn
>> >Credit card age verifcation is required. Use your credit card to prove
>> >your of legal age and you can start enjoying porn.
>> >
>> >Unlimited Movie Downloads - $1 a Month
>> >Get your own Movies, Music & More. Unlimited movie downloads. Join
>> >today, only $1 a month
>> >
>> >Unlimited Movie Downloads - $1 a Month
>> >Get your own Movies, Music & More. Unlimited movie downloads. Join
>> >today, only $1 a month
>> >***
>> >
>> >Then, when I hit next on the bottom of the page, it takes me to
>> >Google's real search results. Does anyone have idea what this is and
>> >how to get rid of it?
>> >
>> >Thanks,
>> >Katie

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

Mike,

I had hijack fix each of the things you said, however, there are
certain items that even though I had hijack fix them, and then I
restarted, they were still there on the scan when I came back (I went
through this 3 times with these files.) They are:

> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

Also - I deleted the item that you said was the cause of the google
redirect, but the problem still exists. Do you have any more
suggestions? I really do thank you for the help you've been giving
me.

-Katie

°Mike° <> wrote in message news:<>...
> On 28 Dec 2003 12:48:46 -0800, in
> < >
> Katie scrawled:
>
> >Hi,
> >
> >Thanks for your responses. I ran a symentac virus scan "FixQhost" and
> >it didn't find the QHosts trojan on my system. I went to hijack this
> >and to the host file reader you recommend. Below are my logs:
> >
> >Hijack This:
> >
> >Logfile of HijackThis v1.97.7
>
> <snip>
>
> >Running processes:
>
> <snip>
> >C:\Program Files\AproposClient\Apropos.exe
>
> I couldn't find any info on this "AproposClient". It also has a
> BHO associated with it -- see **** further below.
>
>
> >R3 - URLSearchHook: IncrediFindBHO Class -
> >{5D60FF48-95BE-4956-B4C6-6BB168A70310} -
> >C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
>
> Have HijackThis fix the above.
>
>
> >O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
> >sitefinder.verisign.com
>
> Have HijackThis fix the above. This is the cause of you being
> redirected to other sites.
>
>
> >O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -
> >C:\Program Files\AproposClient\AproposPlugin.dll
>
> ****
>
>
> >O2 - BHO: (no name) - {5B25DB7A-1F09-4153-BDDA-6F0B68DF5F46} -
> >C:\WINDOWS\System32\jjit.dll
>
> I could find no information on this BHO -- you have far too many
> BHOs installed, for my liking.
>
>
> >O2 - BHO: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
> >C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
>
> Have HijackThis fix the above.
>
>
> >O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} -
> >C:\WINDOWS\System32\mseclk.dll
>
> Have HijackThis fix the above.
>
>
>
> >O3 - Toolbar: (no name) - {4AE983B1-4424-424C-B412-A43EF0820E55} - (no
> >file)
>
> Have HijackThis fix the above.
>
>
> >O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\System32\Keyhost.exe
>
> Have HijackThis fix the above.
>
>
> >O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msccof.exe
>
> Have HijackThis fix the above.
>
>
> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
>
> Have HijackThis fix all of the above.
>
>
> >O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
> >Class) - http://download.weatherbug.com/minib...ansporter.cab?
>
> Have HijackThis fix the above.
>
>
> >O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
> >http://128.164.199.40/activex/AxisCamControl.ocx
>
> Have HijackThis fix the above.
>
>
> >Any insight on what I should do next? Thanks for the help.
> >
> >-Katie
> >
> >
> >
> >°Mike° <> wrote in message news:<>...
> >> You are probably infected with the QHosts trojan.
>
> <snip>
>
> >> On 22 Dec 2003 17:24:58 -0800, in
> >> < >
> >> Katie scrawled:
> >>
> >> >Hi,
> >> >
> >> >Today, I used Spybot to get rid of a lot of unwanted stuff on my
> >> >computer. However, now, I notice that whenever I search Google, a
> >> >page comes up first before the real search results.
> >> >
> >> >For example, if I searched for "movies" it first displays a page with
> >> >links to to a lot of sites, that don't look legit, that will help me
> >> >find movies. This is a copy of the search results:
> >> >
> >> >Dvds only $2.19.
> >> >We specialize in liquidating large stocks of dvds. Make $400 - $500
> >> >every weekend selling closeout dvds on ebay, at the flea market, in
> >> >your store etc...
> >> >
> >> >Unlimited Movie Downloads - $1 a Month
> >> >Get your own Movies, Music & More. Unlimited movie downloads. Join
> >> >today, only $1 a month
> >> >
> >> >Find Daily Web Deals -- Save money!
> >> >Find best deals and discounts on the internet! Free coupon codes,
> >> >discount listings, and lots more.
> >> >
> >> >Free Unlimited Movie Downloads
> >> >Click here to begin downloading all your favorite movies for free. All
> >> >the latest titles available.
> >> >
> >> >Download Unlimited Movies. Only 99 Cents / Month
> >> >Unlimited New and Old Movies. Movies not released yet? Download it
> >> >here first guaranteed! Over a million titles Less than $1 a Month.
> >> >
> >> >Unlimited Movie Downloads only $0.75/mo!
> >> >Download any Movie! Even new releases. Only $0.75 a month. Burn your
> >> >own DVDs or VCD's and play them on your TV. Napsters best replacement.
> >> >
> >> >get paid to watch movie trailers
> >> >get paid to watch movie trailers - Surveys4Money.com guide to online
> >> >survey companies that pay you to watch movie trailers and tv clips - a
> >> >FreeLotteriesOnline.com recommended site
> >> >
> >> >Use a CREDIT CARD to get premium porn
> >> >Credit card age verifcation is required. Use your credit card to prove
> >> >your of legal age and you can start enjoying porn.
> >> >
> >> >Unlimited Movie Downloads - $1 a Month
> >> >Get your own Movies, Music & More. Unlimited movie downloads. Join
> >> >today, only $1 a month
> >> >
> >> >Unlimited Movie Downloads - $1 a Month
> >> >Get your own Movies, Music & More. Unlimited movie downloads. Join
> >> >today, only $1 a month
> >> >***
> >> >
> >> >Then, when I hit next on the bottom of the page, it takes me to
> >> >Google's real search results. Does anyone have idea what this is and
> >> >how to get rid of it?
> >> >
> >> >Thanks,
> >> >Katie

On 28 Dec 2003 21:28:04 -0800, Katie wrote:

>Mike,
>
>I had hijack fix each of the things you said, however, there are
>certain items that even though I had hijack fix them, and then I
>restarted, they were still there on the scan when I came back (I went
>through this 3 times with these files.) They are:
>
>> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

http://www.kephyr.com/spywarescanner...pt/index.phtml

(google link showing the different spyware it comes with)

http://tinyurl.com/2n6s5

<snip>

--
There are three types of people in this world - those who see the light,
those who don't, and those who get a brief glance of it just as I slam
the door in their face.

Make sure you update SpyBot S&D fully -- it has fixes for Winsock LSP.

Check your hosts file, with host file reader. Post the contents
here.
http://members.shaw.ca/techcd/VB_Pro...FileReader.exe



On 28 Dec 2003 21:28:04 -0800, in
< >
Katie scrawled:

>Mike,
>
>I had hijack fix each of the things you said, however, there are
>certain items that even though I had hijack fix them, and then I
>restarted, they were still there on the scan when I came back (I went
>through this 3 times with these files.) They are:
>
>> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
>> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
>> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
>> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
>
>Also - I deleted the item that you said was the cause of the google
>redirect, but the problem still exists. Do you have any more
>suggestions? I really do thank you for the help you've been giving
>me.
>
>-Katie

<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html