Question about possible spyware/adware/virus related to using Google

Discussion in 'Computer Support' started by Katie, Dec 23, 2003.

  1. Katie

    Katie Guest

    Hi,

    Today, I used Spybot to get rid of a lot of unwanted stuff on my
    computer. However, now, I notice that whenever I search Google, a
    page comes up first before the real search results.

    For example, if I searched for "movies" it first displays a page with
    links to to a lot of sites, that don't look legit, that will help me
    find movies. This is a copy of the search results:

    Dvds only $2.19.
    We specialize in liquidating large stocks of dvds. Make $400 - $500
    every weekend selling closeout dvds on ebay, at the flea market, in
    your store etc...

    Unlimited Movie Downloads - $1 a Month
    Get your own Movies, Music & More. Unlimited movie downloads. Join
    today, only $1 a month

    Find Daily Web Deals -- Save money!
    Find best deals and discounts on the internet! Free coupon codes,
    discount listings, and lots more.

    Free Unlimited Movie Downloads
    Click here to begin downloading all your favorite movies for free. All
    the latest titles available.

    Download Unlimited Movies. Only 99 Cents / Month
    Unlimited New and Old Movies. Movies not released yet? Download it
    here first guaranteed! Over a million titles Less than $1 a Month.

    Unlimited Movie Downloads only $0.75/mo!
    Download any Movie! Even new releases. Only $0.75 a month. Burn your
    own DVDs or VCD's and play them on your TV. Napsters best replacement.

    get paid to watch movie trailers
    get paid to watch movie trailers - Surveys4Money.com guide to online
    survey companies that pay you to watch movie trailers and tv clips - a
    FreeLotteriesOnline.com recommended site

    Use a CREDIT CARD to get premium porn
    Credit card age verifcation is required. Use your credit card to prove
    your of legal age and you can start enjoying porn.

    Unlimited Movie Downloads - $1 a Month
    Get your own Movies, Music & More. Unlimited movie downloads. Join
    today, only $1 a month

    Unlimited Movie Downloads - $1 a Month
    Get your own Movies, Music & More. Unlimited movie downloads. Join
    today, only $1 a month
    ***

    Then, when I hit next on the bottom of the page, it takes me to
    Google's real search results. Does anyone have idea what this is and
    how to get rid of it?

    Thanks,
    Katie
     
    Katie, Dec 23, 2003
    #1
    1. Advertising

  2. "Katie" <> wrote in message
    news:...
    > Hi,
    >
    > Today, I used Spybot to get rid of a lot of unwanted stuff on my
    > computer. However, now, I notice that whenever I search Google, a
    > page comes up first before the real search results.


    <snippage>

    > Thanks,
    > Katie


    I've found that using AdAware, and SpyBot in conjunction provides much
    better results than either one on their own. I'm also presuming that you're
    running an up to date AV package.

    Box
     
    Boxington Headmaker, Dec 23, 2003
    #2
    1. Advertising

  3. Katie

    °Mike° Guest

    You are probably infected with the QHosts trojan.

    http://www3.ca.com/virusinfo/virus.aspx?ID=37191
    http://www.sophos.com/virusinfo/analyses/trojqhosts1.html
    http://www.symantec.com/avcenter/venc/data/trojan.qhosts.html
    http://vil.nai.com/vil/content/v_100719.htm
    http://www.europe.f-secure.com/v-descs/delude.shtml

    http://www.spywareinfo.net/sept30,2003#searchjack
    http://www.imilly.com/google.htm

    Host file reader:
    http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe

    HijackThis
    http://www.tomcoyote.org/hjt/


    On 22 Dec 2003 17:24:58 -0800, in
    <>
    Katie scrawled:

    >Hi,
    >
    >Today, I used Spybot to get rid of a lot of unwanted stuff on my
    >computer. However, now, I notice that whenever I search Google, a
    >page comes up first before the real search results.
    >
    >For example, if I searched for "movies" it first displays a page with
    >links to to a lot of sites, that don't look legit, that will help me
    >find movies. This is a copy of the search results:
    >
    >Dvds only $2.19.
    >We specialize in liquidating large stocks of dvds. Make $400 - $500
    >every weekend selling closeout dvds on ebay, at the flea market, in
    >your store etc...
    >
    >Unlimited Movie Downloads - $1 a Month
    >Get your own Movies, Music & More. Unlimited movie downloads. Join
    >today, only $1 a month
    >
    >Find Daily Web Deals -- Save money!
    >Find best deals and discounts on the internet! Free coupon codes,
    >discount listings, and lots more.
    >
    >Free Unlimited Movie Downloads
    >Click here to begin downloading all your favorite movies for free. All
    >the latest titles available.
    >
    >Download Unlimited Movies. Only 99 Cents / Month
    >Unlimited New and Old Movies. Movies not released yet? Download it
    >here first guaranteed! Over a million titles Less than $1 a Month.
    >
    >Unlimited Movie Downloads only $0.75/mo!
    >Download any Movie! Even new releases. Only $0.75 a month. Burn your
    >own DVDs or VCD's and play them on your TV. Napsters best replacement.
    >
    >get paid to watch movie trailers
    >get paid to watch movie trailers - Surveys4Money.com guide to online
    >survey companies that pay you to watch movie trailers and tv clips - a
    >FreeLotteriesOnline.com recommended site
    >
    >Use a CREDIT CARD to get premium porn
    >Credit card age verifcation is required. Use your credit card to prove
    >your of legal age and you can start enjoying porn.
    >
    >Unlimited Movie Downloads - $1 a Month
    >Get your own Movies, Music & More. Unlimited movie downloads. Join
    >today, only $1 a month
    >
    >Unlimited Movie Downloads - $1 a Month
    >Get your own Movies, Music & More. Unlimited movie downloads. Join
    >today, only $1 a month
    >***
    >
    >Then, when I hit next on the bottom of the page, it takes me to
    >Google's real search results. Does anyone have idea what this is and
    >how to get rid of it?
    >
    >Thanks,
    >Katie


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Dec 23, 2003
    #3
  4. Katie

    Katie Guest

    Hi,

    Thanks for your responses. I ran a symentac virus scan "FixQhost" and
    it didn't find the QHosts trojan on my system. I went to hijack this
    and to the host file reader you recommend. Below are my logs:

    Hijack This:

    Logfile of HijackThis v1.97.7
    Scan saved at 3:43:09 PM, on 12/28/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Norton\defwatch.exe
    C:\Program Files\Norton\rtvscan.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Norton\vptray.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\AproposClient\Apropos.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Katie\Desktop\HostsFileReader.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\Katie\Local Settings\Temp\Temporary
    Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.dellnet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.dellnet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
    =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
    = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
    =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    about:blank
    R3 - URLSearchHook: IncrediFindBHO Class -
    {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
    C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
    sitefinder.verisign.com
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -
    C:\Program Files\AproposClient\AproposPlugin.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_11_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\Spybot\SDHelper.dll
    O2 - BHO: (no name) - {5B25DB7A-1F09-4153-BDDA-6F0B68DF5F46} -
    C:\WINDOWS\System32\jjit.dll
    O2 - BHO: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
    C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} -
    C:\WINDOWS\System32\mseclk.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -
    C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion -
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
    Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_11_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {4AE983B1-4424-424C-B412-A43EF0820E55} - (no
    file)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
    Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
    Money\System\Activation.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
    Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [MediaFace Integration] C:\Program
    Files\Fellowes\MediaFACE 4.0\SetHook.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All
    Users\Application Data\Dell\Alert\252\updtSup3.exe"
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P
    Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\System32\Keyhost.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [YahooStock] C:\WINDOWS\lb1z816m.exe
    O4 - HKLM\..\Run: [PGStub.exe] C:\Documents and
    Settings\Katie\dp-b23011805.exe
    O4 - HKLM\..\Run: [Qwik-Fix] "C:\Program Files\PivX
    Qwik-Fix\QwikFix.exe" splash
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
    Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msccof.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
    Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
    - http://download.yahoo.com/dl/installs/yinstc.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
    http://128.164.199.40/activex/AxisCamControl.ocx
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class)
    - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
    Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Hosts File Reader:
    C:\|356\HOSTS
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

    Any insight on what I should do next? Thanks for the help.

    -Katie



    °Mike° <> wrote in message news:<>...
    > You are probably infected with the QHosts trojan.
    >
    > http://www3.ca.com/virusinfo/virus.aspx?ID=37191
    > http://www.sophos.com/virusinfo/analyses/trojqhosts1.html
    > http://www.symantec.com/avcenter/venc/data/trojan.qhosts.html
    > http://vil.nai.com/vil/content/v_100719.htm
    > http://www.europe.f-secure.com/v-descs/delude.shtml
    >
    > http://www.spywareinfo.net/sept30,2003#searchjack
    > http://www.imilly.com/google.htm
    >
    > Host file reader:
    > http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe
    >
    > HijackThis
    > http://www.tomcoyote.org/hjt/
    >
    >
    > On 22 Dec 2003 17:24:58 -0800, in
    > <>
    > Katie scrawled:
    >
    > >Hi,
    > >
    > >Today, I used Spybot to get rid of a lot of unwanted stuff on my
    > >computer. However, now, I notice that whenever I search Google, a
    > >page comes up first before the real search results.
    > >
    > >For example, if I searched for "movies" it first displays a page with
    > >links to to a lot of sites, that don't look legit, that will help me
    > >find movies. This is a copy of the search results:
    > >
    > >Dvds only $2.19.
    > >We specialize in liquidating large stocks of dvds. Make $400 - $500
    > >every weekend selling closeout dvds on ebay, at the flea market, in
    > >your store etc...
    > >
    > >Unlimited Movie Downloads - $1 a Month
    > >Get your own Movies, Music & More. Unlimited movie downloads. Join
    > >today, only $1 a month
    > >
    > >Find Daily Web Deals -- Save money!
    > >Find best deals and discounts on the internet! Free coupon codes,
    > >discount listings, and lots more.
    > >
    > >Free Unlimited Movie Downloads
    > >Click here to begin downloading all your favorite movies for free. All
    > >the latest titles available.
    > >
    > >Download Unlimited Movies. Only 99 Cents / Month
    > >Unlimited New and Old Movies. Movies not released yet? Download it
    > >here first guaranteed! Over a million titles Less than $1 a Month.
    > >
    > >Unlimited Movie Downloads only $0.75/mo!
    > >Download any Movie! Even new releases. Only $0.75 a month. Burn your
    > >own DVDs or VCD's and play them on your TV. Napsters best replacement.
    > >
    > >get paid to watch movie trailers
    > >get paid to watch movie trailers - Surveys4Money.com guide to online
    > >survey companies that pay you to watch movie trailers and tv clips - a
    > >FreeLotteriesOnline.com recommended site
    > >
    > >Use a CREDIT CARD to get premium porn
    > >Credit card age verifcation is required. Use your credit card to prove
    > >your of legal age and you can start enjoying porn.
    > >
    > >Unlimited Movie Downloads - $1 a Month
    > >Get your own Movies, Music & More. Unlimited movie downloads. Join
    > >today, only $1 a month
    > >
    > >Unlimited Movie Downloads - $1 a Month
    > >Get your own Movies, Music & More. Unlimited movie downloads. Join
    > >today, only $1 a month
    > >***
    > >
    > >Then, when I hit next on the bottom of the page, it takes me to
    > >Google's real search results. Does anyone have idea what this is and
    > >how to get rid of it?
    > >
    > >Thanks,
    > >Katie
     
    Katie, Dec 28, 2003
    #4
  5. Katie

    °Mike° Guest

    On 28 Dec 2003 12:48:46 -0800, in
    <>
    Katie scrawled:

    >Hi,
    >
    >Thanks for your responses. I ran a symentac virus scan "FixQhost" and
    >it didn't find the QHosts trojan on my system. I went to hijack this
    >and to the host file reader you recommend. Below are my logs:
    >
    >Hijack This:
    >
    >Logfile of HijackThis v1.97.7


    <snip>

    >Running processes:


    <snip>
    >C:\Program Files\AproposClient\Apropos.exe


    I couldn't find any info on this "AproposClient". It also has a
    BHO associated with it -- see **** further below.


    >R3 - URLSearchHook: IncrediFindBHO Class -
    >{5D60FF48-95BE-4956-B4C6-6BB168A70310} -
    >C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL


    Have HijackThis fix the above.


    >O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
    >sitefinder.verisign.com


    Have HijackThis fix the above. This is the cause of you being
    redirected to other sites.


    >O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -
    >C:\Program Files\AproposClient\AproposPlugin.dll


    ****


    >O2 - BHO: (no name) - {5B25DB7A-1F09-4153-BDDA-6F0B68DF5F46} -
    >C:\WINDOWS\System32\jjit.dll


    I could find no information on this BHO -- you have far too many
    BHOs installed, for my liking.


    >O2 - BHO: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
    >C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL


    Have HijackThis fix the above.


    >O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} -
    >C:\WINDOWS\System32\mseclk.dll


    Have HijackThis fix the above.



    >O3 - Toolbar: (no name) - {4AE983B1-4424-424C-B412-A43EF0820E55} - (no
    >file)


    Have HijackThis fix the above.


    >O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\System32\Keyhost.exe


    Have HijackThis fix the above.


    >O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msccof.exe


    Have HijackThis fix the above.


    >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll


    Have HijackThis fix all of the above.


    >O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
    >Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?


    Have HijackThis fix the above.


    >O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
    >http://128.164.199.40/activex/AxisCamControl.ocx


    Have HijackThis fix the above.


    >Any insight on what I should do next? Thanks for the help.
    >
    >-Katie
    >
    >
    >
    >°Mike° <> wrote in message news:<>...
    >> You are probably infected with the QHosts trojan.


    <snip>

    >> On 22 Dec 2003 17:24:58 -0800, in
    >> <>
    >> Katie scrawled:
    >>
    >> >Hi,
    >> >
    >> >Today, I used Spybot to get rid of a lot of unwanted stuff on my
    >> >computer. However, now, I notice that whenever I search Google, a
    >> >page comes up first before the real search results.
    >> >
    >> >For example, if I searched for "movies" it first displays a page with
    >> >links to to a lot of sites, that don't look legit, that will help me
    >> >find movies. This is a copy of the search results:
    >> >
    >> >Dvds only $2.19.
    >> >We specialize in liquidating large stocks of dvds. Make $400 - $500
    >> >every weekend selling closeout dvds on ebay, at the flea market, in
    >> >your store etc...
    >> >
    >> >Unlimited Movie Downloads - $1 a Month
    >> >Get your own Movies, Music & More. Unlimited movie downloads. Join
    >> >today, only $1 a month
    >> >
    >> >Find Daily Web Deals -- Save money!
    >> >Find best deals and discounts on the internet! Free coupon codes,
    >> >discount listings, and lots more.
    >> >
    >> >Free Unlimited Movie Downloads
    >> >Click here to begin downloading all your favorite movies for free. All
    >> >the latest titles available.
    >> >
    >> >Download Unlimited Movies. Only 99 Cents / Month
    >> >Unlimited New and Old Movies. Movies not released yet? Download it
    >> >here first guaranteed! Over a million titles Less than $1 a Month.
    >> >
    >> >Unlimited Movie Downloads only $0.75/mo!
    >> >Download any Movie! Even new releases. Only $0.75 a month. Burn your
    >> >own DVDs or VCD's and play them on your TV. Napsters best replacement.
    >> >
    >> >get paid to watch movie trailers
    >> >get paid to watch movie trailers - Surveys4Money.com guide to online
    >> >survey companies that pay you to watch movie trailers and tv clips - a
    >> >FreeLotteriesOnline.com recommended site
    >> >
    >> >Use a CREDIT CARD to get premium porn
    >> >Credit card age verifcation is required. Use your credit card to prove
    >> >your of legal age and you can start enjoying porn.
    >> >
    >> >Unlimited Movie Downloads - $1 a Month
    >> >Get your own Movies, Music & More. Unlimited movie downloads. Join
    >> >today, only $1 a month
    >> >
    >> >Unlimited Movie Downloads - $1 a Month
    >> >Get your own Movies, Music & More. Unlimited movie downloads. Join
    >> >today, only $1 a month
    >> >***
    >> >
    >> >Then, when I hit next on the bottom of the page, it takes me to
    >> >Google's real search results. Does anyone have idea what this is and
    >> >how to get rid of it?
    >> >
    >> >Thanks,
    >> >Katie


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Dec 28, 2003
    #5
  6. Katie

    Katie Guest

    Mike,

    I had hijack fix each of the things you said, however, there are
    certain items that even though I had hijack fix them, and then I
    restarted, they were still there on the scan when I came back (I went
    through this 3 times with these files.) They are:

    > >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    > >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    > >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    > >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll


    Also - I deleted the item that you said was the cause of the google
    redirect, but the problem still exists. Do you have any more
    suggestions? I really do thank you for the help you've been giving
    me.

    -Katie

    °Mike° <> wrote in message news:<>...
    > On 28 Dec 2003 12:48:46 -0800, in
    > <>
    > Katie scrawled:
    >
    > >Hi,
    > >
    > >Thanks for your responses. I ran a symentac virus scan "FixQhost" and
    > >it didn't find the QHosts trojan on my system. I went to hijack this
    > >and to the host file reader you recommend. Below are my logs:
    > >
    > >Hijack This:
    > >
    > >Logfile of HijackThis v1.97.7

    >
    > <snip>
    >
    > >Running processes:

    >
    > <snip>
    > >C:\Program Files\AproposClient\Apropos.exe

    >
    > I couldn't find any info on this "AproposClient". It also has a
    > BHO associated with it -- see **** further below.
    >
    >
    > >R3 - URLSearchHook: IncrediFindBHO Class -
    > >{5D60FF48-95BE-4956-B4C6-6BB168A70310} -
    > >C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

    >
    > Have HijackThis fix the above.
    >
    >
    > >O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
    > >sitefinder.verisign.com

    >
    > Have HijackThis fix the above. This is the cause of you being
    > redirected to other sites.
    >
    >
    > >O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -
    > >C:\Program Files\AproposClient\AproposPlugin.dll

    >
    > ****
    >
    >
    > >O2 - BHO: (no name) - {5B25DB7A-1F09-4153-BDDA-6F0B68DF5F46} -
    > >C:\WINDOWS\System32\jjit.dll

    >
    > I could find no information on this BHO -- you have far too many
    > BHOs installed, for my liking.
    >
    >
    > >O2 - BHO: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
    > >C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

    >
    > Have HijackThis fix the above.
    >
    >
    > >O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} -
    > >C:\WINDOWS\System32\mseclk.dll

    >
    > Have HijackThis fix the above.
    >
    >
    >
    > >O3 - Toolbar: (no name) - {4AE983B1-4424-424C-B412-A43EF0820E55} - (no
    > >file)

    >
    > Have HijackThis fix the above.
    >
    >
    > >O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\System32\Keyhost.exe

    >
    > Have HijackThis fix the above.
    >
    >
    > >O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msccof.exe

    >
    > Have HijackThis fix the above.
    >
    >
    > >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    > >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    > >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    > >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

    >
    > Have HijackThis fix all of the above.
    >
    >
    > >O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
    > >Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

    >
    > Have HijackThis fix the above.
    >
    >
    > >O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
    > >http://128.164.199.40/activex/AxisCamControl.ocx

    >
    > Have HijackThis fix the above.
    >
    >
    > >Any insight on what I should do next? Thanks for the help.
    > >
    > >-Katie
    > >
    > >
    > >
    > >°Mike° <> wrote in message news:<>...
    > >> You are probably infected with the QHosts trojan.

    >
    > <snip>
    >
    > >> On 22 Dec 2003 17:24:58 -0800, in
    > >> <>
    > >> Katie scrawled:
    > >>
    > >> >Hi,
    > >> >
    > >> >Today, I used Spybot to get rid of a lot of unwanted stuff on my
    > >> >computer. However, now, I notice that whenever I search Google, a
    > >> >page comes up first before the real search results.
    > >> >
    > >> >For example, if I searched for "movies" it first displays a page with
    > >> >links to to a lot of sites, that don't look legit, that will help me
    > >> >find movies. This is a copy of the search results:
    > >> >
    > >> >Dvds only $2.19.
    > >> >We specialize in liquidating large stocks of dvds. Make $400 - $500
    > >> >every weekend selling closeout dvds on ebay, at the flea market, in
    > >> >your store etc...
    > >> >
    > >> >Unlimited Movie Downloads - $1 a Month
    > >> >Get your own Movies, Music & More. Unlimited movie downloads. Join
    > >> >today, only $1 a month
    > >> >
    > >> >Find Daily Web Deals -- Save money!
    > >> >Find best deals and discounts on the internet! Free coupon codes,
    > >> >discount listings, and lots more.
    > >> >
    > >> >Free Unlimited Movie Downloads
    > >> >Click here to begin downloading all your favorite movies for free. All
    > >> >the latest titles available.
    > >> >
    > >> >Download Unlimited Movies. Only 99 Cents / Month
    > >> >Unlimited New and Old Movies. Movies not released yet? Download it
    > >> >here first guaranteed! Over a million titles Less than $1 a Month.
    > >> >
    > >> >Unlimited Movie Downloads only $0.75/mo!
    > >> >Download any Movie! Even new releases. Only $0.75 a month. Burn your
    > >> >own DVDs or VCD's and play them on your TV. Napsters best replacement.
    > >> >
    > >> >get paid to watch movie trailers
    > >> >get paid to watch movie trailers - Surveys4Money.com guide to online
    > >> >survey companies that pay you to watch movie trailers and tv clips - a
    > >> >FreeLotteriesOnline.com recommended site
    > >> >
    > >> >Use a CREDIT CARD to get premium porn
    > >> >Credit card age verifcation is required. Use your credit card to prove
    > >> >your of legal age and you can start enjoying porn.
    > >> >
    > >> >Unlimited Movie Downloads - $1 a Month
    > >> >Get your own Movies, Music & More. Unlimited movie downloads. Join
    > >> >today, only $1 a month
    > >> >
    > >> >Unlimited Movie Downloads - $1 a Month
    > >> >Get your own Movies, Music & More. Unlimited movie downloads. Join
    > >> >today, only $1 a month
    > >> >***
    > >> >
    > >> >Then, when I hit next on the bottom of the page, it takes me to
    > >> >Google's real search results. Does anyone have idea what this is and
    > >> >how to get rid of it?
    > >> >
    > >> >Thanks,
    > >> >Katie
     
    Katie, Dec 29, 2003
    #6
  7. Katie

    Mara Guest

    On 28 Dec 2003 21:28:04 -0800, Katie wrote:

    >Mike,
    >
    >I had hijack fix each of the things you said, however, there are
    >certain items that even though I had hijack fix them, and then I
    >restarted, they were still there on the scan when I came back (I went
    >through this 3 times with these files.) They are:
    >
    >> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll


    http://www.kephyr.com/spywarescanner/library/targetsoft.inetadpt/index.phtml

    (google link showing the different spyware it comes with)

    http://tinyurl.com/2n6s5

    <snip>

    --
    There are three types of people in this world - those who see the light,
    those who don't, and those who get a brief glance of it just as I slam
    the door in their face.
     
    Mara, Dec 29, 2003
    #7
  8. Katie

    °Mike° Guest

    Make sure you update SpyBot S&D fully -- it has fixes for Winsock LSP.

    Check your hosts file, with host file reader. Post the contents
    here.
    http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe



    On 28 Dec 2003 21:28:04 -0800, in
    <>
    Katie scrawled:

    >Mike,
    >
    >I had hijack fix each of the things you said, however, there are
    >certain items that even though I had hijack fix them, and then I
    >restarted, they were still there on the scan when I came back (I went
    >through this 3 times with these files.) They are:
    >
    >> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    >> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    >> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    >> >O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

    >
    >Also - I deleted the item that you said was the cause of the google
    >redirect, but the problem still exists. Do you have any more
    >suggestions? I really do thank you for the help you've been giving
    >me.
    >
    >-Katie


    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Dec 29, 2003
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    4
    Views:
    500
    Big Will
    Mar 3, 2005
  2. Brad

    msn messenger virus, spyware or adware

    Brad, Sep 20, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    620
  3. Replies:
    1
    Views:
    457
    SeniorsGuide
    Apr 12, 2007
  4. Replies:
    3
    Views:
    485
    David H. Lipman
    Apr 4, 2008
  5. Tom Conlon

    Possible Virus-related problem

    Tom Conlon, Jun 15, 2005, in forum: A+ Certification
    Replies:
    4
    Views:
    394
Loading...

Share This Page