Qhosts.apd question and removal?

I assume you are talking about this thread:
http://forums.majorgeeks.com/showthread.php?t=58391

You should have waited for a response.

But here is the process to follow:
To help us to best help you, please follow the steps below closely and in the order given and do not skip anything. If you have any difficulty, please post back letting us know what steps you have completed, what you found while doing the scans if anything along with details about any problems you may have encountered in completing the steps. The more details you can provide the better. Don't be afraid to ask for additional help if you don't understand something!

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

While I look at the rest of the problems in your log please do the following to fix a bug SpyBot's Ignore Products defaults settings:

I want you to run SpyBot and get into the Advanced mode by selecting Mode and then
Advanced mode. Then select Settings and the in the left column select Ignore Products.
In the right window pane make sure the All products tab is selected. Then in that
window, right click your mouse and choose "Deselect all". Now in the left pane click
at the top on SpyBot S&D and then choose Search for Updates. Download any updates
required. Now click Check for Problems. Fix any that are found.

Let me know if it finds and fixes anything. If it does fix anything (in particular new.net), post a new HJT log.

 

Okay if necessary re-run Spybot in safe mode.

 

Patience! That's because we are not done yet. I need to get the new log after fixing the previous stuff with Spybot. I'll be back with a fix in a minute. Try to hang around and maybe we can finish this off right now.

 

You're welcome! Let's address what we can see first. Then tell me if you still have the same problem you just mentioned about security settings.

Do you use DIGstream? I would recommend not loading it at startup. Just run it when you want to use it. But that decision is yours.
C:\Program Files\DIGStream\digstream.exe

Is the aimtoolbar search setting something that you put it? If not, make sure you add them to the list below of items to fix.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\system32\Winzip32.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [Winzip Archiver] Winzip32.exe
O4 - HKLM\..\RunServices: [Winzip Archiver] Winzip32.exe
O4 - Startup: PowerReg Scheduler.exe

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system32\Winzip32.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Your log looks clean now but you never answered my questions about DIGStream and also these two lines:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

The message for IE related to WYSIWYG Editor initialized for Internet Explorer in 0.19 seconds is normal!

 

Not yet! Your clean but to help you stay that way, you need to follow all the steps in the below link (or their equivalents):

How to Protect yourself from malware!

After installing one of the firewalls listed there, you must disable the firewall that is built-in to WinXP SP2 to avoid conflicts. The one in SP2 is not good enough. That's why we need to replace it.

 

Check this out: http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx

 

Okay! But complete all the steps! At least the ones not completed yet. And make sure you check out FireFox.

 

You're welcome! After completing all those steps you should be finished. But remember that none of these things protect perfectly. Security start with you. Watch what you click on (be careful when to click Yes or No) and be careful where you surf.