hi
ime new to this forum but after searching the internet for a day i cannot remove this hijack.
i have a dell desktop running microsoft XP home sp3
The basics are that every search from google i click on it redirects me to another website, usually another search engine with a similar search. i also foun that i cannot use the system restore as the next button on the restore wont work. evey so often i also get the bule screen on start up. Ad-aware will not connect to the server to download new updates and i have problems just downloading files (keeps on going page cannot be displayed)
Ive tried what other people have sujested but with no luck. Ive used Ad-aware but the thing just keeps on coming back
Heres a log from Hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:40, on 09/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2D51C3A-E50B-410B-9CF0-DDFBCCB2F13E}: NameServer = 85.255.113.206;85.255.112.76
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.206;85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.206;85.255.112.76
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 2124 bytes
Here is some of a log from Ad-Aware;
Ad-Aware Build
Log File Created on: 2008-12-09 15:39:59
Using Definitions File: C:\Documents and Settings\mike\Desktop\core.aawdef
Computer name: CAMBER
Name of user performing scan: SYSTEM
System information
===========================
Number of processors: 1
Processor type: Intel(R) Pentium(R) 4 CPU 3.00GHz
Memory Available: 43%
Total Physical Memory: 534872064 Bytes
Available Physical Memory: 225234944 Bytes
Total Page File Size: 1307762688 Bytes
Available On Page File: 957546496 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1101746176 Bytes
OS: Microsoft Windows XP Service Pack 3 (Build 2600)
Ad-Aware Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3
Extended Ad-Aware Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file
Databaseinfo
===========================
Version number: 143
Build Number: 3
Build Date and Time: 2008/12/03 13:27:03
Scan Statistics
===========================
Method: Smart
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off
Item Scanned: 96889
Infections Detected: 8
Infections Ignored: 0
Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 0 0
File Hash Scan..: 0 0
Infections Found
===========================
Family Id: 538 Name: Possible Browser Hijack attempt Category: Malware TAI:3
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet001\Services\Tcpip\Parameters Value: DhcpNameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet001\Services\Tcpip\Parameters Value: NameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C2D51C3A-E50B-410B-9CF0-DDFBCCB2F13E} Value: DhcpNameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C2D51C3A-E50B-410B-9CF0-DDFBCCB2F13E} Value: NameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet003\Services\Tcpip\Parameters Value: DhcpNameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet003\Services\Tcpip\Parameters Value: NameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{C2D51C3A-E50B-410B-9CF0-DDFBCCB2F13E} Value: DhcpNameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{C2D51C3A-E50B-410B-9CF0-DDFBCCB2F13E} Value: NameServer Data: 85.255.113.206;85.255.112.76
PLEASE HELP
ime new to this forum but after searching the internet for a day i cannot remove this hijack.
i have a dell desktop running microsoft XP home sp3
The basics are that every search from google i click on it redirects me to another website, usually another search engine with a similar search. i also foun that i cannot use the system restore as the next button on the restore wont work. evey so often i also get the bule screen on start up. Ad-aware will not connect to the server to download new updates and i have problems just downloading files (keeps on going page cannot be displayed)
Ive tried what other people have sujested but with no luck. Ive used Ad-aware but the thing just keeps on coming back
Heres a log from Hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:40, on 09/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2D51C3A-E50B-410B-9CF0-DDFBCCB2F13E}: NameServer = 85.255.113.206;85.255.112.76
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.206;85.255.112.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.206;85.255.112.76
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 2124 bytes
Here is some of a log from Ad-Aware;
Ad-Aware Build
Log File Created on: 2008-12-09 15:39:59
Using Definitions File: C:\Documents and Settings\mike\Desktop\core.aawdef
Computer name: CAMBER
Name of user performing scan: SYSTEM
System information
===========================
Number of processors: 1
Processor type: Intel(R) Pentium(R) 4 CPU 3.00GHz
Memory Available: 43%
Total Physical Memory: 534872064 Bytes
Available Physical Memory: 225234944 Bytes
Total Page File Size: 1307762688 Bytes
Available On Page File: 957546496 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1101746176 Bytes
OS: Microsoft Windows XP Service Pack 3 (Build 2600)
Ad-Aware Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3
Extended Ad-Aware Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file
Databaseinfo
===========================
Version number: 143
Build Number: 3
Build Date and Time: 2008/12/03 13:27:03
Scan Statistics
===========================
Method: Smart
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off
Item Scanned: 96889
Infections Detected: 8
Infections Ignored: 0
Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 0 0
File Hash Scan..: 0 0
Infections Found
===========================
Family Id: 538 Name: Possible Browser Hijack attempt Category: Malware TAI:3
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet001\Services\Tcpip\Parameters Value: DhcpNameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet001\Services\Tcpip\Parameters Value: NameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C2D51C3A-E50B-410B-9CF0-DDFBCCB2F13E} Value: DhcpNameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C2D51C3A-E50B-410B-9CF0-DDFBCCB2F13E} Value: NameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet003\Services\Tcpip\Parameters Value: DhcpNameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet003\Services\Tcpip\Parameters Value: NameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{C2D51C3A-E50B-410B-9CF0-DDFBCCB2F13E} Value: DhcpNameServer Data: 85.255.113.206;85.255.112.76
Item Id: 7012 Value: Root: HKLM Path: SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{C2D51C3A-E50B-410B-9CF0-DDFBCCB2F13E} Value: NameServer Data: 85.255.113.206;85.255.112.76
PLEASE HELP