HijackThis trouble

I have a browser hijacker that keeps coming back. Each time I re-start my pc, run registry mechanic, and run Ad-aware, I can browse the internet freely...but only for a few minutes. Then I get hijacked. My google search engine is disabled and if I try to go directly to any number of sites (google.com, microsoft, norton, symantec, yahoo) I get re-routed to //search.findwhatevernow.com.

I followed your Basic Spyware removal and cleaning steps --
ran CCleaner,CWShredder said already clean, Kill2me said nothing bad present,HSRemove said no files to remove.

Steps not followed:

I couldn't Disable System Restore. I have Windows 2000 and could only find inx for XP.
about:Buster was corrupted and would not run
hijackthis.exe would not run b/c it comes zipped and i don't know how to get it into the Program File.

 

you need a program like winzip or winrar to extract the HIJACKTHIS program to a directory.

 

I use Winzip, but it automatically extracts directly to the desktop. How to I make it extract to a directory?

 

if winzip pops up, just close it. Find the file, right click on it and choose EXTRACT TO [filename] where filename is the name of the zip file. It will then create a directory in that folder with the same name as the file. Open that folder up and run HJT.

 

Kodo -- thanks for the winzip procedure. The good news is it worked. the bad news is that I must have clicked on the wrong item in HJT b/c now I can't get onto the internet at all (I'm on a diff pc right now).

I have copies of the HJT logs from both before and after the fix. Where do I go from here?

 

save both logs to a file with different names. Then upload both logs to a post here.

How to upload attachments: http://forums.majorgeeks.com/faq.php?faq=vb_read_and_post#faq_vb_attachment_explain

Sounds like you borked your IP stack..

 

Thanks Kodo -- here they are

 

you accidentally removed this line
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA1DC6B-28FE-44F1-85A3-F4DFE52FEF2A}: NameServer = 209.47.15.118,64.157.143.38,167.206.3.210,167.206.112.138

this had your DNS servers .. you'll need to reconfigure your connection to include those DNS servers. Or follow optimum onlines's connection configuration manual (if they provided you with one).

 

Thanks -- I'll go to optonline and will also wait to hear what you and Chaslang find

 

I have no idea what they are

 

Success!!!

Thank you very much