Hi all I have found 9 Objects that Ad_Aware will not remove. These are causing my browser to redirect to web pages I do not want or need mainly after a google search.

The objects are:
<Infections Comment="Created with Ad-Aware">
- <Family Name="Redirectedhostfileentry">
<Item Value="IP Address: 127.0.0.1 Host Name: THEREALSEARCH.COM" />
<Item Value="IP Address: 127.0.0.1 Host Name: GREG-SEARCH.COM" />
<Item Value="IP Address: 127.0.0.1 Host Name: APPROVEDLINKS.COM" />
<Item Value="IP Address: 127.0.0.1 Host Name: VSE-MOE.BIZ" />
<Item Value="IP Address: 127.0.0.1 Host Name: AIFIND.INFO" />
<Item Value="IP Address: 127.0.0.1 Host Name: FIND4U.NET" />
<Item Value="IP Address: 127.0.0.1 Host Name: I-LOOKUP.COM" />
<Item Value="IP Address: 127.0.0.1 Host Name: IE-SEARCH.COM" />
<Item Value="IP Address: 127.0.0.1 Host Name: ITSEASY.US" />
</Family>
*-------------------------------------------------------------*

Here is the Hijackthis read out :ADMIN: PLEASE DELETE WHEN WHE SOLVED THANK YOU.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:15, on 12/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Virgin Broadband\PCguard\RPS.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Users\Pat\Program Files\DNA\btdna.exe
C:\Users\Pat\AppData\Roaming\Adobe\Manager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.101tricks.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Pat\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Run] "C:\Users\Pat\AppData\Roaming\Adobe\Manager.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadbad

*--------------------------------------------------------------------------------------------------------------------*

Thank you in advance for any help. In return if you want to know a magic trick tlet me know.
Take care all
Pat

I am having similar issues. Ad-Aware found the two source files that are causing the redirects in my browser but would not fix them. I eventually got frustrated and hit the ignore button. Now when I run the scan they show up but there is no way to access the ignored file nor to delete them.
Help

I have the exact same thing going on as 101tricks. Hey, 101tricks, did you recently download torrent limewire pro 4.18.8? i believe that is were i believe this crap came from. i suspected limewire wasn't acting right and was suspicious. skype was accessing the net ok, but it configures itself to isp servers directly. but i had no internet access with browsers. i ran c:\ipconfig /displaydns and got some 24 different website names for 127.0.0.1 as the windows ip configuration. i had to \ipconfig /release .. /renew ... /flushdns ... /registerdns to get back on the net. i then downloaded ad-aware2008 and it displayed exactly as 101tricks described above. i'm gonna try some stuff to remove this crap and will report back.

Problem solved.
Here we go guys close browsers when running.

http://www.simplysup.com/tremover/ and http://www.malwarebytes.org/

This is what was causing it, the end of the malwarebytes log

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\totalvid\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Users\Pat\AppData\Roaming\Adobe\Manager.exe (Trojan.Agent) -> Quarantined and deleted successfully.
__________________

Any Problems let me know, my Pc is now running much faster as well. I have no clue where it came from my son dowloads all sorts but i have now uninstalled Bit torrent from the pc. I am guessing it came from there. Somtimes Cracks and Key gens are not for real I guess. Also a frind of mine had si website hacked last week, he downloaded somthing from Lime wire that was passing information to hackers, he had to format his hard drive to stop it they even changed his passwords on email accounts. His logs did show the FTP but they could not track down what country it came from. So now I am only installing programs i can trust even if it means paying full price (Not that i downloaded much any way) It was my Son I had got him his own PC now he can do what he wants with that lol

Take care all

Thanks 101tricks... under Utilities in Trojan Remover, I used Reset Windows HOSTS file then ran the a full scan which found some registry changes to Notepad.exe... i believe this is what the trojan was using to change HOSTS file... again, Thanks for sharing... saved me a lot of time... btw I believe Ad-Aware did not remove the HOSTS file redirects as you stated in your original post was because you have to pay for their pro version to mess with the HOSTS file.

Hi guys,

As this problem seems to be solved I'm going to close this thread now. In future please DO NOT REPLY to other peoples HJT threads as this causes them to get ignored by the VSAs who target threads with no replies. If the original poster wishes to add/change info they should use the edit function.

And vincentrodriguez - I think you will find that endorsing illegal p2p software is against the rules of this board (posts now invisiblised).

Thanks, GoddersUK