Complete 8-Steps with Google Redirect

[whatthedeuce484]

I have completed the eight steps in the instruction thread; however, I still have the same problem. When I submit a search on Google, I receive the results page normally. But, when I click on a result, I get redirected to some random ad site. It's a different site every time, sometimes a survey site.

I also have a problem with very frequent "(Not Responding)" issues. The application doesn't matter, explorer.exe frequently does it, itself. Although, I am not sure if this has anything to do with the redirect problem.

Nether issues are present in safe mode, Google nor freezing. But, after scouring the task manager and the "Run" keys in the registry, I can not find anything that shouldn't be there. I have even checked the "shell" value, to make sure nothing was added to it.

I have attached the requested logs. I would sincerely appreciate any advice that people may have; as I am completely at a loss.

 

[Tmagic650]

This is not good in your hijackthis log:
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

Delete your temp files:
Temp File cleaner

Remove the hijackthis entry above. Turn off System Restore. Run the temp file cleaner and restart your computer. Turn back on System Restore

 

[whatthedeuce484]

Sorry for the delay. Thanks for the advice. It appears that Google redirect problem is gone. I haven't noticed the freezing issue, either. I do have a question, should I remove that file or just keep it from running? That is obviously the Google issue, and my anti-virus apparently isn't going to do anything about it. Thanks again, I really appreciate your help.

 

[UKEagle]

Completed 8 steps

I have tried this as a new member, I am getting a constant stream of messages as follows

(any new opened App).....c;\windows\system32\hnetzen.dll is not a valid windows image.

Hoping this may have now helped to sort things out.

Attached logs

Thx UK Eagle

 

[Tmagic650]

Welcome UKEagle,
You should start your own Thread in this Forum. It is easier to keep help more personal for each member. Have you considered doing a fresh install of XP or a repair:
XP Repair

 

[whatthedeuce484]

The Google redirect problem is gone, thank you. However, the "survey" site problem has become more prevalent. I do have some more info on that I hope will be helpful. The site pops up at random when a new site is visited. Not every time, but quite frequently. The name of the site is "thewebsitesurvey.com". MBAM and SAS show no problems, but I will attach a new HJT log. Please let me know if you need logs from MBAM and SAS.

 

[Tmagic650]

Hijackthis log looks good... Download and run Advanced SystemCare free. See if the pop ups stop

 

[whatthedeuce484]

I have Advanced SystemCare Pro. ver 3.2.0. Runs at startup. If I download free version it will overwrite Pro version. Would it be alright to move Pro version to flash drive, then installing update, immunizing with new version, then re-installing Pro version. I will don't want to lose deep scan and other Pro upgrades.

 

[whatthedeuce484]

I have updated to latest Advanced SystemCare and ran scan. You can find the log file attached, and, in lieu of, a HJT log. While ASC did immunize again nearly 5000 spyware, the pop ups are unaffected.

 

[Bobbye]

Whattheduce, this entry is legitimate on HP systems: But that does not mean you should keep it/
[bF0]2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

For F02 entries: Do not use HijackThis to fix these entries without expert guidance. If you fix the wrong entry, your computer may not be bootable without some serious trobleshooting. This is especially true for F2 entries as the restore function of HijackThis for this particular section has some potentially serious issues.

Please reopen HijackTheis to 'do dydtem scan only.' Chek the following if present:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop

Close all Windows excert HijackThis and click on " Fix Checked

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  
  Important! Save the renamed download to your desktop.
  
• Double click on Combo-Fix.exe to run and follow the prompts.
  (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
• Wait for the scan to be completed.
• If it requires a reboot, please do it.

• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Plese then run the Eset online scan,
Attach both the Combofix reply and the Eset log in new reply

 

[whatthedeuce484]

I must certainly say thanks, bobbye. Immediately after removing the 'userinit.exe' I saw an instant and dramatic improvement in overall system speed and responsiveness. However, I was still having popups, noticed when I got back on to the forum to download combofix.

I was successful in running ComboFix and got some good results. I browsed around a little before posting this reply, and I haven't noticed any popups. Also, the 'Not Responding' issue, I reported in the original post has not happened so far.

Although I was unable to run ESET scanner. After download, the scan begins and quickly stops progressing. The counter continued but the current file never changed, file count stopped, and progress bar stood still. After letting the scanner sit in the same place for 15 minutes I stopped, and restarted, ending the same result.

Here is the ComboFix log, any ideas about ESET?

 

[Bobbye]

Please try this online AV scanner:

Open
Kaspersky Online Scanner in Internet Explorer

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Click Accept and the web scanner will begin to load
• If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
• You will be prompted to install an ActiveX component from Kaspersky, click Install
• If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT and then Scan Settings
• In the scan settings make that the following are selected:
  [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
  [o] Scan Options: Scan Archives> Scan Mail Bases
• Click OK
• Now under select a target to scan:
  [o] Select My Computer
• The program will start to scan your system.
• Once the scan is complete, click on the Save as Text button and save the file to your desktop

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

Please leave this log in next reply.

 

[whatthedeuce484]

The scan with Kaspersky went well. Log is attached.

The google problem and popup problem are apparently both gone. As I said earlier, the performance of the system has drastically improved. I believe this problem has been resolved, but I'll leave that decision to the experts.

 

[Bobbye]

Sorry, I don't open .doc files.

Please follow this:
Once the scan is complete, click on the Save as Text button and save the file to your desktop

 

[whatthedeuce484]

Apologizes, bobbye, I was in a rush and was not thinking. Here is the text file.

 

[Bobbye]

No problem- I just put my own security first!

But in any file extension, the log is clean! If the initial malware problems have been resolved:
Remove all of the tools we used and the files and folders they created

Uninstall ComboFix.exe And all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  
  
  
• DownloadOTCleanIt by OldTimer
• Save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

If you are prompted to Reboot during the cleanup, select Yes.


You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:

• Go to Start > All Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
• Click "OK" to select the partition or drive you desire.
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

More details and screenshots for Disk Cleanup in Windows Vista can be found here.

Stay safe! Let me know if I can be of more help.