Google results hijacked

[musicfan01]

Hi all.

It looks like I'm not the only person experiencing this recently. I've completed the 8 steps requested. The computer is Windows XP - Internet Explorer is what's usually used to browse the internet but after this mess I'll probably be installing Chrome or Firefox.

In general the computer seems slow loading programs - who knows how much junk has accumulated on it ...

Please let me know if you need any more information or if I've done something in the 8 steps wrong.

 

[Tmagic650]

Remove or fix these entries in the hijackthis log:

"F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe"

"O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)"

"O2 - BHO: (no name) - {9B93D383-18C1-28ED-702D-4310A3D7DDC3} - (no file)"

"O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)"

"O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)"

 

[musicfan01]

Thank you Tmagic650. I removed those and then tried a few different searches and didn't get the dreaded hijack. I will update in a few days (or sooner if I have the problem).

Thank you so much!!!

 

[Tmagic650]

You are so welcome musicfan01,
glad we could be of help

 

[Bobbye]

Did you use the program called Norton System Works at one time? It is now called Norton Utilities. Okay to use it but should be current.

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE>> Norton Recycle Bin Protector
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

These entries need to be removed:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tggmbfcfxfvh.org/piie0PWvW/d/wyDFOqw3/7EzeLAOSMBCyP4tuZ8jOtnQArDC/bvI5Z1i6X/uGL/r.html
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) (from AVG 8)

I'd like you to run Combofix because of the F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  
• Run Combo-Fix.exe and follow the prompts.
  (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
• Wait for the scan to be completed.
• If it requires a reboot, please do it.

• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Follow with online AV scan:
Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

If the problem has been resolved or you don't want to complete this, let me know and 'll have you remove the cleaning tools and set new restore point.