Problems with Google searching

I'm not sure if this is the correct forum to post this, but I'm having problems searching using Google. (Yahoo works just fine.) The search results look legitimate--searching "Martha Stewart" will return the first result titled "Martha Stewart Living" which states "Official site, with links to personal information, Martha's Scrapbook, television highlights, radio guide, virtual studio, recipes, live chat" but the URL is *pronto.com. The second search result is titled "Martha Stewart - Wikipedia, the free encyclopedia" and it states "Martha Stewart (born Martha Helen Kostyra; August 3, 1941) is an American business magnate, television host, author, and magazine publisher..." but the URL is *cheapflights.com. This started Thursday or so of last week.

I've read the Read & Run Me First malware removal guide, and I've completed the Win XP cleaning procedure and am attaching the logs (hope these are the right ones).

Any help you can provide would be appreciated since I use Google for work and would really love to get it working again.

 

Problems with Google searching Part 2

Here is the MGlogs.zip attachment.

 

Hi, TimW. Thanks for answering my post. Did all the stuff you recommended, and Google sadly is still not working. A search for "Martha Stewart" showed *newyorker.com as the first URL in the results list, and *smarter.com as the second, easyapproval.novacarcredit.com as the third, etc, etc. (Hope that makes sense. Would love to attach a screen shot, but I don't know how.)

Any ideas? Should I try to install Firefox or something to circumvent IE and try to get on Google that way?

 

I ran Spybot on 9/28 when I did all the other scans as part of the Windows XP cleaning. Dumb question: I can't find the log--what is it called, and where might it be? Or did you want me just to run it again & post that log?

 

Hi, TimW. Sorry about the delay in responding. I just ran Spybot again. It said, "Congratulations! No immediate threats were found," next to a big, green checkmark. Again, I can't find a log to attach for you. Where do I look? And also, I can't find a way to tell it to restore the host files. Any ideas how to do this?

 

I figured out I had to go to Mode on the Spybot toolbar and select "Advanced Mode" to get to the Settings. I tracked down a few logs--here are the two with today's date. Let me know if they're not what you need.

I'm not sure how to "restore" host files--the tutorial didn't help w/ this. I can go into Tools in Spybot and enable "Hosts files" which then shows a long list of websites that are blocked by Spybot, but I'm pretty sure this is not "restoring my host files." How do I do this?

 

No, I don't have any that don't point to 127.0.0.1.

HostsXpert downloaded and run.

 

Cleared browser cache, cookies & history. Do this every few days anyway.

Got into safe mode w/ networking; Google doesn't work there, either. A search for "Martha Stewart" this time returned www.thegoodcook.com, www.boostmobile.com and other such non-related URLs.

What is a DNS server, and how do I flush it? Tried to look this up using Yahoo, but the explanations make no sense to me.

Your link for that rootkit is returning a blank Major Geeks page--nothing to download there. Am I looking in the wrong place, or is that link not working?

 

Here's the Blacklight log. It said it didn't find anything

Did the steps re: DNS flushing. Got this message: "Windows IP Confirguration successfully flushed the DNS Resolver Cache."

Google's still not working.

 

I want to deal w/ yesterday's message about downloading a new IE, but I'm very nervous about deleting my old IE folder in case something goes off the rails & I can't install the new IE. Will your process have the same effect if I just rename my old IE folder instead of deleting it?

 

Open one browser window of IE and one browser window of FireFox. Then run C:\MGtools\GetLogs.bat to get a new MGlogs.zip file.
Log attached

Also let's see if this is something related to just those two browsers somehow by having him (her) download and install Opera Run it and see it the samething happens.

Opera works great. Successful searching.
Firefox, the first time I enter a search term--doesn't matter what it is--I get related URLs returned. But every search thereafter, no matter what the search term, returns useless URLs. Logged out & rebooted twice to test this theory, and it happened every time. Firefox works great once, and then returns garbage. Oddly, Firefox worked properly every time for the other two users on my computer.


Reboot and log into the other user accounts ( not by doing a switch user, but logging out and doing a reboot) one by one after a reboot and tell me if the same thing happens.

User 2
Opera: successful searching
Firefox: successful searching
IE: totally unrelated URLs returned for every search term entered (tried five different ones - Starbucks, LL Bean, Lehman Brothers, Martha Stewart, Nike)

User 3
Opera: successful searching
Firefox: successful searching
IE: totally unrelated URLs returned for every search term entered

I find it interesting for these users that Firefox is using a Google search and it works, yet the Google search on IE doesn't work. Weird.

Do you have another PC in the house that can be hooked up to see if the problem also occurs there?
Sadly, no

* What kind of internet connection (cable, DSL,..etc)do you have?
high-speed cable
* Do you use a router?
no
* Have you power cycled any modem and also router if being used?
yes, to no avail

If a router is being used and power cycling it and the modem do not help, I would recommend a direct connection from the PC to the modem just to see what happens.
No router

Please attach this log:

Code:
"C:\Documents and Settings\Tess\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
mbam-l~1.txt Sep 26 2008 8641 "mbam-log-2008-09-26 (09-49-59).txt
Log attached

"What is the below file on the Desktop

Code:
"C:\Documents and Settings\Tess\Desktop\"
~ May 13 2008 177559 "~"

I'm not entirely sure, but I think it's an old Word document. Can't get it open to double check.

 

127.0.0.1 goodcook.com
127.0.0.1 newyorker.com
127.0.0.1 novacarcredit.com
etc.

What do you mean by "etc?" I can't add every URL that comes up every time I do a search in Google--there are millions of them. And sometimes the URLs are legitimate. Newyorker.com will take you to the home page for The New Yorker magazine, for instance. Which is fine--I just don't want it showing up as my first result when I do a search for "Martha Stewart." And sears.ca will take you to Sears, which is a website I do visit, so again I don't want to block it. I just don't want sears.ca showing up when I search for "Starbucks."

I'm not sure I know what you mean by adding "those URLs" to my restricted zone and hosts file. There's not a specific set of URLs that show up every time I do a search; they're different ones every time...

 

Here's sysclean.log. There's also a report.log, but I can't get it to upload--it just times out. It's 21,544 KB. Do you need that one, too?

 

Yep.

Do you still want me to try to reinstall IE? We put that idea aside to work on some others...

 

Hi, TimW. Sorry for the delay in responding. Hope you didn't think my silence meant the problem was resolved. No such luck!

I did disable all add-ons and remove all toolbars as suggested, but it made no difference. Google is still not working.

I downloaded IE7 to my desktop to install later, and when I tried to delete my current version of IE (don't know what version--how do I find that out?) it said it couldn't be deleted b/c it was being used by another person or program. Which is odd, b/c I had nothing open at the time, so how could IE be in use? I checked Task Manager, and there didn't appear to be any open copies of iexplorer.exe...

Any thoughts?

 

Hi, TimW.

I installed IE 7, and there was no change. Google still didn't return URLs that matched the search results.

But....

Today I was told by my computer that my trial version of AVG had expired. I downloaded a trial version? Huh? I remember uninstalling it at one point b/c I thought it might be the culprit, and then reinstalling it, and I guess I reinstalled a trial version by accident instead of the full-blown free version.

Anyway, I had two choices: buy the version I was using to continue to use it, or uninstall it, and I uninstalled it...

And now Google works!

(I uninstalled AVG 8.0 Build 169, for what that's worth.)

I have no idea if Google working corresponds w/ the uninstalling of AVG, but it's awfully co-incidental. What's your opinion on the two being related?

So, now I need your professional advice on what anti-virus I should install, and it should preferably be free (although I'll pay for something if you think it's really, really worth it), and it should preferably not be anything AVG related b/c I'm kind of gun-shy of that product right now.

I also need your professional advice on what I can clean off my desktop in terms of all these scanning programs I've installed, and any other final clean-up stuff I need to do.

I think I'll go Google some stuff, just b/c I can...