Possible virus/other affecting google

Hi,

When I would bring up google to do a search, it was taking a while to come up, and then when I put my search phrase in, it would come up as a strange looking page. I knew it was incorrect because we purchase the #1 spot for this keyword phrase. I did the same search on both my computers at home and others in the office, and the correct page with our listing #1 came up.

I contacted Google, and after going through the rounds with them, they assured me that my listing is #1 and that if I am having an issue, it has to do with something local on my computer at work.

I have tested other search phrases and the results that come up in my computer are also very suspect, because when I do the same searches on other folks machines and get different results..

When you go to do an advanced search from the suspect search results page, it reverts back to the bogus google home search page.

I have taken the liberty to upload 2 notepad files, One is the bogus page results source, the other is the good page results.

BogusSearch.txt
goodresultspage.txt

On the bogus page, you will find chunks of weird code & a funky redirect ip address.

http://66.250.130.74/redirect &&&&&dffj, etc.

We went into the registry and searched for this ip, it was there & we deleted the folder and it came back. This little monster also clamps down your browser so you cannot go in and make the ip a restricted site. We found this to be true using IE, and Firefox. The little freak has to be masquerading as one or some of the systems files. Went into system 32 and found no new programs around the day it started to happen, so its probably wrapped itself around something necessary.

All the tech guys are stumped. We have updated and ran semantic, stinger.exe, avast, spybot, mcaphee, xoftspy & it still is not working correctly. Everything has been updated in my machine. I have also stripped my machine of google desktop, and the google toolbar.

We went on Major Geeks and followed your protocol on page http://forums.majorgeeks.com/showthread.php?t=35407 to the letter. We found that after we had completed all the required programs in safemode, we opened explorer, typed in Google.com, did a search under the keyword phrase referred to above, and it worked! Then to our dismay, once we completed your protocol, and got out of safemode, the bogus search results page came back.

Please help us and tell us what to do to solve this problem.

Thanks,

Mary Kay Lofurno

 

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Hi,

Here is my hijackthis log file. Thanks in advance for all your help.

Best,

Mary Kay Lofurno

 

Download
- Pocket Killbox

Next In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight

Choose Kill Process


Now scan and have HJT Fix this line if it exists

Now run Pocket Killbox:
Choose Tools > Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Reboot post a new HJT log.

 

Dear Most Awesome Shadow Puter Dude,

It worked, it is all set, Google comes up normally. I really appreciate this--this thing was an absolute monster. Thank you ever so much

I have some questions:

1) Since my problem is resolved, do you still want me to do one last HJT Log?

2) I saved the corrected registry and made a new restore point. Should I keep system restore on from this point on?

Thanks, Thanks, Thanks, Thanks, Thanks soooooo Much!

Mary Kay

 

Yes, please post a new HJT log. You can turn system restore back on after I verify that the log is clean.

 

Attached is the newest HJT log. Please advise. Thanks,

Mary Kay Lofurno

 

You can uninstall Viewpoint, it is an unnecessary service; and considered spyware by many.

Have HJT fix the following lines:

Now boot into SAFE MODE open Windows Explorer navigate to and DELETE the following:

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.
I want to make sure this line stays gone: O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe
Also you may want to consider bringing your system up2date with SP2.

 

Hi,

Attached is the latest HJT log file. Please advise.

Best,
Mary Kay Lofurno

 

Your HJT Log looks good. You can now turn System Restore back on. You should really bring your system up2date and install SP2.

 

Did SP2, but had big time performance issues, the system just crawled. Will try it again.

May I reinstall my google toolbar?

Please advise. Best, Mary Kay Lofurno

 

Before you install SP2 make sure you have the latest drivers installed, check Dell's site for any instructions they may have. Yes you can reinstall your google toolbar if you like.

 

Dear ShadowPuterDude,

What particular drivers should I install? There is a whole lot of 'em.

Thanks in advance,
Mary Kay

 

Make sure that your Motherboard/chipset, Video, Sound, and BIOS are current. Some of your Hardware drivers such as CD drives may also need to be updated.