Google redirect virus

[eprgefisher412]

Hello,
My laptop has become infected with a virus that redirects any google search I run. I have to right click on the search result and click open in new window for it to open without being redirected. I went through your 8 steps for virus removal and have attached the logfiles requested. Thanks for your help.

 

[Bobbye]

Welcome to TechSpot, eprgefisher. I'll help with the malware.

Some housekeeping first please:

You are behind in the Windows Updates. The platform shows Vista with none of the SP updates. They are up to SP2 now which means your system is in a vulnerable state:
Stay current on updates:

• Visit the Microsoft Download Site You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP2
  
  I also don't see any version fore the Adobe Reader. It is in v9.xx now:
  Visit this Adobe Reader site make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
  
  Get control of the Tracking Cookies:
  Reset Cookies
  
  For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.
  
  Please reopen HijackThis to 'do system scan only.' Check each of the following if present: Optional Remolvals are in green:
  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  O1 - Hosts: ::1 localhost
  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)>> AVG link scanner
  O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe[/color[ See Optional !
  
  Optional 1: Foistware: Viewpoint;You have Viewpoint Media Player installed on your system. This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player: To can have HJT remove the Service entry, then when HijackThis has finished, you can continue with the Viewpoint removal.
  
  Close all Windows except Hijack This and click on "Fix Checked."
  I think the removal of the Toolbar will complete it-if not, I' have you use the removal tools later.
  
  To remove, find and remove Viewpoint Media Player
  
  Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
  • Click on Start > Run and type: services.msc> OK
  • Click the "Extended tab".
  • Scroll down the list and find the service called "Viewpoint Manager Service"
  • When you find the service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Disabled".
  • Now click "Apply", then "OK" and close any open windows.
  • Click on Start > Settings > Control Panel >Add/Remove Programs
  • Highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.
  
  Finally, delete the following folders if they still exist: Open Windows Explorer> Programs:
  C:\Program Files\ViewManager\ <-- and delete this folder
  C:\Program Files\Viewpoint\ <-- and delete this folder
  
  Empty the Recycle Bin
  
  Now I need you to answer my Google Redirect Questions:
  Since you question a Google Redirect, I'd like you to describe what's happening:
  1. If you type a word in the Google search box, and then choose one of the sites that comes up, what happens?
  2. Does a different site load?
  3. Does any site load?
  4. Are the sites the same/different?
  5. Are you sure you're not seeing a Google page saying DNS server couldn't be contacted?
  
  When you finish the above and answer my questions, I'll better know where to go next.

 

[eprgefisher412]

OK Thanks for your help. I have done what you have requested and the first problem I encounter is the failure to install updates. When I go to Win update the system tries to download a Framework 3.5 Service Pak 1 and Net Tramework 3.5Family update and fails with an error code 3701. I looked up my update history and found that the system has been unsuccessfully attempting this download since back in March 09.

I was able to accomplish the other things requested but the result is the same when I try to go to Google search results.

Now for the answers to your questions:
1. If you type a word in the Google search box, and then choose one of the sites that comes up, what happens?
The requested link is not reached but instead redirects to some sort of other search or add page with many sites shown. If I right clic the link and clic "open in new window" it will go to the requested site from my Google search. When I watch the address bar as the site is being redirected the address is usually followed by /search,php before the final site is arrived at.
2. Does a different site load?
Yes It does, another search page with several links loads.
3. Does any site load?
Yes, see above.
4. Are the sites the same/different?
I have seen it download the same result but there are many different ones. These are some of the sites loaded, searchfindsite, doju, scour, encyclopedia. Somtimes it goes to a page that tells me my computer is infected by viruses and wants to download antispyware. When this happens the only way I can get away from the site without opening is to end it through taskmanager.
5. Are you sure you're not seeing a Google page saying DNS server couldn't be contacted?
Yes

I will await further instructions.
Thanks again for your help!