When using Google Toolbar in IE or Firefox, the results page would be either Google's UK or Germany/Deutchland version. When I would click on the first or second result I would be redirected to one of those cheap "search engine" pages. The same thing happens when I type in google.com and do a search.

I ran the 8-Step program (please see attachments).

Thanks in advance for your help.

Attached Files

	mbam-log-2009-11-26 (11-27-15).txt (837 Bytes, 2 views)
	SUPERAntiSpyware Scan Log - 11-26-2009 - 12-33-52.log (10.0 KB, 2 views)
	hijackthis.log (21.1 KB, 3 views)

Hi Knowing4Certain,

Welcome to Techspot first of all. Second thing I will say, is you have QUITE a mess. Please re-open HijackThis, and do a System Scan Only. Then, check off the following problems to be fixed... (Basically, every thing with O1 in the beginning)

• O1 - Hosts: 74.125.45.100 4-open-davinci.com
• O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
• O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
• O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
• O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
• O1 - Hosts: 74.125.45.100 secure-plus-payments.com
• O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
• O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
• O1 - Hosts: 74.125.45.100 www.getavplusnow.com
• O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
• O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
• O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
• O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
• O1 - Hosts: 88.198.198.204 google.ae
• O1 - Hosts: 88.198.198.204 google.as
• O1 - Hosts: 88.198.198.204 google.at
• O1 - Hosts: 88.198.198.204 google.az
• O1 - Hosts: 88.198.198.204 google.ba
• O1 - Hosts: 88.198.198.204 google.be
• O1 - Hosts: 88.198.198.204 google.bg
• O1 - Hosts: 88.198.198.204 google.bs
• O1 - Hosts: 88.198.198.204 google.ca
• O1 - Hosts: 88.198.198.204 google.cd
• O1 - Hosts: 88.198.198.204 google.com.gh
• O1 - Hosts: 88.198.198.204 google.com.hk
• O1 - Hosts: 88.198.198.204 google.com.jm
• O1 - Hosts: 88.198.198.204 google.com.mx
• O1 - Hosts: 88.198.198.204 google.com.my
• O1 - Hosts: 88.198.198.204 google.com.na
• O1 - Hosts: 88.198.198.204 google.com.nf
• O1 - Hosts: 88.198.198.204 google.com.ng
• O1 - Hosts: 88.198.198.204 google.ch
• O1 - Hosts: 88.198.198.204 google.com.np
• O1 - Hosts: 88.198.198.204 google.com.pr
• O1 - Hosts: 88.198.198.204 google.com.qa
• O1 - Hosts: 88.198.198.204 google.com.sg
• O1 - Hosts: 88.198.198.204 google.com.tj
• O1 - Hosts: 88.198.198.204 google.com.tw
• O1 - Hosts: 88.198.198.204 google.dj
• O1 - Hosts: 88.198.198.204 google.de
• O1 - Hosts: 88.198.198.204 google.dk
• O1 - Hosts: 88.198.198.204 google.dm
• O1 - Hosts: 88.198.198.204 google.ee
• O1 - Hosts: 88.198.198.204 google.fi
• O1 - Hosts: 88.198.198.204 google.fm
• O1 - Hosts: 88.198.198.204 google.fr
• O1 - Hosts: 88.198.198.204 google.ge
• O1 - Hosts: 88.198.198.204 google.gg
• O1 - Hosts: 88.198.198.204 google.gm
• O1 - Hosts: 88.198.198.204 google.gr
• O1 - Hosts: 88.198.198.204 google.ht
• O1 - Hosts: 88.198.198.204 google.ie
• O1 - Hosts: 88.198.198.204 google.im
• O1 - Hosts: 88.198.198.204 google.in
• O1 - Hosts: 88.198.198.204 google.it
• O1 - Hosts: 88.198.198.204 google.ki
• O1 - Hosts: 88.198.198.204 google.la
• O1 - Hosts: 88.198.198.204 google.li
• O1 - Hosts: 88.198.198.204 google.lv
• O1 - Hosts: 88.198.198.204 google.ma
• O1 - Hosts: 88.198.198.204 google.ms
• O1 - Hosts: 88.198.198.204 google.mu
• O1 - Hosts: 88.198.198.204 google.mw
• O1 - Hosts: 88.198.198.204 google.nl
• O1 - Hosts: 88.198.198.204 google.no
• O1 - Hosts: 88.198.198.204 google.nr
• O1 - Hosts: 88.198.198.204 google.nu
• O1 - Hosts: 88.198.198.204 google.pl
• O1 - Hosts: 88.198.198.204 google.pn
• O1 - Hosts: 88.198.198.204 google.pt
• O1 - Hosts: 88.198.198.204 google.ro
• O1 - Hosts: 88.198.198.204 google.ru
• O1 - Hosts: 88.198.198.204 google.rw
• O1 - Hosts: 88.198.198.204 google.sc
• O1 - Hosts: 88.198.198.204 google.se
• O1 - Hosts: 88.198.198.204 google.sh
• O1 - Hosts: 88.198.198.204 google.si
• O1 - Hosts: 88.198.198.204 google.sm
• O1 - Hosts: 88.198.198.204 google.sn
• O1 - Hosts: 88.198.198.204 google.st
• O1 - Hosts: 88.198.198.204 google.tl
• O1 - Hosts: 88.198.198.204 google.tm
• O1 - Hosts: 88.198.198.204 google.tt
• O1 - Hosts: 88.198.198.204 google.us
• O1 - Hosts: 88.198.198.204 google.vu
• O1 - Hosts: 88.198.198.204 google.ws
• O1 - Hosts: 88.198.198.204 google.co.ck
• O1 - Hosts: 88.198.198.204 google.co.id
• O1 - Hosts: 88.198.198.204 google.co.il
• O1 - Hosts: 88.198.198.204 google.co.in
• O1 - Hosts: 88.198.198.204 google.co.jp
• O1 - Hosts: 88.198.198.204 google.co.kr
• O1 - Hosts: 88.198.198.204 google.co.ls
• O1 - Hosts: 88.198.198.204 google.co.ma
• O1 - Hosts: 88.198.198.204 google.co.nz
• O1 - Hosts: 88.198.198.204 google.co.tz
• O1 - Hosts: 88.198.198.204 google.co.ug
• O1 - Hosts: 88.198.198.204 google.co.uk
• O1 - Hosts: 88.198.198.204 google.co.za
• O1 - Hosts: 88.198.198.204 google.co.zm
• O1 - Hosts: 88.198.198.204 google.com

Please also download CCleaner

You're not kidding, it is quiet a mess:
And having
ZoneAlam
Spyware Doctor
Spybots S&D
Installed didn't seem to help either

I also notice the Windows is installed to C:\WINNT
Which sometimes means it has already had a repair in the distant past

I would recommend backup all data, and re-install clean, myself

I followed AnonymousSurfer's recommendations without success. I was actually just thinking the same thing that you have suggested (i.e., backup all data and re-install clean) just before I logged back in here. So at this point, that is what I'm going to do. Thank you.

Here's some help with that

Microsoft's Windows XP Professional Repair Install step by step (* Including Delete Partition): http://www.windowsxpprofessional.win...exfullpage.htm
Microsoft's Windows XP Home Repair Install step by step (* Including Delete Partition): http://www.windowsxphome.windowsrein...exfullpage.htm
* Warning deleting the Partition will remove all User data and Windows system files

Driver Updates: http://www.techspot.com/vb/topic117607.html

XP Service Pack 3: http://support.microsoft.com/kb/322389

I had run into this issue on a customers PC this week. The Host File had been compromised badly. It is now hidden and when you try to access the Host file, you get an error message "access is denied". I had run Malwarebytes, SuperAntiSpyware, CCLeaner, and a few other Antivirus programs, I was able to remove the original threat but Google would keep redirecting to Google.nl. I removed the hard drive from the laptop and tried to access the Host file from another PC, but still got an error "access is denied" I tried running recovery mode, still "access is denied". However.. I was able to resolve the issue by renaming the old ETC folder to ETCXXX and created a new ETC folder. I then copied the services, lmhosts, protocols and new hosts file from another computer (or the I386 folder). Now, the virus is gone and Google.com is not redirecting to Google.nl. To test it, I ran a Hijackthis, and the host section is now clean.