My Google has gone goofy on me.
I enter a search term and it returns results as expected - then - click on any of those expected results and it sends me off to some other search engine. Butterfly seems most common but there are others too.
Any thoughts or suggestions?
Your browser has been hijacked. Download Malware Bytes Download Malwarebytes - MajorGeeks (make sure that the page you land on is at “majorgeeks.com”), install, check for/install updates and run it. Hopefully that will be enough to fix your problem.
MalwareBytes, both quick scan and the longer option find two (2) items:
Trojan.Agent File C\Windows\svchost.exe
Trojan.Agent memory process C\Windows\svchost.exe then a number eg 2480
MalwareBytes remove these items option will not remove them. I can ‘‘remove’’, restart and run again and they are still there, that number changes.
Reading about this indicates there is some way to save this information to a file and paste it someplace for more help but I do not understand that whole procedure.
Try Avira. It tends to be highly rated but it’s not optimal out of the box so it doesn’t always make the top of the list.
Anyway, they have a free version and I think you can use the paid version on a trial basis for 60 days. Best of luck. 
You should run MalwareBytes in Safe Mode.
If you have any idea of the dates that malware was installed, you could also just do a system restore to a date prior to that. It will save your media files and documents, but wipe everything else downloaded after the date you choose. I’ll honestly say I haven’t done it myself, but I haven’t attracted any viruses or whatnot on my new-ish machine (2 years). Since I’m not comuputer-savvy, that would be the first thing I would try (Win7), unless someone more knowledgeable says it’s a huge mistake. Seems the simplest for someone like me, though.
If it helps for the future, I run a full scan with Microsoft Essentials once a week, and use AdBlock Plus with Firefox on both my home and work computers. So far, so good the last 2 years.
I hope you get it fixed!
You should also download and run rkill.exe before you run malware byytes. Rkill will stop any active processes that allow the virus or trojan to respawn when you reboot.
Thanks, we went to restore. Malwarebytes in safe mode removed the ‘‘memory process’’ line in the error report but not the other one.
Trojan.Agent File C\Windows\svchost.exe
Trojan.Agent memory process C\Windows\svchost.exe then a number eg 2480
The ‘remove’ option of MalwareBytes removed the second line but not the first. Reboot and Google is still hijacked.
Bing, Yahoo, Hulu, Netflix work. Indeed everything except Google seems to work so I might live with it but it is handy to have Google. [Coincidentally, Avast on this machine is blocking malware more frequently than on my other machine.]
Forgot to run Rkill, I will try that.
Do you have any further suggestions or comments.
If the only problem is google, take a look at your hosts file. If it exists, it should only have something like 127.0.0.1 in it (that’s IP speak for ‘home’).
Check google for some good reference sites on the windows hosts file like computerhope.com. Here is one from ehow
If the rest of the infection really is gone, and you just delete the hosts file, it should be recreated the next time you access the internet. If the new version is still sending you to some other DNS, then you still have a problem.
I’m surprised avira didn’t help. I assume you got the most current updates and did a scan.
Using the links to Windows 7 procedures within the link provided by dzero above we got all of Google working except video.google and docs.google.
Two more aggressive tools are Combofix and TDSSKiller. A thread on a malware-fighting forum describing the use of these tools can be found here.
Otherwise, you might try looking around in some of those specialized fora, like bleeping-computer, Tech Support Guy, or Spyware Hammer. What you’ve described seems to be discussed on those sites a lot lately, so it must be going around. Just google “Trojan.Agent File C\Windows\svchost.exe” to find some discussions.
Malwarebytes itself has a forum where you can post your logs and someone will help you (as with the bleepingcomputer forum etc. that Tom Tildrum mentioned).
Go to one of those sites, and follow the instructions for what utilities they want you to run, and what logs to post. Typically you’ll get a response in a day or so.
I availed myself of this last summer when my daughter did something or another and got a virus on our computer - Malwarebytes’ tool found nothing, but every daily scan, AVG found something. Turned out to be some sort of rootkit.
In the meantime - don’t use that computer for anything sensitive (e.g. banking), and if at all possible use another computer to change passwords for any sensitive site you might have accessed from the infected computer. You might also want to unhook the computer from the internet until it’s cleaned up, to reduce the traffic getting in from the bad guys’ servers, and to reduce any botnet-type traffic going outbound from your computer.
Wife spent a 16 hour session reading and downloading and updating and running suggestions above and others. She has tried all the suggestions above except the forums that may are slow to respond. We will try that this weekend.
She says only MalwareBytes and Rkill in safe mode will find and remove all malicious objects but upon re-boot they come back. She has done these things disconnected from the internet and says they return on reboot.
It is a 15 month old e-machine connected to the flat-screen and used for entertainment only. We are one hour from the city. We can get a new e-machine from Walmart for about $300. I’m guessing a new one would be cheaper than trying to get professional help. Your thoughts on this option?
Arghh, no, don’t spend $300 to fix this. 
Try re-installing Windows first. I’ve no experience with emachines, but you will likely have a recovery console that you can boot into.
Yep.
The help I received at the Malwarebytes forum was free. They offer a link to make a “donation” when you’re done but you’re under no obligation to do so (I did; I think I sent 100 dollars). I would guess that bleepingcomputer works the same way.
I would expect that you would have already been directed to do this in the advice you got from those forums, but in case not, try this:
A lot of these beasties hide in System Restore and the only way to clear 'em out is to turn it off, which deletes all your past restore points. Don’t forget to turn it back on when you’re (hopefully) all clean.
You might be aware of this already but if not, that didn’t actually fix anything, adding a host to the hosts file is just forcing your browser to go the the right IP address (what’s in the hosts file) instead of the wrong IP address (what the malware is telling it to go to). You’re treating the symptom, not the disease. You could “fix” video.google and docs.google the same way, but the malware is still there.
I would try Voltaire’s suggestion and if that still doesn’t work, reinstall Windows.
Another vote for ComboFix.
Best.Ever.
My machine has been clean of all problems mentioned in earlier posts for about 96 hours now.
My wife said she used Tom Tildrum’s suggestion of TDSSKiller. She said it ran so quickly that she thought something did not complete. Checking a log found it removed Rootkit.Boot.PIHARD.b
Thanks to everyone for your assistance.