[A] Google result getting redirected in Chrome

By shrihari
Jan 8, 2013
  1. shrihari

    shrihari TS Rookie Topic Starter Posts: 20

    FSS log

    Farbar Service Scanner Version: 05-01-2013
    Ran by home (administrator) on 10-01-2013 at 20:45:41
    Running from "C:\Users\home\Desktop\clean"
    Windows 7 Home Premium Service Pack 1 (X86)
    Boot Mode: Normal

    Internet Services:

    Connection Status:
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline is accessible.
    Yahoo IP is accessible. is accessible.

    Windows Firewall:

    Firewall Disabled Policy:

    System Restore:

    System Restore Disabled Policy:

    Action Center:

    Windows Update:

    Windows Autoupdate Disabled Policy:

    Windows Defender:

    Other Services:

    File Check:
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    [2012-11-20 16:30] - [2012-10-03 08:58] - 1293680 ____A (Microsoft Corporation) E23A56F843E2AEBBB209D0ACCA73C640

    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
  2. shrihari

    shrihari TS Rookie Topic Starter Posts: 20

    ESET Scan

    C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Default\aappihghldcclbgaekipppdoifeekpeh\background.htmlWin32/BHO.OEI trojancleaned by deleting - quarantined
  3. Broni

    Broni Malware Annihilator Posts: 52,792   +343

    Did you read my reply #23?


    Update Adobe Reader

    You can download it from
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.


    1. Update your Java version here:

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.
  4. Broni

    Broni Malware Annihilator Posts: 52,792   +343

    Still with me?
  5. Broni

    Broni Malware Annihilator Posts: 52,792   +343

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...