Google searches being redirected

Inactive
By prosidius
Jul 27, 2012
  1. prosidius

    prosidius Newcomer, in training Topic Starter Posts: 24

    SystemLook 30.07.11 by jpshortstuff
    Log created at 08:38 on 06/08/2012 by Adam
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*babylon*"
    C:\Users\Adam\AppData\Local\Babylon\Setup\Babylon.dat --a---- 11205 bytes [23:24 27/04/2012] [14:06 27/12/2011] 8E6B33A7F03E2693A614002587A35DDD

    Searching for "babylon.*"
    C:\Users\Adam\AppData\Local\Babylon\Setup\Babylon.dat --a---- 11205 bytes [23:24 27/04/2012] [14:06 27/12/2011] 8E6B33A7F03E2693A614002587A35DDD

    Searching for " "
    No files found.

    ========== folderfind ==========

    Searching for "*babylon*"
    C:\ProgramData\Babylon d------ [23:24 27/04/2012]
    C:\Users\Adam\AppData\Local\Babylon d------ [23:24 27/04/2012]
    C:\Users\Adam\AppData\Roaming\Babylon d------ [23:24 27/04/2012]
    C:\Users\All Users\Babylon d------ [23:24 27/04/2012]

    Searching for " "
    No folders found.

    ========== regfind ==========

    Searching for "*babylon*"
    No data found.

    -= EOF =-
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

      :files
      C:\ProgramData\Babylon
      C:\Users\Adam\AppData\Local\Babylon
      C:\Users\Adam\AppData\Roaming\Babylon
      C:\Users\All Users\Babylon

      :commands
      [emptytemp]
      [reboot]

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


    Then let me know if Babylon is still present or not.
  3. prosidius

    prosidius Newcomer, in training Topic Starter Posts: 24

    Heres the log. I'll report in a bit if I'm still getting redirected on Google searches.

    All processes killed
    ========== FILES ==========
    C:\ProgramData\Babylon folder moved successfully.
    C:\Users\Adam\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
    C:\Users\Adam\AppData\Local\Babylon\Setup folder moved successfully.
    C:\Users\Adam\AppData\Local\Babylon folder moved successfully.
    C:\Users\Adam\AppData\Roaming\Babylon folder moved successfully.
    File\Folder C:\Users\All Users\Babylon not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Adam
    ->Temp folder emptied: 29939462 bytes
    ->Temporary Internet Files folder emptied: 7990405 bytes
    ->Java cache emptied: 12102923 bytes
    ->FireFox cache emptied: 523909417 bytes
    ->Flash cache emptied: 30422 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 200704 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 253965 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 6720114 bytes

    Total Files Cleaned = 554.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 08082012_001909

    Files\Folders moved on Reboot...
    C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent work.

    Waiting on your report. :)
  5. prosidius

    prosidius Newcomer, in training Topic Starter Posts: 24

    Happened again. Got this url: click.get-answers-fast.com/ads-clicktrack/click/jump1.do?sid=wvSCoOxhvwGvwHYSck%2F69F56aZ8Xw7%2FUJVQyT2FG7aQj5YN5IdCUmw%3D%3D&affiliate=46573&subid=178303-43-28356&rc=0&terms=mw3sa

    Not sure what to do anymore. I rather not reinstall Windows but a google search on this yields no solutions. I'll try uninstalling firefox completely and reinstalling to see if that'll fix it.
  6. prosidius

    prosidius Newcomer, in training Topic Starter Posts: 24

  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check the following options: Internet Services, Windows Firewall, System restore, Security Center/Action Center, Windows Update, and Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    And another Quick Scan from OTL please.
  8. prosidius

    prosidius Newcomer, in training Topic Starter Posts: 24

    Farbar Service Scanner Version: 06-08-2012
    Ran by Adam (administrator) on 09-08-2012 at 10:46:52
    Running from "E:\Downloads"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    Attached Files:

    • OTL.Txt
      File size:
      88.1 KB
      Views:
      2
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

      :OTL
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{867B665F-D37E-11E1-8270-B8AC6F996F26}: C:\Users\Adam\AppData\Local\{867B665F-D37E-11E1-8270-B8AC6F996F26}\ [2012/07/21 16:53:11 | 000,000,000 | ---D | M]
      @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

      :commands
      [emptytemp]
      [reboot]

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
  10. prosidius

    prosidius Newcomer, in training Topic Starter Posts: 24

    All processes killed
    ========== OTL ==========
    File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{867B665F-D37E-11E1-8270-B8AC6F996F26}: C:\Users\Adam\AppData\Local\{867B665F-D37E-11E1-8270-B8AC6F996F26}\ not found.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Adam
    ->Temp folder emptied: 122786419 bytes
    ->Temporary Internet Files folder emptied: 31241680 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 642672629 bytes
    ->Flash cache emptied: 10288 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1713986 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 22188 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 90857 bytes

    Total Files Cleaned = 762.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 08102012_001634

    Files\Folders moved on Reboot...
    C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Quick Scan please.
  12. prosidius

    prosidius Newcomer, in training Topic Starter Posts: 24

    Here it is

    Attached Files:

    • OTL.Txt
      File size:
      82.4 KB
      Views:
      1
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

      :reg
      [-HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{867B665F-D37E-11E1-8270-B8AC6F996F26}]

      :files
      C:\Users\Adam\AppData\Local\{867B665F-D37E-11E1-8270-B8AC6F996F26}

      :commands
      [emptytemp]
      [reboot]

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
     
  14. prosidius

    prosidius Newcomer, in training Topic Starter Posts: 24

    All processes killed
    ========== REGISTRY ==========
    Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{867B665F-D37E-11E1-8270-B8AC6F996F26} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{867B665F-D37E-11E1-8270-B8AC6F996F26}\ not found.
    ========== FILES ==========
    C:\Users\Adam\AppData\Local\{867B665F-D37E-11E1-8270-B8AC6F996F26}\chrome\content folder moved successfully.
    C:\Users\Adam\AppData\Local\{867B665F-D37E-11E1-8270-B8AC6F996F26}\chrome folder moved successfully.
    C:\Users\Adam\AppData\Local\{867B665F-D37E-11E1-8270-B8AC6F996F26} folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Adam
    ->Temp folder emptied: 230728 bytes
    ->Temporary Internet Files folder emptied: 1024643 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 485579309 bytes
    ->Flash cache emptied: 10518 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 12302 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 84416 bytes

    Total Files Cleaned = 464.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 08112012_232709

    Files\Folders moved on Reboot...
    C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Test Google redirect please.

    We got that bad redirect add-on removed.
  16. prosidius

    prosidius Newcomer, in training Topic Starter Posts: 24

    Everything seems fine so far. I'll report back if it pops up in the foreseeable future but assuming it doesn't, I would like to thank you for the help. ^_^ I came very close to just reinstalling a fresh copy of Windows.
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let me know in about three days time, please.
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.