Inactive Google searches being redirected

prosidius · Aug 6, 2012

SystemLook 30.07.11 by jpshortstuff
Log created at 08:38 on 06/08/2012 by Adam
Administrator - Elevation successful

========== filefind ==========

Searching for "*babylon*"
C:\Users\Adam\AppData\Local\Babylon\Setup\Babylon.dat --a---- 11205 bytes [23:24 27/04/2012] [14:06 27/12/2011] 8E6B33A7F03E2693A614002587A35DDD

Searching for "babylon.*"
C:\Users\Adam\AppData\Local\Babylon\Setup\Babylon.dat --a---- 11205 bytes [23:24 27/04/2012] [14:06 27/12/2011] 8E6B33A7F03E2693A614002587A35DDD

Searching for " "
No files found.

========== folderfind ==========

Searching for "*babylon*"
C:\ProgramData\Babylon d------ [23:24 27/04/2012]
C:\Users\Adam\AppData\Local\Babylon d------ [23:24 27/04/2012]
C:\Users\Adam\AppData\Roaming\Babylon d------ [23:24 27/04/2012]
C:\Users\All Users\Babylon d------ [23:24 27/04/2012]

Searching for " "
No folders found.

========== regfind ==========

Searching for "*babylon*"
No data found.

-= EOF =-

Jay Pfoutz · Aug 6, 2012

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:files
C:\ProgramData\Babylon
C:\Users\Adam\AppData\Local\Babylon
C:\Users\Adam\AppData\Roaming\Babylon
C:\Users\All Users\Babylon

:commands
[emptytemp]
[reboot]
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Then let me know if Babylon is still present or not.

prosidius · Aug 8, 2012

Heres the log. I'll report in a bit if I'm still getting redirected on Google searches.

All processes killed
========== FILES ==========
C:\ProgramData\Babylon folder moved successfully.
C:\Users\Adam\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Adam\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Adam\AppData\Local\Babylon folder moved successfully.
C:\Users\Adam\AppData\Roaming\Babylon folder moved successfully.
File\Folder C:\Users\All Users\Babylon not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adam
->Temp folder emptied: 29939462 bytes
->Temporary Internet Files folder emptied: 7990405 bytes
->Java cache emptied: 12102923 bytes
->FireFox cache emptied: 523909417 bytes
->Flash cache emptied: 30422 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 253965 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 6720114 bytes

Total Files Cleaned = 554.00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 08082012_001909

Files\Folders moved on Reboot...
C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Jay Pfoutz · Aug 8, 2012

Excellent work.

Waiting on your report.

prosidius · Aug 8, 2012

Happened again. Got this url: click.get-answers-fast.com/ads-clicktrack/click/jump1.do?sid=wvSCoOxhvwGvwHYSck%2F69F56aZ8Xw7%2FUJVQyT2FG7aQj5YN5IdCUmw%3D%3D&affiliate=46573&subid=178303-43-28356&rc=0&terms=mw3sa

Not sure what to do anymore. I rather not reinstall Windows but a google search on this yields no solutions. I'll try uninstalling firefox completely and reinstalling to see if that'll fix it.

prosidius · Aug 8, 2012

I did a virus scan from http://www.eset.com/us/online-scanner/ and it found a redirect trojan. Hope its gone now.

Jay Pfoutz · Aug 9, 2012

Please download Farbar Service Scanner and run it on the computer with the issue.

Check the following options: Internet Services, Windows Firewall, System restore, Security Center/Action Center, Windows Update, and Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

And another Quick Scan from OTL please.

prosidius · Aug 9, 2012

Farbar Service Scanner Version: 06-08-2012
Ran by Adam (administrator) on 09-08-2012 at 10:46:52
Running from "E:\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Jay Pfoutz · Aug 9, 2012

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:OTL
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{867B665F-D37E-11E1-8270-B8AC6F996F26}: C:\Users\Adam\AppData\Local\{867B665F-D37E-11E1-8270-B8AC6F996F26}\ [2012/07/21 16:53:11 | 000,000,000 | ---D | M]
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMPFC5A2B2

:commands
[emptytemp]
[reboot]
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

prosidius · Aug 10, 2012

All processes killed
========== OTL ==========
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{867B665F-D37E-11E1-8270-B8AC6F996F26}: C:\Users\Adam\AppData\Local\{867B665F-D37E-11E1-8270-B8AC6F996F26}\ not found.
ADS C:\ProgramData\TEMP

FC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adam
->Temp folder emptied: 122786419 bytes
->Temporary Internet Files folder emptied: 31241680 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 642672629 bytes
->Flash cache emptied: 10288 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1713986 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22188 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 90857 bytes

Total Files Cleaned = 762.00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 08102012_001634

Files\Folders moved on Reboot...
C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Jay Pfoutz · Aug 10, 2012

OTL Quick Scan please.

prosidius · Aug 10, 2012

Here it is

Jay Pfoutz · Aug 11, 2012

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:reg
[-HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{867B665F-D37E-11E1-8270-B8AC6F996F26}]

:files
C:\Users\Adam\AppData\Local\{867B665F-D37E-11E1-8270-B8AC6F996F26}

:commands
[emptytemp]
[reboot]
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

prosidius · Aug 12, 2012

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{867B665F-D37E-11E1-8270-B8AC6F996F26} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{867B665F-D37E-11E1-8270-B8AC6F996F26}\ not found.
========== FILES ==========
C:\Users\Adam\AppData\Local\{867B665F-D37E-11E1-8270-B8AC6F996F26}\chrome\content folder moved successfully.
C:\Users\Adam\AppData\Local\{867B665F-D37E-11E1-8270-B8AC6F996F26}\chrome folder moved successfully.
C:\Users\Adam\AppData\Local\{867B665F-D37E-11E1-8270-B8AC6F996F26} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adam
->Temp folder emptied: 230728 bytes
->Temporary Internet Files folder emptied: 1024643 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 485579309 bytes
->Flash cache emptied: 10518 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12302 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 84416 bytes

Total Files Cleaned = 464.00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 08112012_232709

Files\Folders moved on Reboot...
C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Jay Pfoutz · Aug 12, 2012

Test Google redirect please.

We got that bad redirect add-on removed.

prosidius · Aug 14, 2012

Everything seems fine so far. I'll report back if it pops up in the foreseeable future but assuming it doesn't, I would like to thank you for the help. ^_^ I came very close to just reinstalling a fresh copy of Windows.

Jay Pfoutz · Aug 15, 2012

Let me know in about three days time, please.

Jay Pfoutz · Aug 20, 2012

Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.

Inactive Google searches being redirected

Posts: 24 +0

Posts: 4,279 +49

Posts: 24 +0

Posts: 4,279 +49

Posts: 24 +0

Posts: 24 +0

Posts: 4,279 +49

Posts: 24 +0

Attachments

Posts: 4,279 +49

Posts: 24 +0

Posts: 4,279 +49

Posts: 24 +0

Attachments

Posts: 4,279 +49

Posts: 24 +0

Posts: 4,279 +49

Posts: 24 +0

Posts: 4,279 +49

Posts: 4,279 +49

Similar threads