Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

unable to remove Babylon search engine

(In Progress)
(!)

elenaz's Avatar
elenaz elenaz is offline elenaz has a Profile Picture
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
01-Feb-2011, 09:34 AM #16
Kevin, I think I might have used 'Run Scan' instead of 'Run Fix'. I tried to run it just now and there was an issue. I will try running it again and then post the results. I will move on to the other steps you listed and then post those results. Thanks for your patience with me :-)
elenaz's Avatar
elenaz elenaz is offline elenaz has a Profile Picture
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
01-Feb-2011, 09:38 AM #17
OTl.txt response from 1st attempt of running OTL FIX
Kevin, I am a little confused at this point. I ran the OTL with FIX and after the system rebooted and windows started again the windows box (do you want to run OTL) came up again so I thought it didn't work however, when I selected to run it again, the .txt box opened with the following content and so now, I'm not sure if it ran or not and if I should run it again. Please advise. Also, should I move on to the other steps now or wait until you verify the content of this text file????
-----------------------------------------
All processes killed
========== OTL ==========
Service hpdj00 stopped successfully!
Service hpdj00 deleted successfully!
Service HP Port Resolver stopped successfully!
Service HP Port Resolver deleted successfully!
Service FreezeScreenSaver stopped successfully!
Service FreezeScreenSaver deleted successfully!
Prefs.js: searchtoolbar@zugo.com:1.2 removed from extensions.enabledItems
Prefs.js: "http://utils.babylon.com/abt/index.php?url=" removed from keyword.URL
Folder C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\searchtoolbar@zug o.com\ not found.
C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B56A7D7D-6927-48C8-A975-17DF180C71AC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{53829F91-1B06-4DB9-B13E-812A986169F9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53829F91-1B06-4DB9-B13E-812A986169F9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{307D80B7-6553-42FB-9C99-19841353B4F0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{307D80B7-6553-42FB-9C99-19841353B4F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//showID\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\autofol.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freemarketinggraphics.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freemkgr.hop\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kaas.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mrmisupercashsystem.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terrisfp.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\timothysfineart.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cetihpz\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF184AD3-CDCB-4168-A3F7-8E447D129300}\ not found.
File {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Elena Zanfei\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Elena Zanfei\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\System32\_003472_.tmp.dll moved successfully.
C:\WINDOWS\System32\_003440_.tmp.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Elena Zanfei
->Temp folder emptied: 1741658 bytes
->Temporary Internet Files folder emptied: 8713638 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43620483 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 790 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33759 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2664549 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 141038 bytes

Total Files Cleaned = 54.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Elena Zanfei
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.20.6 log created on 02012011_081538

Files\Folders moved on Reboot...
C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\OLKRPCLOG_02_01_2011_07_52_58_1.etl moved successfully.
C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\OPMLog.log moved successfully.
File\Folder C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\~DF258C.tmp not found!
File\Folder C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\~DF25C3.tmp not found!
C:\WINDOWS\temp\HPSLPS005.log moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_874.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_c84.dat moved successfully.

Registry entries deleted on Reboot...
elenaz's Avatar
elenaz elenaz is offline elenaz has a Profile Picture
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
01-Feb-2011, 10:23 AM #18
JOTTI analysis = ALL 'found nothing'

VIRUSTOTAL Analysis
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
wc98pp.dll
Submission date:
2011-02-01 15:18:14 (UTC)
Current status:
queued (#79) queued (#79) analysing finished

Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results

Antivirus Version Last Update Result AhnLab-V32011.01.27.012011.01.27-AntiVir7.11.2.482011.02.01-Antiy-AVL2.0.3.72011.01.28-Avast4.8.1351.02011.02.01-Avast55.0.677.02011.02.01-AVG10.0.0.11902011.02.01-BitDefender7.22011.02.01-CAT-QuickHeal11.002011.02.01-ClamAV0.96.4.02011.02.01-Commtouch5.2.11.52011.02.01-Comodo75592011.01.31-DrWeb5.0.2.033002011.02.01-Emsisoft5.1.0.22011.02.01-eSafe7.0.17.02011.02.01-eTrust-Vet36.1.81322011.02.01-F-Prot4.6.2.1172011.01.31-F-Secure9.0.16160.02011.02.01-Fortinet4.2.254.02011.02.01-GData212011.02.01-IkarusT3.1.1.97.02011.02.01-Jiangmin13.0.9002011.02.01-K7AntiVirus9.79.37022011.02.01-Kaspersky7.0.0.1252011.02.01-McAfee5.400.0.11582011.02.01-McAfee-GW-Edition2010.1C2011.02.01-Microsoft1.65022011.02.01-NOD3258372011.02.01-Norman6.06.122011.02.01-nProtect2011-01-27.012011.02.01-Panda10.0.3.52011.01.31-PCTools7.0.3.52011.01.31-Prevx3.02011.02.01-Rising23.43.01.002011.02.01-Sophos4.61.02011.02.01-SUPERAntiSpyware4.40.0.10062011.02.01-Symantec20101.3.0.1032011.02.01-TheHacker6.7.0.1.1222011.01.30-TrendMicro9.120.0.10042011.02.01-TrendMicro-HouseCall9.120.0.10042011.02.01-VBA323.12.14.32011.02.01-VIPRE82742011.02.01-ViRobot2011.2.1.42852011.02.01-VirusBuster13.6.175.02011.02.01- Additional information
Show all
MD5 : 01ce67a8b8f546986309c28d4594d29c SHA1 : c375555e487481ba317af381d8f8524ab20defb0 SHA256: 74bd7a4d90534a25f73b253c4cd21d8886b4c9d83c05a609f2bce91dfc3caf5c
elenaz's Avatar
elenaz elenaz is offline elenaz has a Profile Picture
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
01-Feb-2011, 10:50 AM #19
MALWAREBYTES RESULTS
---------------
Malwarebytes' Anti-Malware 1.40
Database version: 2680
Windows 5.1.2600 Service Pack 3

2/1/2011 7:57:02 AM
mbam-log-2011-02-01 (07-57-02).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
elenaz's Avatar
elenaz elenaz is offline elenaz has a Profile Picture
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
01-Feb-2011, 10:57 AM #20
Just for the heck of it I thought I would try an internet search again using the url bar...babylon is still there...this is what the results was in the url bar...
-----------
http://assist.babylon.com/babylonass...NLEY+FURNITURE
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,707 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
01-Feb-2011, 10:59 AM #21
How is your system responding, any issues remaining?
elenaz's Avatar
elenaz elenaz is offline elenaz has a Profile Picture
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
01-Feb-2011, 11:10 AM #22
the system seems to be responding better but that damn babylon search engine default is still happening. This is so puzzling. Even though it defaults, the results it brings rarely work, i think it's because I have deleted EVERYTHING that I can find having to do with babylon. I think babylon is part of a transaltion program which got automatically loaded when I installed a program call FoxTabAudioconverter (At least I think this is what happened). Ironically, I cannot find FOXTABAUDIOCONVERTER in the add delete program or in the REVO UNINSTALLER PRO which I also downloaded since it's suppose to be able to delete hard to find programs. It's still in my RECENT PROGRAM USED list and I can click on it and start it. Not sure why it does NOT show up on the ADD/REMOVE Programs or how to uninstall it to see if all traces of Babylon go away with it. I do need a converter to convert .wav files to mp3 so I would probably re-install it after seeing if it makes a difference. Would deleting the folder FOXTABAUDIOCONVERTER from C://WINDOWS/PROGRAMS do the trick?
elenaz's Avatar
elenaz elenaz is offline elenaz has a Profile Picture
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
01-Feb-2011, 11:12 AM #23
BTW, I really appreciate your help with this...at least now I can be SURE there is nothing malicious running on my computer right???? Thanks Kevin!!
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,707 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
01-Feb-2011, 11:16 AM #24
Which Browser are you using when it appears, IE or Firefox. I thought i`d removed that pest with the OTL Fix....

If it appears with IE try Firefox or vice versa, see if the same happens with both browsers.
elenaz's Avatar
elenaz elenaz is offline elenaz has a Profile Picture
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
 
Join Date: Sep 2010
Experience: Intermediate
01-Feb-2011, 12:05 PM #25
OK Kevin...i found something interesting.
IE is Fine. NO traces of the damn Babylon. I also checked all the Toolbars enabled in IE and made sure to turn off anything different in FF.
FF is where the problem is, incidentally, there is also an icon on the lower icon bar that is called 'translator' which I think is part of babylon. In the url bar, it initially default the icon for FF howerver, when I enter a search in the url bar (not the BING search box), it will turn the icon to a blank file icon and then babylon returns the results.
I think I might try to start up in safe move, back up to an earlier version and see what happens.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,707 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
01-Feb-2011, 12:55 PM #26
Hiya Elana,

OK if this is only specific to FireFox then it`s probably an Addon that is causing the problem. Have a look Here for the instructions to help you, obviously the example name will differ to the one you want. Scroll down and read the full link, then see if that helps.

In reply to your question about your system being clean, yep logs would indicate all OK...

Kevin.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Solved: How often to I need to submit my website to Google or other search engines? nika2 Web Design & Development 7 14-Jul-2010 03:50 PM
Hijacked Search Engine?! ckall056 Virus & Other Malware Removal 0 31-Jan-2010 11:42 AM
Please help -- Unable to access any search engines pennymay Virus & Other Malware Removal 8 30-Dec-2009 02:32 PM
Search Engine Links Are Redirected to Error Page IvyRavis Web & Email 3 15-Dec-2009 04:11 PM
Search Engine Redirecting to Wrong Page amiras Virus & Other Malware Removal 1 12-Jan-2009 05:07 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2