1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

unable to remove Babylon search engine

Discussion in 'Virus & Other Malware Removal' started by elenaz, Jan 31, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    Kevin, I think I might have used 'Run Scan' instead of 'Run Fix'. I tried to run it just now and there was an issue. I will try running it again and then post the results. I will move on to the other steps you listed and then post those results. Thanks for your patience with me :)
     
  2. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    Kevin, I am a little confused at this point. I ran the OTL with FIX and after the system rebooted and windows started again the windows box (do you want to run OTL) came up again so I thought it didn't work however, when I selected to run it again, the .txt box opened with the following content and so now, I'm not sure if it ran or not and if I should run it again. Please advise. Also, should I move on to the other steps now or wait until you verify the content of this text file????
    -----------------------------------------
    All processes killed
    ========== OTL ==========
    Service hpdj00 stopped successfully!
    Service hpdj00 deleted successfully!
    Service HP Port Resolver stopped successfully!
    Service HP Port Resolver deleted successfully!
    Service FreezeScreenSaver stopped successfully!
    Service FreezeScreenSaver deleted successfully!
    Prefs.js: [email protected]:1.2 removed from extensions.enabledItems
    Prefs.js: "http://utils.babylon.com/abt/index.php?url=" removed from keyword.URL
    Folder C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\searchtoolbar@zug o.com\ not found.
    C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B56A7D7D-6927-48C8-A975-17DF180C71AC}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{53829F91-1B06-4DB9-B13E-812A986169F9} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53829F91-1B06-4DB9-B13E-812A986169F9}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{307D80B7-6553-42FB-9C99-19841353B4F0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{307D80B7-6553-42FB-9C99-19841353B4F0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//showID\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\autofol.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freemarketinggraphics.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freemkgr.hop\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kaas.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mrmisupercashsystem.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terrisfp.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\timothysfineart.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cetihpz\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF184AD3-CDCB-4168-A3F7-8E447D129300}\ not found.
    File {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Elena Zanfei\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Elena Zanfei\Desktop\cmd.txt deleted successfully.
    C:\WINDOWS\System32\_003472_.tmp.dll moved successfully.
    C:\WINDOWS\System32\_003440_.tmp.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Elena Zanfei
    ->Temp folder emptied: 1741658 bytes
    ->Temporary Internet Files folder emptied: 8713638 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 43620483 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 790 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33759 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2664549 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 141038 bytes

    Total Files Cleaned = 54.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: Elena Zanfei
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.20.6 log created on 02012011_081538

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\OLKRPCLOG_02_01_2011_07_52_58_1.etl moved successfully.
    C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\OPMLog.log moved successfully.
    File\Folder C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\~DF258C.tmp not found!
    File\Folder C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\~DF25C3.tmp not found!
    C:\WINDOWS\temp\HPSLPS005.log moved successfully.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_874.dat not found!
    C:\WINDOWS\temp\Perflib_Perfdata_c84.dat moved successfully.

    Registry entries deleted on Reboot...
     
  3. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    JOTTI analysis = ALL 'found nothing'

    VIRUSTOTAL Analysis
    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name:
    wc98pp.dll
    Submission date:
    2011-02-01 15:18:14 (UTC)
    Current status:
    queued (#79) queued (#79) analysing finished
    [​IMG]
    Result:
    0/ 43 (0.0%)

    VT Community
    [​IMG]
    not reviewed
    Safety score: -
    Compact
    Print results

    Antivirus Version Last Update Result AhnLab-V32011.01.27.012011.01.27-AntiVir7.11.2.482011.02.01-Antiy-AVL2.0.3.72011.01.28-Avast4.8.1351.02011.02.01-Avast55.0.677.02011.02.01-AVG10.0.0.11902011.02.01-BitDefender7.22011.02.01-CAT-QuickHeal11.002011.02.01-ClamAV0.96.4.02011.02.01-Commtouch5.2.11.52011.02.01-Comodo75592011.01.31-DrWeb5.0.2.033002011.02.01-Emsisoft5.1.0.22011.02.01-eSafe7.0.17.02011.02.01-eTrust-Vet36.1.81322011.02.01-F-Prot4.6.2.1172011.01.31-F-Secure9.0.16160.02011.02.01-Fortinet4.2.254.02011.02.01-GData212011.02.01-IkarusT3.1.1.97.02011.02.01-Jiangmin13.0.9002011.02.01-K7AntiVirus9.79.37022011.02.01-Kaspersky7.0.0.1252011.02.01-McAfee5.400.0.11582011.02.01-McAfee-GW-Edition2010.1C2011.02.01-Microsoft1.65022011.02.01-NOD3258372011.02.01-Norman6.06.122011.02.01-nProtect2011-01-27.012011.02.01-Panda10.0.3.52011.01.31-PCTools7.0.3.52011.01.31-Prevx3.02011.02.01-Rising23.43.01.002011.02.01-Sophos4.61.02011.02.01-SUPERAntiSpyware4.40.0.10062011.02.01-Symantec20101.3.0.1032011.02.01-TheHacker6.7.0.1.1222011.01.30-TrendMicro9.120.0.10042011.02.01-TrendMicro-HouseCall9.120.0.10042011.02.01-VBA323.12.14.32011.02.01-VIPRE82742011.02.01-ViRobot2011.2.1.42852011.02.01-VirusBuster13.6.175.02011.02.01- Additional information
    Show all
    MD5 : 01ce67a8b8f546986309c28d4594d29c SHA1 : c375555e487481ba317af381d8f8524ab20defb0 SHA256: 74bd7a4d90534a25f73b253c4cd21d8886b4c9d83c05a609f2bce91dfc3caf5c
     
  4. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    MALWAREBYTES RESULTS
    ---------------
    Malwarebytes' Anti-Malware 1.40
    Database version: 2680
    Windows 5.1.2600 Service Pack 3

    2/1/2011 7:57:02 AM
    mbam-log-2011-02-01 (07-57-02).txt

    Scan type: Quick Scan
    Objects scanned: 1
    Time elapsed: 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  5. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    How is your system responding, any issues remaining?
     
  7. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    the system seems to be responding better but that damn babylon search engine default is still happening. This is so puzzling. Even though it defaults, the results it brings rarely work, i think it's because I have deleted EVERYTHING that I can find having to do with babylon. I think babylon is part of a transaltion program which got automatically loaded when I installed a program call FoxTabAudioconverter (At least I think this is what happened). Ironically, I cannot find FOXTABAUDIOCONVERTER in the add delete program or in the REVO UNINSTALLER PRO which I also downloaded since it's suppose to be able to delete hard to find programs. It's still in my RECENT PROGRAM USED list and I can click on it and start it. Not sure why it does NOT show up on the ADD/REMOVE Programs or how to uninstall it to see if all traces of Babylon go away with it. I do need a converter to convert .wav files to mp3 so I would probably re-install it after seeing if it makes a difference. Would deleting the folder FOXTABAUDIOCONVERTER from C://WINDOWS/PROGRAMS do the trick?
     
  8. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    BTW, I really appreciate your help with this...at least now I can be SURE there is nothing malicious running on my computer right???? Thanks Kevin!!
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Which Browser are you using when it appears, IE or Firefox. I thought i`d removed that pest with the OTL Fix....

    If it appears with IE try Firefox or vice versa, see if the same happens with both browsers.
     
  10. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    OK Kevin...i found something interesting.
    IE is Fine. NO traces of the damn Babylon. I also checked all the Toolbars enabled in IE and made sure to turn off anything different in FF.
    FF is where the problem is, incidentally, there is also an icon on the lower icon bar that is called 'translator' which I think is part of babylon. In the url bar, it initially default the icon for FF howerver, when I enter a search in the url bar (not the BING search box), it will turn the icon to a blank file icon and then babylon returns the results.
    I think I might try to start up in safe move, back up to an earlier version and see what happens.
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Hiya Elana,

    OK if this is only specific to FireFox then it`s probably an Addon that is causing the problem. Have a look Here for the instructions to help you, obviously the example name will differ to the one you want. Scroll down and read the full link, then see if that helps.

    In reply to your question about your system being clean, yep logs would indicate all OK...

    Kevin.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/978086