Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Forced Bing Search

  • Please log in to reply
6 replies to this topic

#1 ReinbaoPawniez


  • Members
  • 41 posts
  • Local time:03:21 PM

Posted 30 April 2013 - 10:54 AM

I may or may not have an issue, as I have only moderate knowledge of the workings of my computer, and would ask if anyone would be willing to give me a once over. I have tried to reset my Firefox's default search engine to Google twice now and it refuses to stick. I had this problem once before with a Privitize VPN forced search, so I took a look around in my about:config and found something that disturbed me; I have a few instances of Babylon.com search popping up in places I don't understand, and as I know that that is linked with Privitize VPN I'm a little worried, not to mention the fact that I am being forced to search with Bing though my address bar.


I hope this made sense, but if not, still help please?



BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,573 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:04:21 PM

Posted 30 April 2013 - 11:19 AM

Welcome, we'll take a look as it appears you are infected.

Download Security Check by screen317 from here.
  • Save]http://screen317.spywareinfoforum.org/SecurityCheck.exe"]here[/url].
  • Save[/url] it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.[/list]

    Please download AdwCleaner by Xplode onto your desktop.
    •Close all open programs and internet browsers.
    •Double click on adwcleaner.exe to run the tool.
    •Click on Delete.
    •Confirm each time with Ok.
    •You will be prompted to restart your computer. A text file will open after the restart.
    •Please post the contents of that logfile with your next reply.
    •You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
  • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

    Now I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png
    icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
    NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ReinbaoPawniez

  • Topic Starter

  • Members
  • 41 posts
  • Local time:03:21 PM

Posted 07 May 2013 - 03:37 PM

Sorry it's taken me so long to respond, life and all that.

I'm currently running the Eset again, so i'll post that soon, my boyfriend just closed the window before I could copy the logs.


One more question: How can I get Norton off my computer? I never downloaded it, although it may have come with my computer, and it refuses to allow me to remove it from program files, and doesn't show up on Revo :/




Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version  
 Java 7 Update 17  
 Java version out of Date!
 Adobe Flash Player 11.6.602.180  
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

# AdwCleaner v2.300 - Logfile created 05/07/2013 at 09:44:21
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Muriel - CANDY
# Boot Mode : Normal
# Running from : C:\Users\Muriel\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Yontoo Desktop Updater

Malwarebytes Anti-Malware

Database version: v2013.05.07.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Muriel :: CANDY [administrator]

5/7/2013 9:47:55 AM
mbam-log-2013-05-07 (09-47-55).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 490864
Time elapsed: 58 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Muriel\AppData\Local\Temp\webyeryb3460vavaw.exe (Trojan.Dropper.ED) -> Quarantined and deleted successfully.
C:\Users\Muriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1de317b7-59ce2c51 (Trojan.Dropper.ED) -> Quarantined and deleted successfully.
C:\Users\Muriel\Desktop\Arrrrrggggh\Daemon.Tools.Pro.Advanced.v5.2.0.0348.Multilingual.Cracked-BRD\Crack\Patch.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\Muriel\Downloads\Rars\adobe cs6 activator(x32.&.x64).zip (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Vaudix
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaudix
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Vaudix
Folder Deleted : C:\Users\Muriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Muriel\AppData\LocalLow\Vaudix
Folder Deleted : C:\Users\Muriel\AppData\LocalLow\Zoomex
Folder Deleted : C:\Users\Muriel\AppData\Roaming\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Muriel\AppData\Roaming\Mozilla\Firefox\Profiles\ky29yi8n.default\prefs.js

C:\Users\Muriel\AppData\Roaming\Mozilla\Firefox\Profiles\ky29yi8n.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Deleted : user_pref("extentions.y2layers.installId", "7a86c8f1-0add-4d63-adb7-24d3b1e6cdd6");
Deleted : user_pref("myqna.searchquotes", "Y");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Muriel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.


AdwCleaner[R1].txt - [5058 octets] - [07/05/2013 09:33:43]
AdwCleaner[R2].txt - [5118 octets] - [07/05/2013 09:44:05]
AdwCleaner[S1].txt - [10615 octets] - [12/12/2012 09:20:37]
AdwCleaner[S2].txt - [5276 octets] - [07/05/2013 09:44:21]

########## EOF - C:\AdwCleaner[S2].txt - [5336 octets] ##########

#4 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,573 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:04:21 PM

Posted 07 May 2013 - 03:47 PM

After ESET, Run the Norton Removal Tool We are going to remove the left-overs from your Norton installation. The Norton Removal Tool uninstalls all Norton 2003 and later products, Norton 360, and Norton SystemWorks 12.0 from your computer. If you plan to continue to use your Norton products again in the future, you should ensure that you have safely stored your product key.
  • Download the Norton Removal tool to your Desktop.
  • Double click the Norton Removal Tool icon.
  • Allow any security warnings and type your administrator password if required.
  • Follow the instructions given.
  • Restart your PC
How is it running?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 ReinbaoPawniez

  • Topic Starter

  • Members
  • 41 posts
  • Local time:03:21 PM

Posted 07 May 2013 - 06:46 PM

Eset didn't come up with a log :/


But it says I have no current infections


still forced to search with Bing though.

#6 ReinbaoPawniez

  • Topic Starter

  • Members
  • 41 posts
  • Local time:03:21 PM

Posted 11 May 2013 - 04:38 PM

I'm still having issues.. can we continue?

#7 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,573 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:04:21 PM

Posted 13 May 2013 - 10:23 AM

Hi went away over the weekend to see my mom.
We need a deeper look. Start a new topic... Please do steps 6,7 and 8 here..
Preparation Guide

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users