Solved Chrome Omnibox redirects to Yahoo search instead of Google

[TwinHeadedEagle]

Upload report here --> http://zippyshare.com/

 

[chcbkkr]

Done.
zoek-results.log

 

[TwinHeadedEagle]

Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  chrdefaults;
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b
  ipconfig /release;b
  ipconfig /renew;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[chcbkkr]

Okay. I haven't seen Yahoo after that yet. Hopefully it won't come back.

Zoek.exe v5.0.0.0 Updated 03-August-2014
Tool run by Tomoyo on Sun 08/03/2014 at 20:05:20.36.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Tomoyo\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8/3/2014 8:06:06 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\install.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Tomoyo\Searches deleted
C:\WINDOWS\wininit.ini deleted
C:\WINDOWS\SysWow64\AI_RecycleBin deleted

==== Chrome Look ======================

Google Voice Search Hotword (Beta) - Tomoyo\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
AdBlock - Tomoyo\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Into The Mist - Tomoyo\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\mgihmkgobaljfehcadcckdggpeojaadh

==== Chromium Startpages ======================

C:\Users\Tomoyo\AppData\Local\Google\Chrome\User Data\Profile 7\Preferences
"homepage": "http://www.tumblr.com/dashboard",
"startup_urls": [ "http://www.tumblr.com/dashboard" ],


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== Reset Google Chrome ======================

C:\Users\Tomoyo\AppData\Local\Google\Chrome\User Data\Profile 7\Preferences was reset successfully
C:\Users\Tomoyo\AppData\Local\Google\Chrome\User Data\Profile 7\Web Data was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tomoyo\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Tomoyo\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Tomoyo\AppData\Local\Google\Chrome\User Data\Profile 7\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=43 folders=54 129947221 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Tomoyo\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Tomoyo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 08/03/2014 at 20:13:57.34 ======================

 

[TwinHeadedEagle]

Okay, keep me updated.

 

[chcbkkr]

Looks clear for the last 6 hours. How long will it take to be sure that it's completely gone?

Edit: I just checked and Yahoo redirect has returned. I think it just came back because it wasn't there when I searched something 10 minutes ago.

 

[TwinHeadedEagle]

I think you will have to delete your Chrome synced data.

http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/

 

[chcbkkr]

I've actually done that several times before, along with deleting local and temp files and resetting Chrome. Sometimes it works, sometimes it doesn't, but Yahoo showed up after a while anyway. I'll delete sync data again and see what happens.

Edit: Ok it's gone, but what should I do if it comes back?

Edit 2: Ok something new happens. Google redirected me to an error page saying there was suspicious traffic from my computer. It happened a few times, but I didn't get a screenshot of it. I found a page that describes what happened, though. https://support.google.com/websearch/answer/86640?hl=en

Edit 3: It just happened again. I got the screenshot. Yahoo redirect has been coming on and off, it's kinda weird. I noticed that this error page shows up whenever Yahoo redirect is active and I try to search by going straight to Google.com, but when Yahoo redirect isn't active, Google.com works like normal.

 

[TwinHeadedEagle]

Run FRST again, check Addition.txt, press Scan and attach both reports.

 

[chcbkkr]

Ok.

 

[TwinHeadedEagle]

I do not see any malware on your PC. Try to reset your router to factory settings.

 

[chcbkkr]

No luck there. I might just uninstall Chrome and switch to Firefox.

 

[Chromatinfish 123]

No luck there. I might just uninstall Chrome and switch to Firefox.

Looks like heavy work is done, this is were I come in

Can you list all extensions in Chrome? Anything that is associated with changing/redirecting internet connection (router, firewall, proxy/VPN, filtering programs)?

I reccommend posting here: http://malwaretips.com/forums/troubleshooting-software-questions-and-help.18/ if you want more helpers.

 

[chcbkkr]

After uninstalling, reinstalling, cleaning files, clearing sync datas, and resetting Chrome for the 50th time, I have 0 extensions with the exception of Google docs which comes with Chrome by default.

 

[Chromatinfish 123]

After uninstalling, reinstalling, cleaning files, clearing sync datas, and resetting Chrome for the 50th time, I have 0 extensions with the exception of Google docs which comes with Chrome by default.

Could you install Chrome Canary?

32-bit here
64-bit here

Problem still occurring?

 

[chcbkkr]

Ok I used the link you provided to install, but it doesn't look any different. I can't tell if I have Canary or Chrome Stable? Yahoo redirect did stop for the moment, but I don't know if it'll come back like it did many times before.

Edit: It's back.

 

[Chromatinfish 123]

Ok I used the link you provided to install, but it doesn't look any different. I can't tell if I have Canary or Chrome Stable? Yahoo redirect did stop for the moment, but I don't know if it'll come back like it did many times before.

Edit: It's back.

Did you not sign in?

Chrome Canary has the yellow icon while chrome Stable is multicolored.

If verified that you didn't sign in, use Canary, and Yahoo! redirect is back (in Canary) then it's sure that it is a program/Proxy, VPN, or DNS.

Change your DNS to:

Primary (1st line): 208.67.222.222
Secondary (2nd Line): 208.67.220.220
Directions:

Go to Network/Sharing Center>>Connection Link (link by connection line)>>Properties>>Highlight IPv4>>Properties

 

[chcbkkr]

Ok cool so I've been using Chrome Stable up till now. I'll be using Canary from now on and see if Yahoo! redirect comes back in Canary. Can I connect Canary with my Google account without syncing or should I not do that at all?

Edit: Nevermind, it came back on Canary too. I haven't even done anything with it... I'll try changing my DNS now.

Edit2: Ok it's done but I'm not sure what I just did? Can you explain what changing DNS server to those values do? Either way, Yahoo! is gone for now. That is, for now.

 

[TwinHeadedEagle]

You did changed your DNS to Open DNS. It is an alternative DNS setting. Let me know if it comes back.

 

[Chromatinfish 123]

Nope, don't sync your account so we know if it's attached to Chrome or is a standalone program.

Yep, the DNS above is OpenDNS. You can also try Google DNS (8.8.8.8, 8.8.4.4) if you wish.