Solved Unwanted Yahoo search engine opens all the time

[carlopip]

I am experiencing a continuous opening of the Yahoo search engine in Google Chrome, as described above.
At the same time all the tabs opened in a previous Chrome session get deleted.
This does not seem to happen in IE or Firefox.
Antivirus installed: Kaspersky KIS.
--Carlo

 

[argus]

Helllo,do you this business/company computers?

 

[carlopip]

Helllo,do you this business/company computers?

Do you mean if this notebook belongs to me or rather to my company?
It is my own notebook.

 

[argus]

Yes, because is win 7 Professional. Ok no problem.


Re-run zoek and run this script:

createsrpoint;
autoclean;
blbkdnmdcafmfhinpmnlhhddbepgkeaa;chr
emptyalltemp;
ipconfig /flushdns;b
bitsadmin /reset /allusers;b

Post its content into your next reply.

 

[carlopip]

Here is the zoek log file:

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by carlo on 08/05/2015 at 12:49:13.14.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\DISCO DATI E LAVORI\PROGRAMMI COMPRESSI\Antimalware Antispyware\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

08/05/2015 12:51:20 Zoek.exe System Restore Point Created Successfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [17/12/2014 17:59]

==== Firefox Extensions ======================

ProfilePath: C:\Users\carlo\AppData\Roaming\Thunderbird\Profiles\jll75jhu.default
- British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org
- United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org
- Dizionario italiano - %ProfilePath%\extensions\it-IT@dictionaries.addons.mozilla.org
- Mail Redirect - %ProfilePath%\extensions\{CC3C233D-6668-41bc-AAEB-F3A1D1D594F5}
- Extension List Dumper - %ProfilePath%\extensions\extensionlistdumper@sogame.cat.xpi
- Signature Switch - %ProfilePath%\extensions\{2ab1b709-ba03-4361-abf9-c50b964ff75d}.xpi
- AttachmentExtractor - %ProfilePath%\extensions\{35834d20-efdb-4f78-ab77-9635fb4e56c4}.xpi
- PrintingTools - %ProfilePath%\extensions\{5e9999c2-ba1d-44b6-bcee-5b30ce37d3b0}.xpi

ProfilePath: C:\Users\carlo\AppData\Roaming\TomTom\HOME\Profiles\mmg04ctm.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.9.510.1234792@tomtom.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\carlo\AppData\Roaming\Mozilla\Firefox\Profiles\m0ocyuhe.default-1430846806397
2D389D314D1928AA30778229090F9AD3 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll - Shockwave for Director / Shockwave for Director
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director
0FC325593893749364EC4A733E7D9100 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll - Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\carlo\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104


==== Chromium Look ======================

Google Chrome Version: 42.0.2311.135

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[06/06/2014 02:28]
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[21/12/2013 08:04]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[06/06/2014 02:28]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[06/06/2014 02:28]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[17/12/2014 17:58]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[06/06/2014 02:28]

Web2PDFConverter - carlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkanhckocooacphbnclgcndnpfpoppdk
Adobe Acrobat - Create PDF - carlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
Google Calendar by Google - carlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich
Bookmark Manager - carlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Send Page - carlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\higemadklcnjhjpgcbnnbpgeeippjjcp
Chrome Hotword Shared Module - carlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - carlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chromium Startpages ======================

C:\Users\carlo\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\carlo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\carlo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZ1B8FPL will be deleted at reboot
C:\Users\carlo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LG0G77T6 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\carlo\AppData\Local\Mozilla\Firefox\Profiles\m0ocyuhe.default-1430846806397\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\carlo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=13 folders=7 7727050 bytes)

==== Empty Temp Folders ======================

C:\Users\carlo\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

 

[argus]

How's your computer behaving now?

 

[carlopip]

Like in the last week: every time I open a new tab in Chrome the Google homepage appears for one second before being replaced by the Yahoo search engine. Same when I open a new Chrome session. Also the tabs opened in a previous Chrome sessions are deleted when I open a new session.

 

[argus]

Export your bookmarks
https://support.google.com/chrome/answer/96816?hl=en


Close all Chrome windows and tabs.
Go to the Start menu > Control Panel.
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.


Click Start, copy in search %LOCALAPPDATA%\ and remove folder Google

Download Chrome
https://www.google.com/intl/en/chrome/browser/desktop/

 

[carlopip]

Ok, right now after reinstallation Chrome seems to work fine. The Yahoo rsearch engine does not pop up anymore.
Thanks a lot.
Is there a specific reason why I had that Yahoo issue? What has been the cause of it? Are there websites known for causing that problem?
Carlo

 

[argus]

There was probably some malware that hijacks your browsers changing them to Yahoo. You probably downloaded some application.

The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[carlopip]

Ok, done

 

[argus]

Regards.