Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo search browser hijack


  • Please log in to reply
15 replies to this topic

#1 T3rry

T3rry

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 06 January 2018 - 09:35 AM

Yahoo search set as my default in both installed browsers (Edge and Firefox) without my permission or actions. I was able to reverse this back to my preferred search. Microsoft apps (news, weather, games, cortana) do not finish loading. Used to get a random pop up to install Chromium with Yahoo...found Chromium folder, deleted it...pop up randomly continued with only Yahoo mentioned. Only way to close pop up was with task manager. Yahoo (something) shows in uninstall programs dialogue, but will not uninstall. Both Edge and Firefox now show multiples in task manager when there is only 1 visible. System restore will not complete, says something is running that will not allow it. Windows defender full scan shows 0 infections. Cannot run downloaded ad aware type products from 2 different vendors...they will not open.



BC AdBot (Login to Remove)

 


#2 T3rry

T3rry
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 06 January 2018 - 09:54 AM

Windows 10



#3 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:54 PM

Posted 06 January 2018 - 11:02 AM

Having multiple Firefox processes is normal with the newer Firefox browsers.

See info at 2 firefox.exe running in the background whenever I open Firefox | Firefox Support Forum | Mozilla Support

 

Use the programs below to clean, remove malware and remove adware.

 

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 T3rry

T3rry
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 06 January 2018 - 11:25 AM

I am at work currently, will be home this evening. Thank you for your reply and I will try this later today.

 

I downloaded AdwCleaner (7.0.6.0) this morning, but it would not open or run. What should I do if CCleaner will not open or run? Or AdwCleaner for that matter?



#5 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:54 PM

Posted 06 January 2018 - 11:48 AM

If Malwarebytes won't install or run....follow the directions for MBAR in the link below. Run that first before attempting an AdwCleaner scan.

I doubt that CCleaner will be blocked as it is not a security program. Some malware and adware do block security programs. That could be

the problem.

 

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 T3rry

T3rry
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 06 January 2018 - 12:36 PM

Thanks. I'll do it this evening and post results.



#7 T3rry

T3rry
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 06 January 2018 - 09:01 PM

2 of 4 complete with no issues.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/6/18
Scan Time: 8:41 PM
Log File: e9a904b8-f34b-11e7-8aad-40b0342c01b6.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3641
License: Trial

-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: DESKTOP-0MNPL8L\3515p

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290764
Threats Detected: 41
Threats Quarantined: 41
Time Elapsed: 2 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 18
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered cised, Quarantined, [57], [308969],1.0.3641
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4AEF6801-AC96-419E-BA26-38E2BDCF7A4D}, Quarantined, [57], [308969],1.0.3641
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{4AEF6801-AC96-419E-BA26-38E2BDCF7A4D}, Quarantined, [57], [308969],1.0.3641
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{12DAC293-BE73-BC58-0AB6-0AAF77A1F858}, Quarantined, [493], [454453],1.0.3641
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BEC48731-D134-43D1-B3B0-42E57792C490}, Quarantined, [493], [454453],1.0.3641
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BEC48731-D134-43D1-B3B0-42E57792C490}, Quarantined, [493], [454453],1.0.3641
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{12DAC293-BE73-BC58-0AB6-0AAF77A1F858}, Quarantined, [493], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEC48731-D134-43D1-B3B0-42E57792C490}, Quarantined, [493], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEC48731-D134-43D1-B3B0-42E57792C490}, Quarantined, [493], [-1],0.0.0
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2211D4A5-48D0-47F5-A7CD-81E861470F7F}, Quarantined, [57], [388392],1.0.3641
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2211D4A5-48D0-47F5-A7CD-81E861470F7F}, Quarantined, [57], [388392],1.0.3641
PUP.Optional.WinYahoo, HKU\S-1-5-21-4075970353-1905604774-3597609057-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}, Quarantined, [57], [388392],1.0.3641
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [57], [182757],1.0.3641
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [57], [182757],1.0.3641
PUP.Optional.WinYahoo, HKU\S-1-5-21-4075970353-1905604774-3597609057-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [57], [182757],1.0.3641
PUP.Optional.WinYahoo, HKU\S-1-5-21-4075970353-1905604774-3597609057-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F79E5D1C-5148-469E-9F98-A11D8D7863F4}, Quarantined, [57], [182758],1.0.3641
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F79E5D1C-5148-469E-9F98-A11D8D7863F4}, Quarantined, [57], [182758],1.0.3641
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{f79e5d1c-5148-469e-9f98-a11d8d7863f4}, Quarantined, [57], [182758],1.0.3641

Registry Value: 10
PUP.Optional.WinYahoo, HKU\S-1-5-21-4075970353-1905604774-3597609057-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}|URL, Quarantined, [57], [388392],1.0.3641
PUP.Optional.SearchYa, HKU\S-1-5-21-4075970353-1905604774-3597609057-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}|FAVICONPATH, Quarantined, [4441], [242794],1.0.3641
PUP.Optional.WinYahoo, HKU\S-1-5-21-4075970353-1905604774-3597609057-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [57], [182757],1.0.3641
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{f79e5d1c-5148-469e-9f98-a11d8d7863f4}|URL, Quarantined, [57], [182758],1.0.3641
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [57], [388393],1.0.3641
PUP.Optional.SearchYa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FAVICONPATH, Quarantined, [4441], [242799],1.0.3641
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{f79e5d1c-5148-469e-9f98-a11d8d7863f4}|URL, Quarantined, [57], [182758],1.0.3641
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4AEF6801-AC96-419E-BA26-38E2BDCF7A4D}|PATH, Quarantined, [57], [308967],1.0.3641
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [57], [388393],1.0.3641
PUP.Optional.SearchYa, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FAVICONPATH, Quarantined, [4441], [242799],1.0.3641

Registry Data: 2
PUP.Optional.WinYahoo, HKU\S-1-5-21-4075970353-1905604774-3597609057-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [57], [388390],1.0.3641
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [57], [388391],1.0.3641

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.WinYahoo.TskLnk, C:\USERS\3515P\APPDATA\LOCAL\WINCY, Quarantined, [493], [454453],1.0.3641

File: 10
PUP.Optional.WinYahoo, C:\WINDOWS\TASKS\Yahoo! Powered cised.job, Quarantined, [57], [308966],1.0.3641
PUP.Optional.WinYahoo, C:\WINDOWS\SYSTEM32\TASKS\Yahoo! Powered cised, Quarantined, [57], [308969],1.0.3641
PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\{12DAC293-BE73-BC58-0AB6-0AAF77A1F858}, Quarantined, [493], [454453],1.0.3641
PUP.Optional.WinYahoo.TskLnk, C:\USERS\3515P\APPDATA\LOCAL\WINCY\SYNCVERSION.EXE, Quarantined, [493], [454453],1.0.3641
PUP.Optional.WinYahoo.TskLnk, C:\Users\3515p\AppData\Local\wincy\info.dat, Quarantined, [493], [454453],1.0.3641
PUP.Optional.WinYahoo.TskLnk, C:\Users\3515p\AppData\Local\wincy\STTL.DAT, Quarantined, [493], [454453],1.0.3641
PUP.Optional.WinYahoo.TskLnk, C:\Users\3515p\AppData\Local\wincy\TTL.DAT, Quarantined, [493], [454453],1.0.3641
PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\{12DAC293-BE73-BC58-0AB6-0AAF77A1F858}, Quarantined, [493], [-1],0.0.0
PUP.Optional.WinYahoo, C:\USERS\3515P\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\874XKP6A.DEFAULT\SEARCHPLUGINS\SEARCH.YAHOO.COM.XML, Quarantined, [57], [388384],1.0.3641
PUP.Optional.Reimage, C:\USERS\3515P\DOWNLOADS\REIMAGEREPAIR.EXE, Quarantined, [1095], [331559],1.0.3641

Physical Sector: 0
(No malicious items detected)


(end)



#8 T3rry

T3rry
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 06 January 2018 - 09:12 PM

ADWCleaner:

# AdwCleaner 7.0.6.0 - Logfile created on Sun Jan 07 02:06:25 2018
# Updated on 2017/21/12 by Malwarebytes
# Database: 01-05-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2565 B] - [2017/12/12 2:17:54]
C:/AdwCleaner/AdwCleaner[S0].txt - [2563 B] - [2017/12/12 2:14:12]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########



#9 T3rry

T3rry
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 06 January 2018 - 10:27 PM

I left my computer, when I came back the browser windows were closed, computer in energy conserve mode. I guess ESET didn't find anything. News, games, etc. normal, Firefox shows 4 in task manager, Edge 10, Yahoo! powered still shows in uninstall programs, but does not uninstall.



#10 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:54 PM

Posted 07 January 2018 - 07:01 AM

Try uninstalling Yahoo using Download Revo Uninstaller Freeware in Advanced Mode.

 

Run CCleaner again using its Default Settings. Then do this:

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 T3rry

T3rry
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 07 January 2018 - 11:09 AM

Startup:

es    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    Google Update    Google Inc.    C:\Users\3515p\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe
Yes    HKCU:Run    OneDrive    Microsoft Corporation    "C:\Users\3515p\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes    HKLM:Run    BtServer    Realtek Semiconductor Corporation    "C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe"
Yes    HKLM:Run    HPMessageService    HP Inc.    C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
Yes    HKLM:Run    RTHDVCPL    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes    HKLM:Run    SecurityHealth    Microsoft Corporation    %ProgramFiles%\Windows Defender\MSASCuiL.exe
Yes    Startup Common    HP Audio Switch.lnk        C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitchLC.vbs

Startup scheduled:

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    GoogleUpdateTaskUserS-1-5-21-4075970353-1905604774-3597609057-1001Core    Google Inc.    C:\Users\3515p\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskUserS-1-5-21-4075970353-1905604774-3597609057-1001UA    Google Inc.    C:\Users\3515p\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    HPCeeScheduleFor3515p    HP Development Company, L.P.    C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleFor3515p (null)
Yes    Task    HPEA3JOBS    HP    C:\Program Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Yes    Task    HPJumpStartLaunch    HP Inc.    "C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe"
Yes    Task    OneDrive Standalone Update Task-S-1-5-21-4075970353-1905604774-3597609057-1001    Microsoft Corporation    %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Programs:

3D Builder    Microsoft Corporation    12/12/2017        15.1.3342.0
Adobe Acrobat Reader DC    Adobe Systems Incorporated    11/29/2017    487 MB    18.009.20050
Adobe Flash Player 28 NPAPI    Adobe Systems Incorporated    12/12/2017    9.05 MB    28.0.0.126
Alarms & Clock    Microsoft Corporation    12/15/2017        10.1712.3352.0
Amazon    Amazon.com    12/14/2017        2017.1206.2820.0
Animals in Autumn    Microsoft Corporation    11/4/2017        1.0.0.0
App Installer    Microsoft Corporation    11/14/2017        1.0.12894.0
Associated Press    The Associated Press    7/4/2017        1.1.2.115
Bonjour    Apple Inc.    1/6/2017    3.23 MB    3.0.0.10
Calculator    Microsoft Corporation    12/15/2017        10.1712.3351.0
Camera    Microsoft Corporation    10/24/2017        2017.921.10.0
Candy Crush Soda Saga    king.com    12/14/2017        1.104.700.0
CCleaner    Piriform    1/6/2018        5.38
Community Showcase Cityscapes 2    Microsoft Corporation    11/9/2017        1.0.0.0
CyberLink Power Media Player 14    CyberLink Corp.    11/17/2017    379 MB    14.0.5.6909
CyberLink PowerDirector 14    CyberLink Corp.    11/17/2017    1.05 GB    14.0.2.3309
Energy Star    HP Inc.    1/6/2017    6.65 MB    1.1.1
Feedback Hub    Microsoft Corporation    1/3/2018        1.1711.3412.0
Get Help    Microsoft Corporation    11/17/2017        10.1706.1981.0
Google Talk Plugin    Google    7/4/2017    15.1 MB    5.41.3.0
Groove Music    Microsoft Corporation    12/14/2017        10.17086.24711.0
HEVC Video Extension        11/28/2017        
HP Audio Switch    HP Inc.    11/17/2017        1.0.111.0
HP ePrint SW    HP Inc.    11/17/2017    67.1 MB    5.1.19895
HP JumpStart    HP Inc.    7/2/2017        1.2.228.0
HP JumpStart Bridge    HP Inc.    9/25/2017    18.3 MB    1.3.0.423
HP JumpStart Launch    HP Inc.    9/25/2017    866 KB    1.3.423.0
HP Registration Service    HP Inc.    1/6/2017    12.6 MB    1.2.8357.5639
HP Support Assistant    HP Inc.    1/6/2017    119 MB    8.5.37.19
HP Support Solutions Framework    HP Inc.    1/6/2017    13.4 MB    12.8.47.1
HP Sure Connect    HP Inc.    1/6/2017        1.0.0.27
HP System Event Utility    HP Inc.    1/6/2017    21.7 MB    1.4.14
HP Touchpoint Analytics Client    HP Inc.    11/20/2017        4.0.2.1439
Intel® Processor Graphics    Intel Corporation    1/5/2017        20.19.15.4380
Intel® Trusted Execution Engine    Intel Corporation    1/6/2017        2.0.0.1094
Intel® Security Assist    Intel Corporation    1/6/2017    2.36 MB    1.0.0.532
LibreOffice 5.4.1.2    The Document Foundation    10/2/2017    951 MB    5.4.1.2
Mahjong Epic    Kristanix Studios AS    10/13/2017        1.1.2.0
Mail and Calendar    Microsoft Corporation    1/7/2018        17.8730.21725.0
Malwarebytes version 3.3.1.2183    Malwarebytes    1/6/2018    186 MB    3.3.1.2183
Maps    Microsoft Corporation    10/18/2017        5.1708.2764.0
March of Empires: War of Lords    Gameloft.    12/18/2017        2.9.2.1
Messaging    Microsoft Corporation    11/29/2017        3.34.25004.0
Microsoft Office Home and Student 2016 - en-us    Microsoft Corporation    12/14/2017    901 MB    16.0.8730.2127
Microsoft OneDrive    Microsoft Corporation    12/8/2017    100 MB    17.3.7131.1115
Microsoft Solitaire Collection    Microsoft Studios    12/15/2017        3.18.12091.0
Microsoft Sticky Notes    Microsoft Corporation    12/14/2017        2.0.5.0
Microsoft Store    Microsoft Corporation    12/6/2017        11711.1001.5.0
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    1/6/2017    5.79 MB    8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    1/6/2017    1.45 MB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    1/6/2017    644 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    1/6/2017    4.01 MB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    1/6/2017    3.36 MB    9.0.30729.4148
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030    Microsoft Corporation    11/17/2017    20.5 MB    11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030    Microsoft Corporation    11/17/2017    17.3 MB    11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501    Microsoft Corporation    11/17/2017    20.5 MB    12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506    Microsoft Corporation    11/17/2017    22.5 MB    14.0.23506.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506    Microsoft Corporation    11/17/2017    18.7 MB    14.0.23506.0
Minecraft    Microsoft Studios    12/19/2017        1.2.800.0
Mixed Reality Viewer    Microsoft Corporation    1/7/2018        2.1801.4012.0
Mobile Plans    Microsoft Corporation    11/17/2017        3.1710.3044.0
Movies & TV    Microsoft Corporation    12/22/2017        10.17112.13411.0
Mozilla Firefox 57.0.4 (x64 en-US)    Mozilla    1/4/2018    140 MB    57.0.4
Mozilla Maintenance Service    Mozilla    11/17/2017    260 KB    54.0
My Office    Microsoft Corporation    12/15/2017        17.8830.7600.0
Netflix        12/15/2017        
News    Microsoft Corporation    12/15/2017        4.22.3254.0
One Calendar    Code Spark    12/30/2017        2017.1229.1.0
OneNote    Microsoft Corporation    12/30/2017        17.8827.20991.0
Paint 3D    Microsoft Corporation    12/14/2017        3.1712.7027.0
People    Microsoft Corporation    12/22/2017        10.3.3472.0
Photos    Microsoft Corporation    12/14/2017        2017.39101.16720.0
Phototastic Collage    Thumbmunkeys Ltd    12/4/2017        2.1.0.0
Print 3D    Microsoft Corporation    11/17/2017        1.0.2572.0
REALTEK Bluetooth Driver    REALTEK Semiconductor Corp.    1/6/2017    125 MB    1.0.0.53
Realtek Card Reader    Realtek Semiconductor Corp.    1/6/2017    29.2 MB    10.0.10586.31225
Realtek Ethernet Controller Driver    Realtek    1/6/2017    7.88 MB    10.8.311.2016
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    11/17/2017    42.6 MB    6.0.1.7878
REALTEK Wireless LAN Driver    REALTEK Semiconductor Corp.    1/6/2017    13.1 MB    1.0.0.75
Revo Uninstaller 2.0.4    VS Revo Group, Ltd.    1/7/2018    21.2 MB    2.0.4
Royal Revolt 2    flaregames GmbH    12/1/2017        3.8.0.0
Simple Mahjong    Random Salad Games LLC    10/20/2017        5.0.15.0
Skype    Skype    1/3/2018        12.13.257.0
Solitaire Epic+    Kristanix Studios AS    10/17/2017        1.1.0.0
Store Experience Host    Microsoft Corporation    1/7/2018        11712.1712.12003.0
Tips    Microsoft Corporation    11/17/2017        6.5.2851.0
Voice Recorder    Microsoft Corporation    12/15/2017        10.1712.3351.0
Wallet    Microsoft Corporation    11/17/2017        2.0.17214.0
Weather    Microsoft Corporation    12/15/2017        4.22.3254.0
WildTangent Games    WildTangent    11/17/2017    1.63 MB    1.1.0.28
Windows 10 Upgrade Assistant    Microsoft Corporation    11/17/2017    5.00 MB    1.4.9200.22175
Xbox    Microsoft Corporation    12/15/2017        36.36.12003.0
Xbox Game bar    Microsoft Corporation    12/14/2017        1.24.5001.0
Xbox Game Speech Window    Microsoft Corporation    12/16/2017        1.21.13002.0
Xbox Identity Provider    Microsoft Corporation    11/17/2017        12.30.5001.0
Xbox Live    Microsoft Corporation    12/15/2017        1.11.29001.0

And in case you want browser info (ie):

Yes    Extension    Launches HP Network Check that helps you solve connection issues    HP Inc.    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
Yes    Extension    Lync Click to Call    Microsoft Corporation    C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
Yes    Extension    OneNote Linked Notes    Microsoft Corporation    C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
Yes    Extension    OneNote Linked Notes    Microsoft Corporation    C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
Yes    Extension    Send to OneNote    Microsoft Corporation    C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
Yes    Extension    Send to OneNote    Microsoft Corporation    C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
No    Helper    HP Network Check Helper    HP Inc.    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
No    Helper    HP Network Check Helper    HP Inc.    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
Yes    Helper    Lync Browser Helper    Microsoft Corporation    C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll

Firefox:

Yes    Extension    Activity Stream    2017.11.07.1100-7f4e3634        default    Firefox 57.0.4    C:\Program Files (x86)\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi
Yes    Extension    Application Update Service Helper    2.0        default    Firefox 57.0.4    C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Yes    Extension    Disable JavaScript Shared Memory    2.0        default    Firefox 57.0.4    C:\Users\3515p\AppData\Roaming\Mozilla\Firefox\Profiles\874xkp6a.default\features\{35a3685f-2a6f-49e9-8355-5a430ec9c586}\disable-js-shared-memory@mozilla.org.xpi
Yes    Extension    Disable Media WMF NV12 format    1.1        default    Firefox 57.0.4    C:\Users\3515p\AppData\Roaming\Mozilla\Firefox\Profiles\874xkp6a.default\features\{35a3685f-2a6f-49e9-8355-5a430ec9c586}\disable-media-wmf-nv12@mozilla.org.xpi
Yes    Extension    Firefox Screenshots    19.2.0        default    Firefox 57.0.4    C:\Program Files (x86)\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi
Yes    Extension    Follow-on Search Telemetry    0.9.6        default    Firefox 57.0.4    C:\Program Files (x86)\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi
Yes    Extension    Form Autofill    1.0        default    Firefox 57.0.4    C:\Program Files (x86)\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi
Yes    Extension    Multi-process staged rollout    3.05        default    Firefox 57.0.4    C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Yes    Extension    Photon onboarding    1.0        default    Firefox 57.0.4    C:\Program Files (x86)\Mozilla Firefox\browser\features\onboarding@mozilla.org.xpi
Yes    Extension    Pocket    1.0.5        default    Firefox 57.0.4    C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Yes    Extension    Shield Recipe Client    76.1        default    Firefox 57.0.4    C:\Program Files (x86)\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi
Yes    Extension    Web Compat    1.1        default    Firefox 57.0.4    C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Yes    Plugin        1.4.8.1008    Google Inc.    default    Firefox 57.0.4    C:\Users\3515p\AppData\Roaming\Mozilla\Firefox\Profiles\874xkp6a.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll
Yes    Plugin    OpenH264 Video Codec    1.7.1    Mozilla Corporation    default    Firefox 57.0.4    C:\Users\3515p\AppData\Roaming\Mozilla\Firefox\Profiles\874xkp6a.default\gmp-gmpopenh264\1.7.1\gmpopenh264.dll
Yes    Plugin    Shockwave Flash    28.0.0.126    Adobe Systems Incorporated    default    Firefox 57.0.4    C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll


 



#12 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:54 PM

Posted 07 January 2018 - 11:58 AM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    Google Update    Google Inc.    C:\Users\3515p\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe
Yes    HKCU:Run    OneDrive    Microsoft Corporation    "C:\Users\3515p\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background

Yes    HKLM:Run    HPMessageService    HP Inc.    C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    GoogleUpdateTaskUserS-1-5-21-4075970353-1905604774-3597609057-1001Core    Google Inc.    C:\Users\3515p\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskUserS-1-5-21-4075970353-1905604774-3597609057-1001UA    Google Inc.    C:\Users\3515p\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    HPCeeScheduleFor3515p    HP Development Company, L.P.    C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleFor3515p (null)
Yes    Task    HPEA3JOBS    HP    C:\Program Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Yes    Task    HPJumpStartLaunch    HP Inc.    "C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe"
Yes    Task    OneDrive Standalone Update Task-S-1-5-21-4075970353-1905604774-3597609057-1001    Microsoft Corporation    %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

 

Uninstall these programs:

Candy Crush Soda Saga    king.com    12/14/2017        1.104.700.0

WildTangent Games    WildTangent    11/17/2017    1.63 MB    1.1.0.28

 

I don't see Yahoo in the list of installed programs....so...does that mean you successfully removed it using Revo?

 

After completing the above and rebooting the computer....please tell me of any errors/ problems you see.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 T3rry

T3rry
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 07 January 2018 - 12:57 PM

Revo did successfully uninstall Yahoo! powered. Disabled startups, tasks and uninstalled programs. All seems well.



#14 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:54 PM

Posted 07 January 2018 - 02:08 PM

Very good...happy surfin'...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 T3rry

T3rry
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 07 January 2018 - 02:34 PM

Thank you very much.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users