Hey guys, my problem is that recently when I type into my main search bar my searches are being routed to a Yahoo search, rather than Google. While it is not the most annoying problem ever, looking up the issue has told me that it is caused by malware on my computer. I have done all the necessary exploration to ensure that I am not an idiot and my search settings are correct. I have run multiple boot time scans with Avast Premier, and full scans with Malware Bytes. I deleted any suspicious files (before reading on here not to), and checked for weird chrome extensions etc. Avast found some viruses and cleaned them up, I can not tell you what they are, I deleted them from the chest awhile ago. Malware Bytes detects no issues, the attachements are the logs from aswMBR and FRST. Thank you for your time, and please let me know what other information is required.
I have alerted a malware specialist to review your logs. Please be patient as they come on the forum at different times. In the meantime, do not make any changes to your machine. Thank you for posting your logs.
Which browser does this appear in ?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CMD: bitsadmin /reset /allusers CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
The browser I am using is Google Chrome.
Here are the logs you requested:
Could you reset Chrome and let me know if that clears it
Details here https://support.google.com/chrome/answer/3296214?hl=en-GB
I have done that already as well, it did not change anything. I looked for all the common files, chrome extensions, reset the browser, re-installed the browser, ran the scans, etc.
I have a newer version of that it said, my computer runs Qualcomms Atheros Network Manager. I believe I know what type of virus/malware w/e that I have. I just recently noticed that the searches are titled “Looksafe Yahoo Search” and looking up looksafe virus showed me symptoms like Java updates that my pc has never ha before, and is currently having. I still do not know how to remove it, however. My searches told me it can be pretty difficult.
Take a screenshot of it and post…
You will notice in the Tab it says “Looksafe” as well as in the url. The image is after typing into the normal bar, which is set to route through Google.
OK lets now look in the registry
Run FRST and in the search box type
looksafe;yahoo
Click Search Registry
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
On completion a search.txt will be produced please post that
Here you go:
Copy the following to a notepad file :
Windows Registry Editor Version 5.00[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{FCE1662E-06F1-413D-80CB-33D456D1CFCB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LookSafe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID{FCE1662E-06F1-413D-80CB-33D456D1CFCB}]
[-HKEY_USERS\S-1-5-21-3772411351-2599992061-2026952429-1001\Software\PowerPack]
[-HKEY_CLASSES_ROOT\CLSID{FCE1662E-06F1-413D-80CB-33D456D1CFCB}]
Select : Save as type > all files
Name the file as fix.reg
Save to the desktop
Close all browser windows
Right click the reg file and select Merge
Accept all warnings
Open chrome and ensure that your search engine is set to google
Then try a search
I did the process multiple times, and the problem still persists. I ensured all windows were closed, my search was google, and re copied the content to several new fix.reg files. The attachments are to just to show reg.fix completion and my search.
Could you run the registry search again please
Then run FRST again this time select shortcut txt
Absolutely, here you go:
OK two things now…
First : Could you open chrome and take a screenshot of the search settings page so that I can see what your search settings are
Next : Could you run FRST scan and include the shortcuts.txt option
I ran the registry scan again with shortcuts.txt selected. The attachments are picture of the scan with shortcuts selected, my search settings in chrome, and the search text file I get on completion of the registry scan. Oops, I will add the scan in a second. Sorry
Sorry I am not making myself clear
Run FRST, place a tick in the shortcuts.txt
Press Scan
No I am an idiot, I just realized, I apologize. Here you go: