Win32.Load Money and Yandex removal advice please

**wendyseana** · 2014-05-04, 10:19

Hello Juliet,

So it looks even to my novice eyes that we may be getting to the nitty grits of my infection . Here is the ESEETSCAN log :

C:\Users\gokarna\Downloads\DriversForFreeSetup.exe a variant of Win32/InstallCore.JW potentially unwanted application
C:\Users\gokarna\Downloads\MediaPlayer__7392_i603528379_il146.exe a variant of Win32/Amonetize.AO potentially unwanted application
C:\Users\gokarna\Downloads\shrek-the-third2007dvdrip-ac3eng-axxo_BitLord.exe Win32/InstallCore.MT potentially unwanted application

Btw how goes it with finding and deleting Yandex ? Can you do it remotely ?

Salute, Wendy

**Juliet** · 2014-05-04, 12:35

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
C:\Users\gokarna\Downloads\DriversForFreeSetup.exe
C:\Users\gokarna\Downloads\MediaPlayer__7392_i603528379_il146.exe
C:\Users\gokarna\Downloads\shrek-the-third2007dvdrip-ac3eng-axxo_BitLord.exe
c:\programdata\Yandex
c:\users\gokarna\AppData\Local\Yandex
c:\program files\Yandex
c:\users\gokarna\AppData\Roaming\Yandex
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Please post this log when finished.

**wendyseana** · 2014-05-05, 18:39

Hi Juliet, moving right along towards a conclusion then here is the fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:05-05-2014
Ran by gokarna at 2014-05-05 19:30:52 Run:2
Running from C:\Users\gokarna\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Users\gokarna\Downloads\DriversForFreeSetup.exe
C:\Users\gokarna\Downloads\MediaPlayer__7392_i603528379_il146.exe
C:\Users\gokarna\Downloads\shrek-the-third2007dvdrip-ac3eng-axxo_BitLord.exe
c:\programdata\Yandex
c:\users\gokarna\AppData\Local\Yandex
c:\program files\Yandex
c:\users\gokarna\AppData\Roaming\Yandex
Reboot:
end
*****************

C:\Users\gokarna\Downloads\DriversForFreeSetup.exe => Moved successfully.
C:\Users\gokarna\Downloads\MediaPlayer__7392_i603528379_il146.exe => Moved successfully.
"C:\Users\gokarna\Downloads\shrek-the-third2007dvdrip-ac3eng-axxo_BitLord.exe" => File/Directory not found.
c:\programdata\Yandex => Moved successfully.
c:\users\gokarna\AppData\Local\Yandex => Moved successfully.
c:\program files\Yandex => Moved successfully.
c:\users\gokarna\AppData\Roaming\Yandex => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

**Juliet** · 2014-05-05, 20:46

The results look good to me, how is the computer operating now?

**wendyseana** · 2014-05-09, 23:59

Hello Juliet,

How is it going ? Well Yandex is still very much with me which is a downer. You haven't given me feedback on what's happening there for sometime. While it it has hijacked Firefox and Chrome I think its best not to use this computer for any banking or purchasing activity. I am not really sure what to make of the Spybot scan logs which although Win32.Loadmoney no longer appears still shows lots of entries every day and its often only a few hours after fixing show as many entries again. I have copy and pasted the latest here so as you can tell me if this is acceptable/normal or not ??

Search results from Spybot - Search & Destroy

5/10/2014 12:42:58 AM
Scan took 00:16:05.
20 items found.

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\gokarna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XY9GT5VC\kiks.yandex.ru\fuid01.sol
Properties.size=188
Properties.md5=7B8842C292510E47967FC622F91A4B28
Properties.filedate=1399417808
Properties.filedatetext=2014-05-07 02:10:08

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\gokarna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XY9GT5VC\ospank.com\#kernelteam\preferences.sol
Properties.size=61
Properties.md5=C58803187774833DFC9451A7E42B4002
Properties.filedate=1399420269
Properties.filedatetext=2014-05-07 02:51:08

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\gokarna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XY9GT5VC\skype.com\#ui\preferences.sol
Properties.size=217
Properties.md5=DD1BC5A42AEC607C0FEE7A07D7EB04F2
Properties.filedate=1399324437
Properties.filedatetext=2014-05-06 00:13:57

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

Gabest Media Player Classic: [SBI $E81D76E1] Last captured file (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Gabest\Media Player Classic\Capture\FileName

Gabest Media Player Classic: [SBI $A8B11633] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Gabest\Media Player Classic\Recent File List

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (3) (Browser: Cookie, nothing done)

Cache: [SBI $49804B54] Browser: Cache (74) (Browser: Cache, nothing done)

History: [SBI $49804B54] Browser: History (83) (Browser: History, nothing done)

Cookie: [SBI $49804B54] Browser: Cookie (150) (Browser: Cookie, nothing done)

Cookie: [SBI $49804B54] Browser: Cookie (160) (Browser: Cookie, nothing done)

--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2014-03-15 spybotsd2-installer.exe (2.2.25.0)
2013-06-19 spybotsd2-translation-frx.exe
2014-03-15 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-05-06 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-04-30 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-05-06 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-05-06 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

Talk to you tomorrow I hope, Wendy

**Juliet** · 2014-05-10, 00:22

From what I can see it's stored cookies from using Flash Player

http://www.piriform.com/ccleaner/download
Download CCleaner

Once it's downloaded then set it to delete Flash cookies
http://www.piriform.com/docs/ccleane...-flash-cookies

The registry entries you have listed are all simply usage tracks, not malware, so there's really no reason to worry about them unless you're paranoid about your privacy.
http://www.safer-networking.org/faq/usage-tracks/

**wendyseana** · 2014-05-10, 11:44

but Yandex is still very much there so what can we do now please

You didn't say a reboot was necessary so I haven't but I will just to see if perhaps thatis the key...........

**Juliet** · 2014-05-10, 13:48

It's odd, tools I've had you use find and say it's deleted but returns.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
```
:folderfind
Yandex
:filefind
Yandex
:regfind
Yandex
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

**wendyseana** · 2014-05-13, 18:15

The Download Mirror #1 brought up this warning when I clicked on it

Reported Attack Page!

This web page at jpshortstuff.247fixes.com has been reported as an attack page and has been blocked based on your security preferences.

Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

Download Mirror 2 seems to be fine though

**wendyseana** · 2014-05-13, 18:50

Hi Juliet, here is the log for Systemlook

SystemLook 30.07.11 by jpshortstuff
Log created at 19:19 on 13/05/2014 by gokarna
Administrator - Elevation successful

========== folderfind ==========

Searching for "Yandex"
C:\FRST\Quarantine\C\program files\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\programdata\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\Users\gokarna\AppData\Local\Yandex d------ [14:28 26/04/2014]
C:\FRST\Quarantine\C\Users\gokarna\AppData\Roaming\Yandex d------ [14:28 26/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Local\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\LocalLow\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex d------ [08:33 09/04/2014]
C:\Program Files\AdwCleaner\Quarantine\C\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Yandex d------ [08:33 09/04/2014]
C:\Qoobox\Quarantine\C\Program Files\Yandex d------ [12:22 03/05/2014]
C:\Users\gokarna\AppData\LocalLow\Yandex d------ [14:28 26/04/2014]
C:\Users\gokarna\AppData\Roaming\Yandex d------ [16:35 05/05/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex d------ [01:18 27/04/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\en\brand\yandex d------ [07:49 29/04/2014]
C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yasearch-xb\packages\{4177a8a5-e810-42e1-babf-23508a37688c}\locale\ru\brand\yandex d------ [07:49 29/04/2014]
C:\Users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\en\brand\yandex d------ [12:30 19/04/2014]
C:\Users\gokarna\Desktop\Old Firefox Data\hullhm7j.default\yasearch-xb\packages\{3a427092-f8a8-4cfc-8619-30830ef0df73}\locale\ru\brand\yandex d------ [12:30 19/04/2014]
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yandex d------ [07:34 16/03/2014]

========== filefind ==========

Searching for "Yandex"
No files found.

========== regfind ==========

Searching for "Yandex"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Yandex]
[HKEY_CURRENT_USER\Software\AppDataLow\Yandex]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}]
"AppPath"="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.yandex.ru/?win=121&clid=1991182"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Yandex"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback"="http://www.yandex.ru/favicon.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURL_JSON"="http://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://yandex.ru/yandsearch?win=121&clid=1991183&text={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\y]
@="http://yandex.ru/yandsearch?win=121&clid=1991186&text=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"DisplayName"="Yandex"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"UninstallString"=""C:\Program Files\Uninstall Information\97\4258\uninstall.exe" /PUninstall="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser" /reg=32"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"InstallLocation"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"DisplayIcon"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"Publisher"="YANDEX"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"OUninstallString"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe" --uninstall --verbose-logging"
[HKEY_CURRENT_USER\Software\Yandex]
[HKEY_CURRENT_USER\Software\Yandex\YandexBrowser]
[HKEY_CURRENT_USER\Software\Yandex\YandexBrowser]
"UninstallString"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe"
[HKEY_CURRENT_USER\Software\Yandex\YandexBrowser]
"name"="Yandex"
[HKEY_CURRENT_USER\Software\Yandex\YandexBrowser]
"InstallerSuccessLaunchCmdLine"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe""
[HKEY_CURRENT_USER\Software\Yandex\YandexBrowser\Commands\install-extension]
"CommandLine"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --limited-install-from-webstore=%1"
[HKEY_CURRENT_USER\Software\Yandex\YandexBrowser\Commands\on-os-upgrade]
"CommandLine"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe" --on-os-upgrade --verbose-logging"
[HKEY_CURRENT_USER\Software\Classes\.crx]
@="YandexBrowser.crx"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{4671DB2A-087D-4EB2-96DF-64AF0177FE1B}\LocalServer32]
@=""C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe""
[HKEY_CURRENT_USER\Software\Classes\CLSID\{5FAFC90A-D443-4E4F-B69B-DA1F8D553C6C}\LocalServer32]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\delegate_execute.exe""
[HKEY_CURRENT_USER\Software\Classes\CLSID\{5FAFC90A-D443-4E4F-B69B-DA1F8D553C6C}\LocalServer32]
"ServerExecutable"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\delegate_execute.exe"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\0\win32]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\HELPDIR]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx]
[HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx]
@="Yandex Browser Extra"
[HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx\DefaultIcon]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe",0"
[HKEY_CURRENT_USER\Software\Classes\YandexBrowser.crx\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids]
"YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.swf\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgids]
"YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}\InprocServer32]
@="C:\Program Files\Yandex\FastDial\fastdial.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\fd\DefaultIcon]
@="C:\Program Files\Yandex\FastDial\fastdial.dll,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFBDA429-7995-4CCA-9298-7C7D6B4A244C}\1.0\0\win32]
@="C:\Program Files\Yandex\FastDial\fastdial.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFBDA429-7995-4CCA-9298-7C7D6B4A244C}\1.0\HELPDIR]
@="C:\Program Files\Yandex\FastDial"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yabrowser\DefaultIcon]
@="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yabrowser\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE]
@="Yandex Browser HTML Document"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE]
@="Yandex Browser PDF Document"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE\DefaultIcon]
@="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,-103"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE]
@="Yandex"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities]
"ApplicationDescription"="Yandex.Browser — web sayfalarını görüntülemek için kullanılan tarayıcı."
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities]
"ApplicationIcon"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities]
"ApplicationName"="Yandex"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".htm"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".html"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".shtml"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".xht"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".xhtml"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".crx"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".pdf"="YandexPDF.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".swf"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\FileAssociations]
".webp"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\Startmenu]
"StartMenuInternet"="Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"ftp"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"http"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"https"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"irc"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"mailto"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"mms"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"news"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"nntp"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"sms"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"smsto"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"tel"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"urn"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities\URLAssociations]
"webcal"="YandexHTML.FRWESAIQ3UMB4SAG6QDLDICFXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\DefaultIcon]
@="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\InstallInfo]
"ReinstallCommand"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\InstallInfo]
"HideIconsCommand"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\InstallInfo]
"ShowIconsCommand"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YandexSetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YandexSetup_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe]
@="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe]
"Path"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\yandex-offer\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\kp5xybf2.default-1397910583341\yandex-offer\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE"="Software\Clients\StartMenuInternet\Yandex.FRWESAIQ3UMB4SAG6QDLDICFXE\Capabilities"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Yandex]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\AppDataLow\Software\Yandex]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\AppDataLow\Yandex]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54079e4f-b72f-4c73-939e-3e10f242767f}]
"AppPath"="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.yandex.ru/?win=121&clid=1991182"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Yandex"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback"="http://www.yandex.ru/favicon.ico"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURL_JSON"="http://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://yandex.ru/yandsearch?win=121&clid=1991183&text={searchTerms}"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Internet Explorer\SearchUrl\y]
@="http://yandex.ru/yandsearch?win=121&clid=1991186&text=%s"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"DisplayName"="Yandex"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"UninstallString"=""C:\Program Files\Uninstall Information\97\4258\uninstall.exe" /PUninstall="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser" /reg=32"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"InstallLocation"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"DisplayIcon"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe,0"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"Publisher"="YANDEX"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser]
"OUninstallString"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe" --uninstall --verbose-logging"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex\YandexBrowser]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex\YandexBrowser]
"UninstallString"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex\YandexBrowser]
"name"="Yandex"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex\YandexBrowser]
"InstallerSuccessLaunchCmdLine"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe""
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex\YandexBrowser\Commands\install-extension]
"CommandLine"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --limited-install-from-webstore=%1"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Yandex\YandexBrowser\Commands\on-os-upgrade]
"CommandLine"=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\Installer\setup.exe" --on-os-upgrade --verbose-logging"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\.crx]
@="YandexBrowser.crx"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\CLSID\{4671DB2A-087D-4EB2-96DF-64AF0177FE1B}\LocalServer32]
@=""C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe""
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\CLSID\{5FAFC90A-D443-4E4F-B69B-DA1F8D553C6C}\LocalServer32]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\delegate_execute.exe""
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\CLSID\{5FAFC90A-D443-4E4F-B69B-DA1F8D553C6C}\LocalServer32]
"ServerExecutable"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\delegate_execute.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\0\win32]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\HELPDIR]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx]
@="Yandex Browser Extra"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx\DefaultIcon]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe",0"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000\Software\Classes\YandexBrowser.crx\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" "%1""
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\.crx]
@="YandexBrowser.crx"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\CLSID\{4671DB2A-087D-4EB2-96DF-64AF0177FE1B}\LocalServer32]
@=""C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe""
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\CLSID\{5FAFC90A-D443-4E4F-B69B-DA1F8D553C6C}\LocalServer32]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\delegate_execute.exe""
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\CLSID\{5FAFC90A-D443-4E4F-B69B-DA1F8D553C6C}\LocalServer32]
"ServerExecutable"="C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\30.0.1599.13014\delegate_execute.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\0\win32]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\yupdate-ctrl.exe"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\TypeLib\{B01CA563-8D3B-4E50-94B7-BBCED71B3083}\1.0\HELPDIR]
@="C:\Users\gokarna\AppData\Local\Yandex\Updater\"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx]
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx]
@="Yandex Browser Extra"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx\DefaultIcon]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe",0"
[HKEY_USERS\S-1-5-21-3506391524-3815322815-2224249592-1000_Classes\YandexBrowser.crx\shell\open\command]
@=""C:\Users\gokarna\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" "%1""
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Yandex]

-= EOF =-

Thread: Win32.Load Money and Yandex removal advice please

Thread Tools

Display

Esetscan

Fixlist log

Reportage

Cleaned according to plan

For your information

System Look - Download Mirror #2

Posting Permissions