Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

slow computer - malware - blocked from attaching addition.txt

This is a discussion on slow computer - malware - blocked from attaching addition.txt within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. attached frst


Like Tree1Likes
Closed Thread
 
Thread Tools Search this Thread
Old 01-28-2020, 08:04 AM   #21
Registered Member
 
Join Date: Jul 2009
Posts: 40
OS: vista



attached frst
Attached Files
File Type: txt FRST.txt (40.3 KB, 2 views)
beavis1122 is offline  
Sponsored Links
Advertisement
 
Old 01-28-2020, 08:08 AM   #22
Registered Member
 
Join Date: Jul 2009
Posts: 40
OS: vista



computer running fine


attached
Attached Files
File Type: zip Addition.zip (7.6 KB, 2 views)
beavis1122 is offline  
Old 01-28-2020, 10:23 PM   #23
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Location: Yorkshire
Posts: 735
OS: W10, W8.1, Mint Cinnamon 19.2, MX Linux



After a brief look at your new logs, it looks like there's still some work to do.

I need to go over them in detail, and it may take a while, I'll get back to you ASAP.
__________________
Gary R is offline  
Sponsored Links
Advertisement
 
Old 01-29-2020, 02:16 AM   #24
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Location: Yorkshire
Posts: 735
OS: W10, W8.1, Mint Cinnamon 19.2, MX Linux



OK here goes with round 2 ....

First ...
  • Go to Control Panel > Programs > Programs and Features
  • Uninstall SSOption
  • Reboot your computer to complete the unnstall

Next ...

Remove the following Google Chrome extensions ...

Quote:
CHR Extension: (Search Manager) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2020-01-24]

CHR HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mpicjgpamgcnpiacdciefbgahmkhhogc] - hxxps://chrome.google.com/webstore/detail/mpicjgpamgcnpiacdciefbgahmkhhogc
See ... https://www.timeatlas.com/uninstall-chrome-extensions/

Next ...
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ....
Code:
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=863166040&param1=y6bdVFVIsvuYsgEClQfz8FBvKkXdqONxqOqRNOxENVZHef5O1Ic1aE4boHlv4nEAf5CoTF5GAKajp0diKZIFl79J%2FIO3qfYZuLoIQ2I0Xcwexctr066OaH1JuOO6oQg3sVmD1zt8WM%2F8Hy5oFUBepR530GJMqucoDuyWKCWR2bYiV6R47M%2Fzx4bzWLi8ORrUNhA7kGeqwAWLHV%2Flz9I%2Fly2wnMVUn32N9GIVrnpr5EHet9CiF0IGekbUoMCbxoh1GmuKZWuhp7XXicZgGF39mQ%3D%3D
SearchScopes: HKU\S-1-5-21-3075259716-4219239708-4241734008-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=863166040&param1=y6bdVFVIsvuYsgEClQfz8FBvKkXdqONxqOqRNOxENVZHef5O1Ic1aE4boHlv4nEANF2l01JJkclQ%2Fev7sHrkxwARX51fFDzISU0qs1dcYINutlgpT4%2BPs%2FmRVa%2BaepUuAIiK3TPWj21tjOTw1vFY1p%2BDFU4UOs%2BowxF04FjRwWTbgech%2Bo10tBjJtf4T97fE0nyO9lVq%2Bg8SPSzNjrIphin%2B3iZXGW3opIghKeZyVOWIXMmxEMEHhcX8bQQ578X9hScHb3AVf9AuBU9%2FgcjT6Q%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3075259716-4219239708-4241734008-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=863166040&param1=y6bdVFVIsvuYsgEClQfz8FBvKkXdqONxqOqRNOxENVZHef5O1Ic1aE4boHlv4nEANF2l01JJkclQ%2Fev7sHrkxwARX51fFDzISU0qs1dcYINutlgpT4%2BPs%2FmRVa%2BaepUuAIiK3TPWj21tjOTw1vFY1p%2BDFU4UOs%2BowxF04FjRwWTbgech%2Bo10tBjJtf4T97fE0nyO9lVq%2Bg8SPSzNjrIphin%2B3iZXGW3opIghKeZyVOWIXMmxEMEHhcX8bQQ578X9hScHb3AVf9AuBU9%2FgcjT6Q%3D%3D&p={searchTerms}
CHR HomePage: Default -> homepage.ssoextension.com
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=863166040&param1=y6bdVFVIsvuYsgEClQfz8FBvKkXdqONxqOqRNOxENVZHef5O1Ic1aE4boHlv4nEAoPdZrYaNOtPT2uPrGxgjFXRZeyTLsWprl8KI5HaizEEeX6YUMS7%2BZqX4g8N1LqVPx9aYzagmXQXKP9Cqg8X6MpksISFkyN6uksWWIiaCi4%2F6GpgqRZaAg1Mg7BiYZXXvORWddSG9WfI6HKh00Y62QszXBNLvvWgRwgcvqLu9Tl70vCthc2ogU0ZD3rd8BtzX%2BnUk1eqVSuirFtkziz2P0ZMMQz1FAJeNhGqgTsu3ZoM%3D"
CHR DefaultNewTabURL: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=863166040&param1=y6bdVFVIsvuYsgEClQfz8FBvKkXdqONxqOqRNOxENVZHef5O1Ic1aE4boHlv4nEA7nITRhuD%2BDNTe%2BCKkJUxhapUR7I8LZ5TIUtw%2FBsZn6r2iWWSIiZ161NeEubDDAFAGBs9y3D5nMsYgxhOUbXyhwAfY1ylJO6hoLkp55FeO7ukU5IjTIZ7uQvFkG0OMWOYS8E0djtwoVZ7p7Af%2F7EB01zjr%2BiTEje2i%2Fg9IOujRXqAi2CHRrX2C2%2F%2BGVHbxAN4%2BEXmbgLlPHMtw8d27JhyzNVgA7twPb4NfjAvDLqUDf4%3D
S2 BriefMedianAMG; C:\ProgramData\BriefMedianAMG\BriefMedianAMG.exe -service [X] <==== ATTENTION
C:\ProgramData\BriefMedianAMG\BriefMedianAMG.exe
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
cmd: ipconfig /flushdns
emptytemp:
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ...

Please run a new scan with FRST, and post me the new FRST.txt and Addition.txt logs please.
__________________
Gary R is offline  
Old 01-30-2020, 08:15 AM   #25
Registered Member
 
Join Date: Jul 2009
Posts: 40
OS: vista



I didn't see the first extension, pilplloabdedfmialnfchjomjmpjcoej.

I deleted the second, mpicjgpamgcnpiacdciefbgahmkhhogc

attached is a screen of remaining extensions, which u can probably see in the other attachments.

there were some internet issues with login into accounts and links, that seem to be working better now.

thx

CHR Extension: (*Search Manager*) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\*pilplloabdedfmialnfchjomjmpjcoej* [2020-01-24]



CHR HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [*mpicjgpamgcnpiacdciefbgahmkhhogc*] - hxxps://chrome.google.com/webstore/detail/mpicjgpamgcnpiacdciefbgahmkhhogc
Attached Thumbnails
Click image for larger version

Name:	chrome extentions.jpg
Views:	2
Size:	76.8 KB
ID:	325112  
Attached Files
File Type: zip Fixlog.zip (2.4 KB, 2 views)
File Type: zip FRST.zip (7.9 KB, 3 views)
File Type: zip Addition (2).zip (7.2 KB, 2 views)
beavis1122 is offline  
Old 01-30-2020, 08:46 AM   #26
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Location: Yorkshire
Posts: 735
OS: W10, W8.1, Mint Cinnamon 19.2, MX Linux



Looks like there's still a problem with Chrome.

So please do the following ....

Reboot your Computer

Now download and install a new clean version of Google Chrome ... https://www.google.com/chrome/

Please let me know how your computer is behaving now.
__________________
Gary R is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:02 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts