Tech Support banner

Status
Not open for further replies.
21 - 26 of 26 Posts

·
Moderator , Security Team
Joined
·
1,049 Posts
After a brief look at your new logs, it looks like there's still some work to do.

I need to go over them in detail, and it may take a while, I'll get back to you ASAP.
 

·
Moderator , Security Team
Joined
·
1,049 Posts
OK here goes with round 2 ....

First ...

  • Go to Control Panel > Programs > Programs and Features
  • Uninstall SSOption
  • Reboot your computer to complete the unnstall

Next ...

Remove the following Google Chrome extensions ...

CHR Extension: (Search Manager) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2020-01-24]

CHR HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mpicjgpamgcnpiacdciefbgahmkhhogc] - hxxps://chrome.google.com/webstore/detail/mpicjgpamgcnpiacdciefbgahmkhhogc
See ... https://www.timeatlas.com/uninstall-chrome-extensions/

Next ...

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ....
Code:
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=863166040&param1=y6bdVFVIsvuYsgEClQfz8FBvKkXdqONxqOqRNOxENVZHef5O1Ic1aE4boHlv4nEAf5CoTF5GAKajp0diKZIFl79J%2FIO3qfYZuLoIQ2I0Xcwexctr066OaH1JuOO6oQg3sVmD1zt8WM%2F8Hy5oFUBepR530GJMqucoDuyWKCWR2bYiV6R47M%2Fzx4bzWLi8ORrUNhA7kGeqwAWLHV%2Flz9I%2Fly2wnMVUn32N9GIVrnpr5EHet9CiF0IGekbUoMCbxoh1GmuKZWuhp7XXicZgGF39mQ%3D%3D
SearchScopes: HKU\S-1-5-21-3075259716-4219239708-4241734008-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=863166040&param1=y6bdVFVIsvuYsgEClQfz8FBvKkXdqONxqOqRNOxENVZHef5O1Ic1aE4boHlv4nEANF2l01JJkclQ%2Fev7sHrkxwARX51fFDzISU0qs1dcYINutlgpT4%2BPs%2FmRVa%2BaepUuAIiK3TPWj21tjOTw1vFY1p%2BDFU4UOs%2BowxF04FjRwWTbgech%2Bo10tBjJtf4T97fE0nyO9lVq%2Bg8SPSzNjrIphin%2B3iZXGW3opIghKeZyVOWIXMmxEMEHhcX8bQQ578X9hScHb3AVf9AuBU9%2FgcjT6Q%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3075259716-4219239708-4241734008-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=863166040&param1=y6bdVFVIsvuYsgEClQfz8FBvKkXdqONxqOqRNOxENVZHef5O1Ic1aE4boHlv4nEANF2l01JJkclQ%2Fev7sHrkxwARX51fFDzISU0qs1dcYINutlgpT4%2BPs%2FmRVa%2BaepUuAIiK3TPWj21tjOTw1vFY1p%2BDFU4UOs%2BowxF04FjRwWTbgech%2Bo10tBjJtf4T97fE0nyO9lVq%2Bg8SPSzNjrIphin%2B3iZXGW3opIghKeZyVOWIXMmxEMEHhcX8bQQ578X9hScHb3AVf9AuBU9%2FgcjT6Q%3D%3D&p={searchTerms}
CHR HomePage: Default -> homepage.ssoextension.com
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=863166040&param1=y6bdVFVIsvuYsgEClQfz8FBvKkXdqONxqOqRNOxENVZHef5O1Ic1aE4boHlv4nEAoPdZrYaNOtPT2uPrGxgjFXRZeyTLsWprl8KI5HaizEEeX6YUMS7%2BZqX4g8N1LqVPx9aYzagmXQXKP9Cqg8X6MpksISFkyN6uksWWIiaCi4%2F6GpgqRZaAg1Mg7BiYZXXvORWddSG9WfI6HKh00Y62QszXBNLvvWgRwgcvqLu9Tl70vCthc2ogU0ZD3rd8BtzX%2BnUk1eqVSuirFtkziz2P0ZMMQz1FAJeNhGqgTsu3ZoM%3D"
CHR DefaultNewTabURL: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=863166040&param1=y6bdVFVIsvuYsgEClQfz8FBvKkXdqONxqOqRNOxENVZHef5O1Ic1aE4boHlv4nEA7nITRhuD%2BDNTe%2BCKkJUxhapUR7I8LZ5TIUtw%2FBsZn6r2iWWSIiZ161NeEubDDAFAGBs9y3D5nMsYgxhOUbXyhwAfY1ylJO6hoLkp55FeO7ukU5IjTIZ7uQvFkG0OMWOYS8E0djtwoVZ7p7Af%2F7EB01zjr%2BiTEje2i%2Fg9IOujRXqAi2CHRrX2C2%2F%2BGVHbxAN4%2BEXmbgLlPHMtw8d27JhyzNVgA7twPb4NfjAvDLqUDf4%3D
S2 BriefMedianAMG; C:\ProgramData\BriefMedianAMG\BriefMedianAMG.exe -service [X] <==== ATTENTION
C:\ProgramData\BriefMedianAMG\BriefMedianAMG.exe
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
cmd: ipconfig /flushdns
emptytemp:
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ...

Please run a new scan with FRST, and post me the new FRST.txt and Addition.txt logs please.
 

·
Registered
Joined
·
40 Posts
Discussion Starter #25
I didn't see the first extension, pilplloabdedfmialnfchjomjmpjcoej.

I deleted the second, mpicjgpamgcnpiacdciefbgahmkhhogc

attached is a screen of remaining extensions, which u can probably see in the other attachments.

there were some internet issues with login into accounts and links, that seem to be working better now.

thx

CHR Extension: (*Search Manager*) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\*pilplloabdedfmialnfchjomjmpjcoej* [2020-01-24]



CHR HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [*mpicjgpamgcnpiacdciefbgahmkhhogc*] - hxxps://chrome.google.com/webstore/detail/mpicjgpamgcnpiacdciefbgahmkhhogc
 

Attachments

·
Moderator , Security Team
Joined
·
1,049 Posts
Looks like there's still a problem with Chrome.

So please do the following ....


Reboot your Computer

Now download and install a new clean version of Google Chrome ... https://www.google.com/chrome/

Please let me know how your computer is behaving now.
 
21 - 26 of 26 Posts
Status
Not open for further replies.
Top