Jump to content

PUP.Optional.Search.Manager in Chrome keeps coming back


Recommended Posts

  • Replies 95
  • Created
  • Last Reply

Top Posters In This Topic

Reset settings back to Normal boot...   Drag BITS.reg and BITS.zip from your Desktop to the recycle bin.

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Also BITS.reg should be saved to your Desktop, zip up and attach to reply...

 

fixlist.txt

Link to post
Share on other sites

I assume that was the BITS file exported by the last fix with FRST, if so it looks good, nothing wrong. Sigh...

The program you mention AVC, I do not see that in the installed program list. Did you uninstall it...

Please start an elevated Admin level Command Prompt and type or copy/paste the following, then select the Enter key.

SCHTASKS /Query /FO LIST /V >"%USERPROFILE%\Desktop\MyScheduledTasks.txt"

That text file will be saved to your Desktop, attach to your reply..

 

Link to post
Share on other sites

Correct this is the BITS file that was generated by FRST using the fixlist file you provided me with. I deleted the zip and the bits that came from the zip file before running FRST.

AVC is uninstalled. I uninstalled Chromium which was also installed by AVC. I think there was one other program installed. But I don't remember. I uninstalled them before coming to this forum. 

 

 

MyScheduledTasks.txt

Link to post
Share on other sites

Download Portable Windows Repair (all in one) from one of the following:

www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip

http://www.majorgeeks.com/mg/getmirror/tweaking_com_windows_repair_portable,1.html

https://www.bleepingcomputer.com/download/windows-repair-all-in-one/

Unzip the contents into a newly created folder on your desktop.

Boot your system to Safe mode, instructions here: https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode

Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

From the main GUI do the following:

Select Tab 5 to make Registry backup, use the recommended option...

user posted image

When complete select "Repairs" tab, from there select "Open Repairs" tab..

From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab....

user posted image

When complete re-boot your system, see if there is any improvement...

Logs are saved to the Tweaking.com folder on your Desktop, the one to post is _Windows_Repair_Log.txt

When back in normal mode run scan with Malwarebytes. When that finishes open Chrome, any change...?
Link to post
Share on other sites

Hello again Ivanokov

Can I see the log from Tweaking scan..  Remove search manager extensions from Chrome then close Chrome out for now...

Run another scan with Malwarebytes, quarantine anything it finds.

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Leave Chrome closed and post the requested logs..

Thanks,

Kevin..

 

fixlist.txt

Link to post
Share on other sites

The log times just did not add up...

-Log Details of the first one posted-
Scan Date: 1/20/19
Scan Time: 2:06 AM

The log you just posted shows a big time difference:

-Log Details of latest scan-
Scan Date: 1/20/19
Scan Time: 11:37 AM

Can you check the logs and see if there is one closer on time..

Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Scan Report" entry close to the last one you`ve posted > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply

Link to post
Share on other sites

I opened it and its not there.

 

I did run a scan with adwcleaner and got this result. I didn't clean it. 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    01-20-2019
# Duration: 00:00:07
# OS:       Windows 10 Pro
# Scanned:  32265
# Detected: 6


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

PUP.Optional.SearchManager      Search Manager
PUP.Optional.SearchManager      Search Manager

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [2313 octets] - [17/01/2019 09:22:45]
AdwCleaner[C00].txt - [2295 octets] - [17/01/2019 09:22:56]
AdwCleaner[S01].txt - [1429 octets] - [17/01/2019 09:25:25]
AdwCleaner[C01].txt - [1577 octets] - [17/01/2019 09:26:14]
AdwCleaner[S02].txt - [1493 octets] - [17/01/2019 09:27:47]
AdwCleaner[C02].txt - [1679 octets] - [17/01/2019 09:28:01]
AdwCleaner[S03].txt - [1615 octets] - [17/01/2019 09:29:21]
AdwCleaner[S04].txt - [1676 octets] - [17/01/2019 09:35:00]
AdwCleaner[S05].txt - [1795 octets] - [17/01/2019 10:11:08]
AdwCleaner[C05].txt - [1943 octets] - [17/01/2019 10:11:55]
AdwCleaner[S06].txt - [1917 octets] - [17/01/2019 10:21:23]
AdwCleaner[C06].txt - [2065 octets] - [17/01/2019 10:22:12]
AdwCleaner[S07].txt - [2039 octets] - [17/01/2019 14:41:33]
AdwCleaner[C07].txt - [2187 octets] - [17/01/2019 15:03:36]
AdwCleaner[S08].txt - [2103 octets] - [17/01/2019 15:09:36]
AdwCleaner[C08].txt - [2289 octets] - [17/01/2019 15:09:50]
AdwCleaner[S09].txt - [2225 octets] - [17/01/2019 15:16:02]
AdwCleaner[S10].txt - [2344 octets] - [17/01/2019 15:19:08]
AdwCleaner[S11].txt - [2347 octets] - [17/01/2019 15:26:05]
AdwCleaner[S12].txt - [2408 octets] - [17/01/2019 15:35:46]
AdwCleaner[S13].txt - [2527 octets] - [17/01/2019 15:44:32]
AdwCleaner[C13].txt - [2675 octets] - [17/01/2019 15:44:39]
AdwCleaner[S14].txt - [2591 octets] - [17/01/2019 15:56:50]
AdwCleaner[S15].txt - [2652 octets] - [17/01/2019 15:58:45]
AdwCleaner[S16].txt - [2713 octets] - [17/01/2019 16:09:23]
AdwCleaner[S17].txt - [2832 octets] - [17/01/2019 16:16:20]
AdwCleaner[C17].txt - [2980 octets] - [17/01/2019 16:17:48]
AdwCleaner[S18].txt - [2896 octets] - [17/01/2019 16:27:47]
AdwCleaner[S19].txt - [3153 octets] - [17/01/2019 16:46:01]
AdwCleaner[S20].txt - [3076 octets] - [17/01/2019 17:02:51]
AdwCleaner[S21].txt - [3079 octets] - [18/01/2019 18:37:09]
AdwCleaner[C21].txt - [3265 octets] - [18/01/2019 18:37:26]
AdwCleaner[S22].txt - [3614 octets] - [19/01/2019 14:10:05]
AdwCleaner[C22].txt - [3762 octets] - [19/01/2019 14:10:13]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S23].txt ##########
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.