Jump to content

Getting redirect malware from Visymo


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello. A few weeks ago I started getting ad iframes in google search. I googled and did some stuff to fix it. Including using MalwareFox which found malecious registry entries. I removed them and for a couple of hours or days everything worked fine but it keeps coming back. The list of software I tried includes: Malwarebytes, MalwareFox, McAfee, AdwCleaner, Kaspersky and Hitman. Some of them found the reg entries, other didn't. btw I have attached a file with a log on where the entries appear and what the include.

Please help me to get rid of the root cause. It's getting annoying removing those reg entries every time.

FRST and Addiotion are also attached.

2020.12.16-19.01.01-i0-t92-d5.txt Addition.txt FRST.txt

Link to post
Share on other sites

Hello   :welcome:

You have run a swles of things on your own.  While this case is active here, please stop getting & using any tools on your own.

What follows is a few basic simple starter steps to help on the Chrome browser.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 4 consecutive days,  do try to let me know ahead of time, as much as possible. 
  
Please only just attach   all report files, etc  that I ask for as we go along.
Thanks for the reports. 

[   1   ]

Use Chrome browser   to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".

We need the SYNC option on Googoe to be OFF  in order to clean Chrome browser.

[   2   ]

for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

[   3   ]

After that, make real sure that Chrome is "NOT" set to reload the pages from the last session

Go into the settings menu of Chrome by first clicking  the control icon of Chrome on upper right of the adress bar

Then look deeper in SETTINGS

image.png.acc4b1dd7f23b468447c778418108fa5.png

 

Make real sure it is "NOT" set to "continue where you left off"

.

[   4   ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[   5   ]

I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

 

Link to post
Share on other sites

The Chrome browser on this PC has a very very large ( huge ) number of browser extensions.  So huge I believe this one has the most I have noticed anywhere else.

I urge you to do a very close look and remove extensions you no longer need or hardly ever use.

if Chrome is "having an issue" in standard mode:
You can force Chrome to start in reduced mode, called Incognito mode, by putting a parameter at startup.
First, close any prior instances of Chrome via Task Manager.
Then press Windows-key+R for the RUN option and then put a command line similar to this {do use COPY & PASTE}

chrome.exe -incognito


Starting Chrome in Incognito mode may work for you, and allow you to make "changes" or tweaks in it.
Note also, Incognito mode is also an option in the Chrome menu {as long as it can start}.


Other suggestions,     

Still in Chrome, press ALT+F then Settings
Click Extensions on the left.
Closely review the browser extensions that are listed. Disable any that you are not familiar with or that you do not trust.

Also see these Google - Chrome articles and take appropriate measures !!
Reset browser settings
https://support.google.com/chrome/answer/3296214

 

Link to post
Share on other sites

44 minutes ago, Maurice Naggar said:

The Chrome browser on this PC has a very very large ( huge ) number of browser extensions.  So huge I believe this one has the most I have noticed anywhere else.

I urge you to do a very close look and remove extensions you no longer need or hardly ever use.

if Chrome is "having an issue" in standard mode:
You can force Chrome to start in reduced mode, called Incognito mode, by putting a parameter at startup.
First, close any prior instances of Chrome via Task Manager.
Then press Windows-key+R for the RUN option and then put a command line similar to this {do use COPY & PASTE}


chrome.exe -incognito


Starting Chrome in Incognito mode may work for you, and allow you to make "changes" or tweaks in it.
Note also, Incognito mode is also an option in the Chrome menu {as long as it can start}.


Other suggestions,     

Still in Chrome, press ALT+F then Settings
Click Extensions on the left.
Closely review the browser extensions that are listed. Disable any that you are not familiar with or that you do not trust.

Also see these Google - Chrome articles and take appropriate measures !!
Reset browser settings
https://support.google.com/chrome/answer/3296214

 

I've attached a screeshot of my extensions and I don't hink that this is a lot at all. Maybe you mixed something up?

Also neither Chrome nor Firefox have any issues except this google search redirect/injection every now and then.

Link to post
Share on other sites

If you would try the Incognito mode of Chrome then it should do a lot better.   Try that once or wtice.

In the meantime, you can use EDGE browser.

As to Chrome browser, it looks as if you have too many "profiles".  Just take a look at what FRST reports for "Chrome extensions".

( this is just so you are fully aware   ....later on we will do some other steps).   by the way, FRST makes no mention of "visimy"

CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default [2021-01-03]
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (DuckDuckGo) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2020-12-19]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-12-16]
CHR Extension: (Tampermonkey) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Quick Javascript Switcher) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-12-19]
CHR Extension: (XPath Finder & Test Recorder by Tesrupt) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcfcepneepanakckpfnfkjppffbikehl [2020-11-28]
CHR Extension: (ChroPath) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngjbnaijcbncmcnjfhigebomdlkcjo [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (ColorPick Eyedropper) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2020-12-16]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Image Downloader) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Fatkun Batch Download Image) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nnjjahlikiabnchcpehcpkdeckfgnohf [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Kaspersky Protection) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 30\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Kaspersky Protection) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 31\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 32\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 33\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 34\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 35\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 36\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 37\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Kaspersky Protection) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 38\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (NoFollow) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\dfogidghaigoomjdeacndafapdijmiid [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 39\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40 [2020-12-16]
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (Web Developer) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Facebook Pixel Helper) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (NordVPN - #1 VPN Proxy Extension for Chrome) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\fjoaledfpmneenckfbpdfhkmimnjocfa [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (ChroPath) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\ljngjbnaijcbncmcnjfhigebomdlkcjo [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 40\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9 [2020-12-16]
CHR DefaultSearchURL: Profile 9 -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Profile 9 -> duckduckgo.com
CHR DefaultSuggestURL: Profile 9 -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-28]
CHR Extension: (Docs) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-28]
CHR Extension: (Google Drive) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (Google Optimize) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\bhdplaindhdkiflmbfbciehdccfhegci [2020-11-28]
CHR Extension: (DuckDuckGo) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-28]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-11-28]
CHR Extension: (Tampermonkey) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-11-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-28]
CHR Extension: (Sheets) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-28]
CHR Extension: (Quick Javascript Switcher) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\geddoclleiomckbhadiaipdggiiccfje [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-28]
CHR Extension: (Web Scraper - Free Web Scraping) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2020-11-28]
CHR Extension: (XPath Finder & Test Recorder by Tesrupt) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\kcfcepneepanakckpfnfkjppffbikehl [2020-11-28]
CHR Extension: (ChroPath) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ljngjbnaijcbncmcnjfhigebomdlkcjo [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-28]
CHR Extension: (ColorPick Eyedropper) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2020-11-28]
CHR Extension: (Gmail) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Krys\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Krys\AppData\Local\Google\Chrome\User Data\System Profile [2020-12-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 

 

  • Like 1
Link to post
Share on other sites

Hello.    

The next thing I would like you to do is to run the cleanup tool from Chrome - https://www.google.com/chrome/cleanup-tool/

It is made specifically by Chrome to cleanup Chrome browser.

Let me know if this helps.  If there are still a redirect issue, we can apply some other steps.

  • Thanks 1
Link to post
Share on other sites

Thank you for your help. As I mentioned in the opening post I don't have this problem all the time. Right now, there is no redirect but I still want to know where it's coming from. I don't think it's a browser thing because WHEN it happens all browser have it. Doesn't matter if Chrome, Firefox, Edge. The reason FRST doesn't mention visymo could be that it only checks browsers?

Everything you recommended was done with no result.

Link to post
Share on other sites

The FRST tool report shows all aspects as far as auto-started things, as well as all running processes.  And as I noted, no mention of of "visymo"

However, browser search hijackers can have other devious ways of being persistent.

Lets do a one time special scan  so I can review the results.

Please download RogueKiller (x64) using the link below.
→ http://download.adlice.com/api?action=download&app=roguekiller&type=x64

  •  
  • Save the file first,
  • Close any running programs that you started on your own ( if any).
  • Please disconnect any USB or external drives from the computer before you run this scan!

Double-click  RogueKillerx64.exe to run the program.

Follow the prompts. If a browser window opens, close the window.

 

In the HOME tab, click Scan button

Next, on the Quick scan pane, click om the Start button to proceed.

.

Upon completion, a browser window may open. Close this window.

 Important: Please do not have RogueKiller remove any detected items.

Click the HISTORY tab followed by Scan Reports.

Double-click the scan log. Click Export TXT, enter a filename and save the file to your Desktop.

Please attach the file in your next reply.

  • Like 1
Link to post
Share on other sites

  • Solution

Thanks. There are some values in the registry about autoconfigureurl that need to be removed, and other cleanups. Its highly likely that these autoconfigureurl values are key elements of the redirects.  We also want to re-insure that all browser temporary cache files are emptied, as well as clearing all Temp areas.

The system will be rebooted after the script has run.

This custom script is for  Blackjack90  only / for this machine only.

 

NOTE-1:  In addition, This fix will also run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome,  and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 
If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

The  custom Fix script is going to be used by the FRST64.exe   tool   which you have on your Downloads folder.

Please save the (attached file named) FIXLIST.txt   to the  Downloads  folder   


Start the Windows Explorer and then, to the Downloads   folder.


RIGHT click on  FRSTE64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.  

Do let me know how things are overall,  after all this.

Sincerely.

Fixlist.txt

  • Thanks 1
Link to post
Share on other sites

Thank you for the Fixlog report.  This appears like a good & very helpful run.   As a next step, to checkout your system a bit more, a new scan with Sophos.

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....




The Virus Removal Tool scans the following areas of your computer:

  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.



Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

  • Like 1
Link to post
Share on other sites

Allright.  Thanks.  Very good.   Now then, I take it that the redirect to "visymo / universal search / zapmeta" is no longer happening.

Now then, to strengthen your web browsers.  Your system has the latest ( new) Edge browser, along with the Google Chrome can have the Malwarebytes Browser Guard.

as also can the Mozilla Firefox.

I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

[     2     ]

Now for the EDGE browser

Open this link in your EDGE   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

[    3   ]   

For Mozilla Firefox

I would suggest to install the Malwarebytes Browser Guard for Firefox onto your Firefox browser.

To get & install the Malwarebytes Firefox Browser Guard  extension. 

Open this link in your Firefox browser:  https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/?src=search

Then proceed with the setup. 

Once installed, you will see the Malwarebytes logo appear to the right of your Firefox Browser address  bar ( top side, on the  right)  indicating it is installed.

User Guide for Malwarebytes Browser Guard can be found here: https://support.malwarebytes.com/docs/DOC-3446

The Malwarebytes Browser Guard will keep your browser away from dodgy sites.

 

  • Thanks 1
Link to post
Share on other sites

Good morning.  I am taking it that you have done these last steps ( above)  and that the original issue is gone.

Now, we can clean up after some tools we used.

To remove the FRST  tool & its work files, do this.  Go to your Desktop folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

 

Delete Roguekillerx64.exe

Delete the Sophos download

Any other download file I had you download, you may delete.

I wish you all the best.  Stay safe.

Sincerely,

Maurice

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.