Assigned Chrome search engines

03pawan · Feb 8, 2022

I'm unable to remove search engines like bing yahoo and secure search. Tried using malwarebytes but didn't seem to work out.
Here are the files attached.
Please help.

nasdaq · Feb 8, 2022

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

In order to give you sound advice I need to see the FRST.TXT log from running the Farbar program.
Please attach iit to your next reply.

03pawan · Feb 9, 2022

Hello Nasdaq. Here is the FRST.TXT file.

nasdaq · Feb 9, 2022

Hi,

Sorry but the file is missing.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Attach Files.
Navigate to the location of the File.
Click the file. It will appear in the reply section.
Click the Post Reply button.

03pawan · Feb 9, 2022

I am trying to upload. I don;t know if it's a glitch or what.

03pawan · Feb 9, 2022

nasdaq said:
Hi,

Sorry but the file is missing.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Attach Files.
Navigate to the location of the File.
Click the file. It will appear in the reply section.
Click the Post Reply button.

I am unable to upload just the FRST.txt file, seems to be a glitch. Here's my drive link which contains all the reports together. Please have a look into it.
Malwarebytes - Google Drive

nasdaq · Feb 10, 2022

I have delete the adttachments in post no.1.

Try to attach your new the Addition.txt and FRST.TXT logs to your next reply.
If not poste the logs in your next reply. use 2 replies if needed.

03pawan · Feb 15, 2022

Addition.txt

03pawan · Feb 15, 2022

FRST.TXT

nasdaq · Feb 15, 2022

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.

Code:

start

SystemRestore: On
Comment: For your security a new restore point will be created.
CreateRestorePoint:
Comment: We need to close all processes to complete the fix.
CloseProcesses:

Comment: Items from the FRST.TXT log that will be removed from the Registry.
HKU\S-1-5-21-3485454623-3253768493-349170438-1001\...\Run: [utweb] => "C:\Users\pawan\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (No File)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S3 mfeaack01; \Device\mfeaack01.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
VirusTotal: C:\Users\pawan\.mongorc.js
VirusTotal: C:\Users\pawan\a.exe

Comment: Items from the Addition.txt log that will be removed.
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FirewallRules: [UDP Query User{96D2E58A-C6E6-4363-ADF6-D843E60F99D9}D:\softwares\xampp\mysql\bin\mysqld.exe] => (Allow) D:\softwares\xampp\mysql\bin\mysqld.exe => No File
FirewallRules: [TCP Query User{F0F0D675-4ECA-44C3-B402-66F91CCA0988}D:\softwares\xampp\mysql\bin\mysqld.exe] => (Allow) D:\softwares\xampp\mysql\bin\mysqld.exe => No File
FirewallRules: [UDP Query User{E80F772F-0665-47C2-A9F7-CC38D2E680F4}D:\softwares\xampp\apache\bin\httpd.exe] => (Allow) D:\softwares\xampp\apache\bin\httpd.exe => No File
FirewallRules: [TCP Query User{2FE549D9-590C-4A3C-BE85-8BA96AAE06B8}D:\softwares\xampp\apache\bin\httpd.exe] => (Allow) D:\softwares\xampp\apache\bin\httpd.exe => No File
FirewallRules: [{9B47EADD-906D-452D-95E9-4BCF01E021B2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{F4F5344A-681A-44D1-BB1F-C8E56F6C487C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{5101D3A1-A717-456B-83AB-E0FA33F16F40}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{A7321C23-C1EC-44E2-945B-3F3F7CA0F9E0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{0BA3F444-4DE9-4C75-9E64-DF04DBC8B146}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{160F33F2-B493-4279-950A-6E8D1634B5F2}] => (Allow) D:\Steam\Steam.exe => No File
FirewallRules: [{DC67B895-BDFB-4B33-BF14-4AF3138D2010}] => (Allow) D:\Steam\Steam.exe => No File
FirewallRules: [{4644A69A-6A49-49EA-B293-CC6AC4E1CE81}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{6308D194-6A2A-4C30-B347-C3A1E7007CB2}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File

Comment: TCP/IP Reset
CMD: netsh int ip reset
CMD: ipconfig /flushDNS

Comment: To rebuild the performance counter library values.
CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
CMD: "C:\Windows\SysWOW64\lodctr.exe /R"

Comment: Use Farbar routine to delete temp files
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp

Reboot:

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

03pawan · Feb 18, 2022

Hello Nasdaq, the search engine problem still persists but my system seems to run and boot faster like a new one. Thank you for your help and support. Would love to be in this community. Here is the fixlog.

nasdaq · Feb 18, 2022

Hi,

Delete the files in bold.

C:\Users\pawan\.mongorc.js
C:\Users\pawan\a.exe

Restart the computer normally.
----

If the problem persists and Chrome is Synced with other Devices reset it.

Chrome Secure Preferences detection always returns

Browser-related remediation (especially concerning preference/configuration files) can be particularly troublesome given the safeguards built into the browsers, along with syncing mechanisms and other complications associated with Internet browsers. The issue you're experiencing is likely caused ...

forums.malwarebytes.com

Sign in and sync in Chrome - Computer - Google Chrome Help

When you sign in to Chrome with your Google Account, you can get your info on all your devices and use additional Chrome features. When you sign in You can get your bookmarks, passwords, and

support.google.com

Execute the suggested fix.

Restart the computer normally.

How is it now?

03pawan · Feb 18, 2022

Problem still persists. I followed it exactly the way the fix was given but it didn't seem to work out

nasdaq · Feb 18, 2022

Hi,

I remember looking at your logs and did not find any references to Yahoo! or Bing.

What is the problem with these browsers?

03pawan · Feb 18, 2022

This!

nasdaq · Feb 19, 2022

Hi,

I have just been made aware of this.

You will find your answer in this post.

You can no longer delete the default search engine in Chrome

You can no longer delete the default search engine in Chrome

With the release of Chrome 97, the engineers on the Chromium team have removed the option of deleting default search engines in the browser. The change affects all Chromium-based browsers. The change was spearheaded by Googler Justin Donnolley who noted: Currently, you can delete a pre-populated...

mspoweruser.com

Hope that helps.

03pawan · Feb 19, 2022

nasdaq said:
Hi,

I have just been made aware of this.

You will find your answer in this post.

You can no longer delete the default search engine in Chrome

You can no longer delete the default search engine in Chrome

With the release of Chrome 97, the engineers on the Chromium team have removed the option of deleting default search engines in the browser. The change affects all Chromium-based browsers. The change was spearheaded by Googler Justin Donnolley who noted: Currently, you can delete a pre-populated...

mspoweruser.com

Hope that helps.

Yeah but those default engines were not installed by me. Maybe due to some extension. Anyways until they're harmless, cheers!

nasdaq · Feb 19, 2022

They are do not worry.
nasdaq

nasdaq · Mar 5, 2022

Hi,

Just to let you know that Google restores ability to delete default search engines in Chrome 99

How to: