Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extension on Google Chrome I can't delete


  • Please log in to reply
10 replies to this topic

#1 izzes

izzes

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 11 November 2014 - 08:51 PM

Hello,

 

I'm have some trouble with an extension for Google Chrome which always returns after I reboot my notebook.

 

I noticed that it happened after a game was installed using Steam, and that game had secondary installers. One of them gave me problems to install, so I did it manually (the program was pbsvc_blr.exe). Ok, after all of that the game didn't run and I deleted everything.

 

Then, the ads started to show up in the pages. I looked in the Extension manager in Google Chrome and there was an extension called "gcknhkkoolaabfmlnjonogaaifnjlfnp". 

 

I am 100% sure it is a virus, or a malware of some sort, but nothing I did seemed to work. So I come here to ask for some help.

 

I'm sorry if this isn't the place where I was supposed to create the topic, or if there was another topic with the same problem already fixed, but I would appreciate some directions.

 

 

Thank you, anyway.

Izzes



BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 AM

Posted 11 November 2014 - 09:02 PM

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 izzes

izzes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 11 November 2014 - 09:27 PM

BEFORE SCAN:

 

# AdwCleaner v4.101 - Relatório criado 12/11/2014 às 00:06:25

# Atualizado 09/11/2014 por Xplode
# Database : 2014-11-11.2 [Live]
# Sistema Operacional : Windows 8.1 Single Language  (64 bits)
# Usuário : IZS - TEMPEST
# Executando de : C:\Users\IZS\Desktop\AdwCleaner.exe
# Opção : Examinar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Arquivo Encontrado : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Encontrado : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Arquivo Encontrado : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Arquivo Encontrado : C:\Users\IZS\AppData\Local\Temp\Uninstall.exe
Pasta Encontrado : C:\Program Files (x86)\globalUpdate
Pasta Encontrado : C:\ProgramData\apn
Pasta Encontrado : C:\ProgramData\baidu
Pasta Encontrado : C:\Users\IZS\AppData\Local\globalUpdate
Pasta Encontrado : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Pasta Encontrado : C:\Users\IZS\AppData\Roaming\baidu
Pasta Encontrado : C:\Users\IZS\AppData\Roaming\OpenCandy
Pasta Encontrado : C:\Users\IZS\AppData\Roaming\RHEng
Pasta Encontrado : C:\Users\leila_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Pasta Encontrado : C:\Users\Public\Documents\baidu
 
***** [ Tarefas ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
Chave Encontrada : HKCU\Software\AppDataLow\Software\Crossrider
Chave Encontrada : HKCU\Software\GlobalUpdate
Chave Encontrada : [x64] HKCU\Software\GlobalUpdate
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Chave Encontrada : HKLM\SOFTWARE\GlobalUpdate
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Encontrada : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\leila_000\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrada [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2797 octets] - [12/11/2014 00:06:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2857 octets] ##########
 
 
 
 
 
 
 
 
 
AFTER SCAN:
 
# AdwCleaner v4.101 - Relatório criado 12/11/2014 às 00:11:44
# Atualizado 09/11/2014 por Xplode
# Database : 2014-11-11.2 [Live]
# Sistema Operacional : Windows 8.1 Single Language  (64 bits)
# Usuário : IZS - TEMPEST
# Executando de : C:\Users\IZS\Desktop\AdwCleaner.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Users\IZS\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\IZS\AppData\Roaming\baidu
Pasta Deletada : C:\Users\IZS\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\IZS\AppData\Roaming\RHEng
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Pasta Deletada : C:\Users\leila_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Arquivo Deletada : C:\Users\IZS\AppData\Local\Temp\Uninstall.exe
Arquivo Deletada : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Deletada : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Arquivo Deletada : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
 
***** [ Tarefas ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKLM\SOFTWARE\GlobalUpdate
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\leila_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2949 octets] - [12/11/2014 00:06:25]
AdwCleaner[S0].txt - [2756 octets] - [12/11/2014 00:11:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2816 octets] ##########
 
 
 
 
 
 
AFTER JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 8.1 Single Language x64
Ran by IZS on 12/11/2014 at  0:20:06,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\displayswitch
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\IZS\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\IZS\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/11/2014 at  0:23:08,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 AM

Posted 11 November 2014 - 10:06 PM

Has that solved your problem?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 izzes

izzes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 11 November 2014 - 11:07 PM

No, not at all, haha

 

The moment I opened Google Chrome to post the results this page was full of ads and I barely could post the data.

I tried to do it again and these were the results:

 

 

 

 

BEFORE:

# AdwCleaner v4.101 - Relatório criado 12/11/2014 às 01:43:41

# Atualizado 09/11/2014 por Xplode
# Database : 2014-11-11.2 [Live]
# Sistema Operacional : Windows 8.1 Single Language  (64 bits)
# Usuário : IZS - TEMPEST
# Executando de : C:\Users\IZS\Desktop\AdwCleaner.exe
# Opção : Examinar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Arquivo Encontrado : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Encontrado : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Tarefas ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrada [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2949 octets] - [12/11/2014 00:06:25]
AdwCleaner[R1].txt - [1076 octets] - [12/11/2014 01:43:41]
AdwCleaner[S0].txt - [2904 octets] - [12/11/2014 00:11:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1196 octets] ##########
 
 
AFTER:
# AdwCleaner v4.101 - Relatório criado 12/11/2014 às 01:45:31
# Atualizado 09/11/2014 por Xplode
# Database : 2014-11-11.2 [Live]
# Sistema Operacional : Windows 8.1 Single Language  (64 bits)
# Usuário : IZS - TEMPEST
# Executando de : C:\Users\IZS\Desktop\AdwCleaner.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Arquivo Deletada : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Tarefas ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\IZS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2949 octets] - [12/11/2014 00:06:25]
AdwCleaner[R1].txt - [1276 octets] - [12/11/2014 01:43:41]
AdwCleaner[S0].txt - [2904 octets] - [12/11/2014 00:11:44]
AdwCleaner[S1].txt - [1188 octets] - [12/11/2014 01:45:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1248 octets] ##########
 
 
 
THEN JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 8.1 Single Language x64
Ran by IZS on 12/11/2014 at  1:50:49,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\displayswitch
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/11/2014 at  1:55:40,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
What do I do now?


#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 AM

Posted 11 November 2014 - 11:17 PM

Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
  • If no threats were found, click View detailed log.
    • Click Export and save the log as a .txt file on your Desktop or another location.
  • If the scan detected any threats, click Apply Actions.
    • To complete any actions taken you will be prompted to restart your computer...click on Yes.
    • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
    • Check the box next to Scan Log. Choose the most current scan and click View.
    • Click Export and save the log as a .txt file on your Desktop or another location.
Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 izzes

izzes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 11 November 2014 - 11:54 PM

OK, here it is...

 

 

LOG AFTER SCAN:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/11/2014
Scan Time: 02:25:38
Logfile: logfile_malwarebytes_0240-12112014.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.12.05
Rootkit Database: v2014.11.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: IZS
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374386
Time Elapsed: 12 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [b33236042b51cd69ea59c7548083eb15], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417, , [b33236042b51cd69ea59c7548083eb15], 
 
Files: 15
PUP.Optional.HQVideo.A, C:\Users\IZS\AppData\Roaming\LUJOADM.exe, , [4f962911512bbd7942e49adc08fdcf31], 
PUP.Optional.HQVideo.A, C:\Users\IZS\AppData\Roaming\XEBY.exe, , [9e47f842c5b745f1909655210df89e62], 
PUP.Optional.OutBrowse, C:\Users\IZS\AppData\Local\Temp\nspE19C.tmp\cvf.dll, , [a63f95a56814181edcc3952da859de22], 
PUP.Optional.CrossRider.A, C:\Users\IZS\AppData\Local\Temp\91415344370\1_Offer_3.exe, , [469fa892ef8d181e4c32d5043bc6b749], 
PUP.Optional.BPlug, C:\Users\IZS\AppData\Local\Temp\91415344370\1_Offer_5.exe, , [6d78102aee8e082e1c0ddee5d22f926e], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\GoogleCrashHandler.exe, , [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\GoogleUpdate.exe, , [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\GoogleUpdateBroker.exe, , [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\GoogleUpdateHelper.msi, , [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\GoogleUpdateOnDemand.exe, , [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\goopdate.dll, , [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\goopdateres_en.dll, , [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\npGoogleUpdate4.dll, , [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\psmachine.dll, , [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\psuser.dll, , [b33236042b51cd69ea59c7548083eb15], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
LOG AFTER REBOOT:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/11/2014
Scan Time: 02:25:38
Logfile: mbam-log-2014-11-12--02-25-34.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.12.05
Rootkit Database: v2014.11.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: IZS
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374386
Time Elapsed: 12 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [b33236042b51cd69ea59c7548083eb15], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417, Quarantined, [b33236042b51cd69ea59c7548083eb15], 
 
Files: 15
PUP.Optional.HQVideo.A, C:\Users\IZS\AppData\Roaming\LUJOADM.exe, Quarantined, [4f962911512bbd7942e49adc08fdcf31], 
PUP.Optional.HQVideo.A, C:\Users\IZS\AppData\Roaming\XEBY.exe, Quarantined, [9e47f842c5b745f1909655210df89e62], 
PUP.Optional.OutBrowse, C:\Users\IZS\AppData\Local\Temp\nspE19C.tmp\cvf.dll, Quarantined, [a63f95a56814181edcc3952da859de22], 
PUP.Optional.CrossRider.A, C:\Users\IZS\AppData\Local\Temp\91415344370\1_Offer_3.exe, Quarantined, [469fa892ef8d181e4c32d5043bc6b749], 
PUP.Optional.BPlug, C:\Users\IZS\AppData\Local\Temp\91415344370\1_Offer_5.exe, Quarantined, [6d78102aee8e082e1c0ddee5d22f926e], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\GoogleCrashHandler.exe, Quarantined, [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\GoogleUpdate.exe, Quarantined, [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\GoogleUpdateBroker.exe, Quarantined, [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\GoogleUpdateHelper.msi, Quarantined, [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\GoogleUpdateOnDemand.exe, Quarantined, [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\goopdate.dll, Quarantined, [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\goopdateres_en.dll, Quarantined, [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\npGoogleUpdate4.dll, Quarantined, [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\psmachine.dll, Quarantined, [b33236042b51cd69ea59c7548083eb15], 
PUP.Optional.GlobalUpdate.A, C:\Users\IZS\AppData\Local\Temp\comh.231417\psuser.dll, Quarantined, [b33236042b51cd69ea59c7548083eb15], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
 
 
 
 
Whew... as it seems the ads extension did not return after the reboot and I could open this page with no problem.
I think it solved the problem, at least aparently...
 
Is there anything else I need to do?
 
Thank you very much for your patience and help, sir. You're a hero. ;~
 
Izzes


#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 AM

Posted 11 November 2014 - 11:58 PM

Let's run an ESET scan as a final check:
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 izzes

izzes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 12 November 2014 - 01:20 AM

This scan realy took a long time to finish, haha

So, here it is the log from ESETScan:

 

C:\Program Files\KMSpico\AutoPico.exe MSIL/HackTool.IdleKMS.C potentially unsafe application deleted - quarantined
C:\Program Files\KMSpico\KMSELDI.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application deleted - quarantined
C:\Program Files\KMSpico\Service_KMS.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application deleted - quarantined
C:\Users\IZS\AppData\Local\Temp\k.exe MSIL/HackTool.IdleKMS.C potentially unsafe application deleted - quarantined
C:\Users\IZS\AppData\Local\Temp\riw.exe a variant of Win32/OutBrowse.BA potentially unwanted application deleted - quarantined
C:\Users\IZS\AppData\Local\Temp\uttABAF.tmp.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
C:\Users\IZS\Downloads\TORRENTS\[White0wl] Alien Isolation (Cracked + Repacked)\setup.exe a variant of MSIL/Injector.GAL trojan deleted - quarantined
 
 
Is anything else I need to do?


#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 AM

Posted 12 November 2014 - 01:24 AM

Ok it looks like we are finished here.

I would never download things like this: "Alien Isolation (Cracked + Repacked)". These cracks are normally full of viruses.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 izzes

izzes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 12 November 2014 - 01:32 AM

I can understand why. I already deleted these files just for safety.

Thank you very much for your help and support.

 

May you have a nice day, good sir :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users