Jump to content

Search the Community

Showing results for tags 'cmptch.com'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Android Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Translator Lounge
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 3 results

  1. What is MapsTrek?The Malwarebytes research team has determined that MapsTrek is potentially unwanted adware. These adware applications display advertisements not originating from the sites you are browsing.How do I know if my computer is affected by MapsTrek?You may see these browser extensions:these warnings during install:and this entry in your list of installed Programs and Features:How did MapsTrek get on my computer?Adware applications use different methods for distributing themselves. This particular one was downloaded from their website:but the Chrome extension was also available in the webstore:How do I remove MapsTrek?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of MapsTrek? No, Malwarebytes removes MapsTrek completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this adware.As you can see below the full version of Malwarebytes would have protected you against the MapsTrek adware. It would have blocked the installer before it became too late. Technical details for expertsPossible signs in FRST logs: BHO-x32: MapsTrek -> {0140D199-90CB-43AD-96B5-FCC4EBEA3C5C} -> C:\Users\{username}\AppData\Local\MapsTrek\mastrk.dll [2017-11-28] (MapsTrek) FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\{e3eb4df8-0cfb-4380-a7c0-856d4deda887}.xpi [2018-06-29] CHR Extension: (MapsTrek) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj [2018-06-29] Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0 Adds the file listmutex.js"="6/21/2018 10:10 AM, 3725 bytes, A Adds the file manifest.json"="6/29/2018 8:39 AM, 2514 bytes, A Adds the file segmentsignal.js"="6/21/2018 10:10 AM, 9912 bytes, A Adds the file shredpoint.js"="6/21/2018 10:10 AM, 908 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\_metadata Adds the file computed_hashes.json"="6/29/2018 8:39 AM, 13153 bytes, A Adds the file verified_contents.json"="6/21/2018 10:10 AM, 5981 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code Adds the file adaptmodel.js"="6/21/2018 10:10 AM, 4915 bytes, A Adds the file calcandreturnlist.js"="6/21/2018 10:10 AM, 30188 bytes, A Adds the file copylist.js"="6/21/2018 10:10 AM, 10982 bytes, A Adds the file existaccountant.js"="6/21/2018 10:10 AM, 26662 bytes, A Adds the file helpaccount.js"="6/21/2018 10:10 AM, 38561 bytes, A Adds the file iterateaccount.js"="6/21/2018 10:10 AM, 12401 bytes, A Adds the file leavebroker.js"="6/21/2018 10:10 AM, 6920 bytes, A Adds the file makerange.js"="6/21/2018 10:10 AM, 102655 bytes, A Adds the file repairmaterial.js"="6/21/2018 10:10 AM, 52386 bytes, A Adds the file returnvalues.js"="6/21/2018 10:10 AM, 18867 bytes, A Adds the file throwbackquery.js"="6/21/2018 10:10 AM, 2857 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core Adds the file abolishmoduo.js"="6/21/2018 10:10 AM, 34271 bytes, A Adds the file abolishmoduoA.js"="6/21/2018 10:10 AM, 1008 bytes, A Adds the file abolishmoduoB.js"="6/21/2018 10:10 AM, 95621 bytes, A Adds the file abolishmoduoC.js"="6/21/2018 10:10 AM, 23278 bytes, A Adds the file cyclelogic.js"="6/21/2018 10:10 AM, 879 bytes, A Adds the file readclock.js"="6/21/2018 10:10 AM, 23246 bytes, A Adds the file readclockA.js"="6/21/2018 10:10 AM, 8041 bytes, A Adds the file readclockB.js"="6/21/2018 10:10 AM, 7465 bytes, A Adds the file substractpoint.js"="6/21/2018 10:10 AM, 7921 bytes, A Adds the file substracttheme.js"="6/21/2018 10:10 AM, 1560 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\css Adds the file backcomp.css"="6/21/2018 10:10 AM, 1798 bytes, A Adds the file style.css"="6/21/2018 10:10 AM, 6052 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\html Adds the file background.html"="6/21/2018 10:10 AM, 302 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons Adds the file 128.png"="6/29/2018 8:39 AM, 3559 bytes, A Adds the file 16.png"="6/29/2018 8:39 AM, 525 bytes, A Adds the file 19.png"="6/29/2018 8:39 AM, 861 bytes, A Adds the file 32.png"="6/29/2018 8:39 AM, 943 bytes, A Adds the file 38.png"="6/29/2018 8:39 AM, 1375 bytes, A Adds the file 48.png"="6/29/2018 8:39 AM, 2370 bytes, A Adds the file 64.png"="6/21/2018 10:10 AM, 2844 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\js Adds the file vast.js"="6/21/2018 10:10 AM, 44016 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\lib Adds the file require.js"="6/21/2018 10:10 AM, 86328 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\main Adds the file mountgate.js"="6/21/2018 10:10 AM, 71956 bytes, A Adds the file putparameters.js"="6/21/2018 10:10 AM, 22388 bytes, A Adds the file repairserver.js"="6/21/2018 10:10 AM, 78490 bytes, A Adds the file showqueue.js"="6/21/2018 10:10 AM, 40935 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj Adds the file 000003.log"="6/29/2018 8:45 AM, 6801 bytes, A Adds the file CURRENT"="6/29/2018 8:39 AM, 16 bytes, A Adds the file LOCK"="6/29/2018 8:39 AM, 0 bytes, A Adds the file LOG"="6/29/2018 8:45 AM, 412 bytes, A Adds the file LOG.old"="6/29/2018 8:39 AM, 185 bytes, A Adds the file MANIFEST-000001"="6/29/2018 8:39 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\MapsTrek Adds the file mastrk.dll"="11/28/2017 1:41 PM, 677232 bytes, A Adds the file mastrk.exe"="11/28/2017 1:40 PM, 232304 bytes, A Adds the file unmastrk.exe"="11/28/2017 1:41 PM, 114712 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\{e3eb4df8-0cfb-4380-a7c0-856d4deda887} Adds the file storage.js"="6/29/2018 8:41 AM, 397 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file {e3eb4df8-0cfb-4380-a7c0-856d4deda887}.xpi"="6/29/2018 8:41 AM, 17836 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file MapsTrek.exe"="6/29/2018 8:43 AM, 429368 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}] "(Default)"="REG_SZ", "MapsTrek" "NoExplorer"="REG_DWORD", 1 [HKEY_CURRENT_USER\Software\AppDataLow\Software\9CFD33853782489EA5282D5DAD887BAB] "Ticket"="REG_SZ", "y9BsA114SPykduzJRCBX" [HKEY_CURRENT_USER\Software\AppDataLow\Software\mastrk] "53b4CHa0gt"="REG_BINARY, .... "kAfFt7TX2P"="REG_BINARY, .... "LLRJVICeKY"="REG_BINARY, "OqjEHqg7WD"="REG_BINARY, .............................................................................................................. "OX9HDv6ilb"="REG_BINARY, ............... "ppEwOXWLbn"="REG_BINARY, ................................................................................................................................ [HKEY_CURRENT_USER\Software\Classes\MapsTrek.Control] "(Default)"="REG_SZ", "MapsTrek" "CurVer"="REG_SZ", "MapsTrek.Control.1" "Software\Classes\CLSID"="REG_SZ", "{4F092454-7375-4357-B997-21EE5F915EAB}" [HKEY_CURRENT_USER\Software\Classes\MapsTrek.Control.1] "(Default)"="REG_SZ", "MapsTrek" "Software\Classes\CLSID"="REG_SZ", "{4F092454-7375-4357-B997-21EE5F915EAB}" [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}] "(Default)"="REG_SZ", "MapsTrek" [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}\Implemented Categories] "(Default)"="REG_SZ", "" [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}] "(Default)"="REG_SZ", "" [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}\InProcServer32] "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\MapsTrek\mastrk.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{4F092454-7375-4357-B997-21EE5F915EAB}] "(Default)"="REG_SZ", "MapsTrek Control" "ProgID"="REG_SZ", "MapsTrek.Control.1" "VersionIndependentProgID"="REG_SZ", "MapsTrek.Control" [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{4F092454-7375-4357-B997-21EE5F915EAB}\InProcServer32] "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\MapsTrek\mastrk.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "gdnkjjhpffldmfljpbfemliidkeeecdj"="REG_SZ", "1D272EB48CF1865AE596521B48415BDA65A4296278AC9C0929B5D7C0135A6738" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions] "{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}"="REG_BINARY, ............ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MapsTrek] "DisplayIcon"="REG_SZ", ""C:\Users\{username}\AppData\Local\MapsTrek\unmastrk.exe"" "DisplayName"="REG_SZ", "MapsTrek" "DisplayVersion"="REG_SZ", "1.0.0" "HelpLink"="REG_SZ", "http://www.mapstrek.com" "SupportLink"="REG_SZ", "http://www.mapstrek.com" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Local\MapsTrek\unmastrk.exe"" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/29/18 Scan Time: 3:48 PM Log File: 0b7ac2c2-7ba3-11e8-8ba1-00ffdcc6fdfc.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5683 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 251850 Threats Detected: 74 Threats Quarantined: 74 Time Elapsed: 3 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 4 PUP.Optional.MapsTrek, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MapsTrek, Quarantined, [1688], [522771],1.0.5683 PUP.Optional.MapsTrek, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}, Quarantined, [1688], [522760],1.0.5683 PUP.Optional.MapsTrek, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}, Quarantined, [1688], [522760],1.0.5683 PUP.Optional.MapsTrek, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}, Quarantined, [1688], [522760],1.0.5683 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 14 PUP.Optional.MapsTrek, C:\USERS\{username}\APPDATA\LOCAL\MAPSTREK, Quarantined, [1688], [522773],1.0.5683 PUP.Optional.MapsTrek, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\{E3EB4DF8-0CFB-4380-A7C0-856D4DEDA887}, Quarantined, [1688], [522762],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\_metadata, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\html, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\main, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\css, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\lib, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GDNKJJHPFFLDMFLJPBFEMLIIDKEEECDJ, Quarantined, [14286], [536589],1.0.5683 File: 56 PUP.Optional.MapsTrek, C:\USERS\{username}\APPDATA\LOCAL\MAPSTREK\UNMASTRK.EXE, Quarantined, [1688], [522773],1.0.5683 PUP.Optional.MapsTrek, C:\Users\{username}\AppData\Local\MapsTrek\mastrk.dll, Quarantined, [1688], [522773],1.0.5683 PUP.Optional.MapsTrek, C:\Users\{username}\AppData\Local\MapsTrek\mastrk.exe, Quarantined, [1688], [522773],1.0.5683 PUP.Optional.MapsTrek, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\{e3eb4df8-0cfb-4380-a7c0-856d4deda887}\storage.js, Quarantined, [1688], [522762],1.0.5683 PUP.Optional.MapsTrek, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\{E3EB4DF8-0CFB-4380-A7C0-856D4DEDA887}.XPI, Quarantined, [1688], [522772],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj\000003.log, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj\CURRENT, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj\LOCK, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj\LOG, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj\LOG.old, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj\MANIFEST-000001, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GDNKJJHPFFLDMFLJPBFEMLIIDKEEECDJ\182.5498.1094.31_0\MANIFEST.JSON, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\adaptmodel.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\calcandreturnlist.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\copylist.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\existaccountant.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\helpaccount.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\iterateaccount.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\leavebroker.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\makerange.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\repairmaterial.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\returnvalues.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\throwbackquery.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\abolishmoduo.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\abolishmoduoA.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\abolishmoduoB.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\abolishmoduoC.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\cyclelogic.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\readclock.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\readclockA.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\readclockB.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\substractpoint.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\substracttheme.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\css\backcomp.css, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\css\style.css, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\html\background.html, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\128.png, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\16.png, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\19.png, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\32.png, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\38.png, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\48.png, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\64.png, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\js\vast.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\lib\require.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\main\mountgate.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\main\putparameters.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\main\repairserver.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\main\showqueue.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\_metadata\computed_hashes.json, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\_metadata\verified_contents.json, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\listmutex.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\segmentsignal.js, Quarantined, [14286], [536589],1.0.5683 PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\shredpoint.js, Quarantined, [14286], [536589],1.0.5683 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is ArcadeTab?The Malwarebytes research team has determined that ArcadeTab is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.This one also chnages your newtab settings.How do I know if my computer is affected by ArcadeTab?You may see these browser add-ons:and these warnings during install:this newtab page:and this icon in the menubar of the affected browser(s):How did ArcadeTab get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site:How do I remove ArcadeTab?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of ArcadeTab? No, Malwarebytes removes ArcadeTab completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the ArcadeTab hijacker. It would have warned you when you visited the website that installed the extensions. Technical details for expertsPossible signs in FRST logs: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\{70cfab72-ee99-428a-b5fb-26d924be3acb}.xpi [2018-03-28] CHR Extension: (Arcadetab) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama [2018-03-28] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0 Adds the file background.js"="2/21/2018 5:07 PM, 10232 bytes, A Adds the file content.js"="2/21/2018 5:18 PM, 123 bytes, A Adds the file manifest.json"="3/28/2018 9:14 AM, 1628 bytes, A Adds the file settings.json"="5/25/2017 5:23 PM, 1665 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\_metadata Adds the file computed_hashes.json"="3/28/2018 9:14 AM, 47796 bytes, A Adds the file verified_contents.json"="2/21/2018 5:07 PM, 19077 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\css Adds the file style.css"="5/25/2017 5:23 PM, 19749 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\css Adds the file font-awesome.css"="5/25/2017 5:23 PM, 37414 bytes, A Adds the file font-awesome.min.css"="5/25/2017 5:23 PM, 31000 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\fonts Adds the file FontAwesome.otf"="5/25/2017 5:23 PM, 134808 bytes, A Adds the file fontawesome-webfont.eot"="5/25/2017 5:23 PM, 165742 bytes, A Adds the file fontawesome-webfont.svg"="5/25/2017 5:23 PM, 444379 bytes, A Adds the file fontawesome-webfont.ttf"="5/25/2017 5:23 PM, 165548 bytes, A Adds the file fontawesome-webfont.woff"="5/25/2017 5:23 PM, 98024 bytes, A Adds the file fontawesome-webfont.woff2"="5/25/2017 5:23 PM, 77160 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less Adds the file animated.less"="5/25/2017 5:23 PM, 713 bytes, A Adds the file bordered-pulled.less"="5/25/2017 5:23 PM, 585 bytes, A Adds the file core.less"="5/25/2017 5:23 PM, 452 bytes, A Adds the file fixed-width.less"="5/25/2017 5:23 PM, 119 bytes, A Adds the file font-awesome.less"="5/25/2017 5:23 PM, 495 bytes, A Adds the file icons.less"="5/25/2017 5:23 PM, 49712 bytes, A Adds the file larger.less"="5/25/2017 5:23 PM, 370 bytes, A Adds the file list.less"="5/25/2017 5:23 PM, 377 bytes, A Adds the file mixins.less"="5/25/2017 5:23 PM, 1603 bytes, A Adds the file path.less"="5/25/2017 5:23 PM, 771 bytes, A Adds the file rotated-flipped.less"="5/25/2017 5:23 PM, 622 bytes, A Adds the file screen-reader.less"="5/25/2017 5:23 PM, 118 bytes, A Adds the file stacked.less"="5/25/2017 5:23 PM, 476 bytes, A Adds the file variables.less"="5/25/2017 5:23 PM, 22563 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss Adds the file _animated.scss"="5/25/2017 5:23 PM, 715 bytes, A Adds the file _bordered-pulled.scss"="5/25/2017 5:23 PM, 592 bytes, A Adds the file _core.scss"="5/25/2017 5:23 PM, 459 bytes, A Adds the file _fixed-width.scss"="5/25/2017 5:23 PM, 120 bytes, A Adds the file _icons.scss"="5/25/2017 5:23 PM, 50498 bytes, A Adds the file _larger.scss"="5/25/2017 5:23 PM, 375 bytes, A Adds the file _list.scss"="5/25/2017 5:23 PM, 378 bytes, A Adds the file _mixins.scss"="5/25/2017 5:23 PM, 1637 bytes, A Adds the file _path.scss"="5/25/2017 5:23 PM, 783 bytes, A Adds the file _rotated-flipped.scss"="5/25/2017 5:23 PM, 672 bytes, A Adds the file _screen-reader.scss"="5/25/2017 5:23 PM, 134 bytes, A Adds the file _stacked.scss"="5/25/2017 5:23 PM, 482 bytes, A Adds the file _variables.scss"="5/25/2017 5:23 PM, 22644 bytes, A Adds the file font-awesome.scss"="5/25/2017 5:23 PM, 430 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\js Adds the file newtab.js"="2/21/2018 5:10 PM, 20168 bytes, A Adds the file newtab.js.map"="2/21/2018 5:10 PM, 90138 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor Adds the file autocomplete.js"="5/25/2017 5:23 PM, 1557 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery Adds the file jquery-1.8.3.js"="5/25/2017 5:23 PM, 266057 bytes, A Adds the file jquery-ui.css"="5/25/2017 5:23 PM, 31344 bytes, A Adds the file jquery-ui.js"="5/25/2017 5:23 PM, 365673 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images Adds the file ui-bg_flat_0_aaaaaa_40x100.png"="5/25/2017 5:23 PM, 180 bytes, A Adds the file ui-bg_flat_75_ffffff_40x100.png"="5/25/2017 5:23 PM, 178 bytes, A Adds the file ui-bg_glass_55_fbf9ee_1x400.png"="5/25/2017 5:23 PM, 120 bytes, A Adds the file ui-bg_glass_65_ffffff_1x400.png"="5/25/2017 5:23 PM, 105 bytes, A Adds the file ui-bg_glass_75_dadada_1x400.png"="5/25/2017 5:23 PM, 111 bytes, A Adds the file ui-bg_glass_75_e6e6e6_1x400.png"="5/25/2017 5:23 PM, 110 bytes, A Adds the file ui-bg_glass_95_fef1ec_1x400.png"="5/25/2017 5:23 PM, 119 bytes, A Adds the file ui-bg_highlight-soft_75_cccccc_1x100.png"="5/25/2017 5:23 PM, 101 bytes, A Adds the file ui-icons_222222_256x240.png"="5/25/2017 5:23 PM, 4369 bytes, A Adds the file ui-icons_2e83ff_256x240.png"="5/25/2017 5:23 PM, 4369 bytes, A Adds the file ui-icons_454545_256x240.png"="5/25/2017 5:23 PM, 4369 bytes, A Adds the file ui-icons_888888_256x240.png"="5/25/2017 5:23 PM, 4369 bytes, A Adds the file ui-icons_cd0a0a_256x240.png"="5/25/2017 5:23 PM, 4369 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\icons Adds the file 128.png"="3/28/2018 9:14 AM, 14987 bytes, A Adds the file 16.png"="3/28/2018 9:14 AM, 618 bytes, A Adds the file 32.png"="3/28/2018 9:14 AM, 1700 bytes, A Adds the file 48.png"="3/28/2018 9:14 AM, 3028 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\newtab Adds the file analytics.js"="5/25/2017 5:23 PM, 1238 bytes, A Adds the file colors.js"="5/25/2017 5:23 PM, 10010 bytes, A Adds the file index.html"="5/25/2017 5:23 PM, 25996 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\newtab\fonts Adds the file Roboto-Thin-webfont.eot"="5/25/2017 5:23 PM, 21659 bytes, A Adds the file Roboto-Thin-webfont.svg"="5/25/2017 5:23 PM, 74077 bytes, A Adds the file Roboto-Thin-webfont.ttf"="5/25/2017 5:23 PM, 47700 bytes, A Adds the file Roboto-Thin-webfont.woff"="5/25/2017 5:23 PM, 24944 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\newtab\images Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gcddnkpnineojbpkngblgamaciopbama Adds the file 000003.log"="3/28/2018 9:14 AM, 230 bytes, A Adds the file CURRENT"="3/28/2018 9:14 AM, 16 bytes, A Adds the file LOCK"="3/28/2018 9:14 AM, 0 bytes, A Adds the file LOG"="3/28/2018 9:14 AM, 185 bytes, A Adds the file MANIFEST-000001"="3/28/2018 9:14 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\{70cfab72-ee99-428a-b5fb-26d924be3acb} Adds the file storage.js"="3/28/2018 9:09 AM, 118 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file {70cfab72-ee99-428a-b5fb-26d924be3acb}.xpi"="3/28/2018 9:09 AM, 1559894 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "gcddnkpnineojbpkngblgamaciopbama"="REG_SZ", "7360E02CD632680696044A2DD1ECCD01B153B56C8047D040ED1CAA86D04F480C" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/28/18 Scan Time: 4:05 PM Log File: 15b1a324-3291-11e8-b59f-080027235d76.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.4522 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 244698 Threats Detected: 162 Threats Quarantined: 162 Time Elapsed: 5 min, 51 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 19 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gcddnkpnineojbpkngblgamaciopbama, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\fonts, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\css, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\newtab\images, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\newtab\fonts, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\_metadata, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\css, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\js, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\newtab, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\icons, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GCDDNKPNINEOJBPKNGBLGAMACIOPBAMA, Delete-on-Reboot, [14662], [504607],1.0.4522 File: 143 Adware.Cmptch, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{PROFILE}.DEFAULT\EXTENSIONS\{70CFAB72-EE99-428A-B5FB-26D924BE3ACB}.XPI, Delete-on-Reboot, [4798], [504606],1.0.4522 Adware.Cmptch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gcddnkpnineojbpkngblgamaciopbama\000003.log, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gcddnkpnineojbpkngblgamaciopbama\CURRENT, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gcddnkpnineojbpkngblgamaciopbama\LOCK, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gcddnkpnineojbpkngblgamaciopbama\LOG, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gcddnkpnineojbpkngblgamaciopbama\LOG.old, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gcddnkpnineojbpkngblgamaciopbama\MANIFEST-000001, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GCDDNKPNINEOJBPKNGBLGAMACIOPBAMA\1.0.18.221_0\BACKGROUND.JS, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\css\style.css, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\css\font-awesome.css, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\css\font-awesome.min.css, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\fonts\fontawesome-webfont.eot, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\fonts\fontawesome-webfont.svg, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\fonts\fontawesome-webfont.ttf, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\fonts\fontawesome-webfont.woff, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\fonts\fontawesome-webfont.woff2, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\fonts\FontAwesome.otf, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\animated.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\bordered-pulled.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\core.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\fixed-width.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\font-awesome.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\icons.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\larger.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\list.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\mixins.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\path.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\rotated-flipped.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\screen-reader.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\stacked.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\less\variables.less, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\font-awesome.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\_animated.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\_bordered-pulled.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\_core.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\_fixed-width.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\_icons.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\_larger.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\_list.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\_mixins.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\_path.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\_rotated-flipped.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\_screen-reader.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\_stacked.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\font-awesome\scss\_variables.scss, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\js\newtab.js, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\js\newtab.js.map, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images\ui-bg_flat_0_aaaaaa_40x100.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images\ui-bg_flat_75_ffffff_40x100.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images\ui-bg_glass_55_fbf9ee_1x400.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images\ui-bg_glass_65_ffffff_1x400.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images\ui-bg_glass_75_dadada_1x400.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images\ui-bg_glass_75_e6e6e6_1x400.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images\ui-bg_glass_95_fef1ec_1x400.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images\ui-bg_highlight-soft_75_cccccc_1x100.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images\ui-icons_222222_256x240.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images\ui-icons_2e83ff_256x240.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images\ui-icons_454545_256x240.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images\ui-icons_888888_256x240.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\images\ui-icons_cd0a0a_256x240.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\jquery-1.8.3.js, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\jquery-ui.css, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\jquery\jquery-ui.js, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\dist\vendor\autocomplete.js, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\icons\128.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\icons\16.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\icons\32.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\icons\48.png, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\newtab\fonts\Roboto-Thin-webfont.eot, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\newtab\fonts\Roboto-Thin-webfont.svg, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\newtab\fonts\Roboto-Thin-webfont.ttf, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\newtab\fonts\Roboto-Thin-webfont.woff, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\newtab\analytics.js, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\newtab\colors.js, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\newtab\index.html, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\_metadata\computed_hashes.json, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\_metadata\verified_contents.json, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\content.js, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\manifest.json, Delete-on-Reboot, [14662], [504607],1.0.4522 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcddnkpnineojbpkngblgamaciopbama\1.0.18.221_0\settings.json, Delete-on-Reboot, [14662], [504607],1.0.4522 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is GamerSuperstar?The Malwarebytes research team has determined that GamerSuperstar is adware. These adware applications display advertisements not originating from the sites you are browsing.How do I know if my computer is affected by GamerSuperstar?You may see these warnings during install:and this Chrome extension in your list of installed extensions:How did GamerSuperstar get on my computer?Adware applications use different methods for distributing themselves. This particular one was installed by a gaming website, but it was also available in the webstore:How do I remove GamerSuperstar?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of GamerSuperstar? No, Malwarebytes removes GamerSuperstar completely. If you are using an older version of Malwarebytes, you may have to remove the Chrome extension manually under Tools > More Tools > Extensions. Click on the bin behind the GamerSuperstar entry and confirm Removein the prompt. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this adware.As you can see below the full version of Malwarebytes would have protected you against the GamerSuperstar adware. It would have blocked their domain. Technical details for expertsPossible signs in FRST logs: CHR Extension: (Advertisement Offers by GamerSuperstar) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg [2018-03-26] Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0 Adds the file leave_Configs.js"="12/7/2017 9:50 AM, 1708 bytes, A Adds the file manifest.json"="3/26/2018 8:17 AM, 2024 bytes, A Adds the file toogle_Word.js"="12/7/2017 9:50 AM, 9713 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\_metadata Adds the file computed_hashes.json"="3/26/2018 8:17 AM, 11779 bytes, A Adds the file verified_contents.json"="12/7/2017 9:50 AM, 4004 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\css Adds the file backcomp.css"="12/7/2017 9:50 AM, 1798 bytes, A Adds the file style.css"="12/7/2017 9:50 AM, 6052 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\html Adds the file background.html"="12/7/2017 9:50 AM, 258 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\icons Adds the file 128.png"="3/26/2018 8:17 AM, 6471 bytes, A Adds the file 16.png"="3/26/2018 8:17 AM, 530 bytes, A Adds the file 19.png"="3/26/2018 8:17 AM, 743 bytes, A Adds the file 32.png"="3/26/2018 8:17 AM, 1242 bytes, A Adds the file 38.png"="3/26/2018 8:17 AM, 1570 bytes, A Adds the file 48.png"="3/26/2018 8:17 AM, 2619 bytes, A Adds the file 64.png"="12/7/2017 9:50 AM, 5186 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\javascript Adds the file copy_Name.js"="12/7/2017 9:50 AM, 91297 bytes, A Adds the file insert_Parameters.js"="12/7/2017 9:50 AM, 92073 bytes, A Adds the file minimal_Actor.js"="12/7/2017 9:50 AM, 133560 bytes, A Adds the file serve_Shell.js"="12/7/2017 9:50 AM, 56303 bytes, A Adds the file serve_ShellA.js"="12/7/2017 9:50 AM, 168321 bytes, A Adds the file serve_ShellB.js"="12/7/2017 9:50 AM, 620 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\js Adds the file vast.js"="12/7/2017 9:50 AM, 44016 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\lib Adds the file require.js"="12/7/2017 9:50 AM, 86328 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\main Adds the file fill_Gate.js"="12/7/2017 9:50 AM, 90356 bytes, A Adds the file mount_Values.js"="12/7/2017 9:50 AM, 67281 bytes, A Adds the file view_Broker.js"="12/7/2017 9:50 AM, 26060 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eogmpgppidehapppmipeahegomlindkg Adds the file 000003.log"="3/26/2018 8:18 AM, 6593 bytes, A Adds the file CURRENT"="3/26/2018 8:17 AM, 16 bytes, A Adds the file LOCK"="3/26/2018 8:17 AM, 0 bytes, A Adds the file LOG"="3/26/2018 8:18 AM, 185 bytes, A Adds the file MANIFEST-000001"="3/26/2018 8:17 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "eogmpgppidehapppmipeahegomlindkg"="REG_SZ", "611130D4EE79BEC9637FDFFC866B842EB605A2B94522DBEC6F6C63E288E2B2AD" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/26/18 Scan Time: 8:34 AM Log File: b104992d-30bf-11e8-871e-080027235d76.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.4486 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 244469 Threats Detected: 44 Threats Quarantined: 44 Time Elapsed: 3 min, 17 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 11 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eogmpgppidehapppmipeahegomlindkg, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\javascript, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\_metadata, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\icons, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\html, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\main, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\css, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\lib, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\js, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EOGMPGPPIDEHAPPPMIPEAHEGOMLINDKG, Delete-on-Reboot, [15094], [503219],1.0.4486 File: 33 Adware.Cmptch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eogmpgppidehapppmipeahegomlindkg\000003.log, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eogmpgppidehapppmipeahegomlindkg\CURRENT, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eogmpgppidehapppmipeahegomlindkg\LOCK, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eogmpgppidehapppmipeahegomlindkg\LOG, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eogmpgppidehapppmipeahegomlindkg\MANIFEST-000001, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EOGMPGPPIDEHAPPPMIPEAHEGOMLINDKG\171.3557.1015.28_0\MANIFEST.JSON, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\css\backcomp.css, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\css\style.css, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\html\background.html, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\icons\128.png, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\icons\16.png, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\icons\19.png, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\icons\32.png, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\icons\38.png, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\icons\48.png, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\icons\64.png, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\javascript\copy_Name.js, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\javascript\insert_Parameters.js, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\javascript\minimal_Actor.js, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\javascript\serve_Shell.js, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\javascript\serve_ShellA.js, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\javascript\serve_ShellB.js, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\js\vast.js, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\lib\require.js, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\main\fill_Gate.js, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\main\mount_Values.js, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\main\view_Broker.js, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\_metadata\computed_hashes.json, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\_metadata\verified_contents.json, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\leave_Configs.js, Delete-on-Reboot, [15094], [503219],1.0.4486 Adware.Cmptch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmpgppidehapppmipeahegomlindkg\171.3557.1015.28_0\toogle_Word.js, Delete-on-Reboot, [15094], [503219],1.0.4486 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.