pup malware keeps coming back

Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…. However, the removal process becomes even more stressful when your AV tool starts delivering messages about the shady activity for you and it appears that this way you can eliminate the virus. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\skin\icons, Quarantined, [266], [443378],1.0.8858 (Along with these Rootkit malware... like RootKit.TDSS and Rootkit.0Access...) Again, the box is left unchecked, so I'd check it, click delete, and then the pattern starts all over again. Hello, Welcome to Malwarebytes. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\yandex.png, Quarantined, [266], [443378],1.0.8858 Scan completed succesfully? Let the scan complete. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\just-the-box-empty.png, Quarantined, [266], [464596],1.0.8858 PUP.Optional.SearchManager, C:\USERS\TIBOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [266], [464596],1.0.8858 Post its content in your next reply. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\weather\09n.svg, Quarantined, [266], [443378],1.0.8858 Hello Ivankov and welcome to Malwarebytes, Open notepad. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\films\shuffle-FFFFFF.svg, Quarantined, [266], [443378],1.0.8858 Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational. When scanning with AdwCleaner it shows up again. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\weather, Quarantined, [266], [464596],1.0.8858 Powered by Invision Community. Chrome cannot be running for the next step. Learn how to block or allow pop-ups in Chrome. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\maps\switch-8881FF.svg, Quarantined, [266], [464596],1.0.8858 Save the file to your desktop and include its content in your next reply. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\_locales\vi\messages.json, Quarantined, [266], [443378],1.0.8858 Yes. Hi,I posted this thread in the malware support forum but then was redirected here. http://deletemalware.blogspot.com/2010/02/remove-g... i applied for a job and received a check for 3000 to buy a printer and computer to us for the job. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\mountain-bg.jpg, Quarantined, [266], [443378],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\weather\02d.svg, Quarantined, [266], [464596],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\maps\tab-arrow-8881FF.svg, Quarantined, [266], [443378],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\transparent_img.png, Quarantined, [266], [443378],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\sitesThumbnails\aliexpress_tile_v2.png, Quarantined, [266], [464596],1.0.8858 "Do not open that file when running FRST fix" MachineLearning/Anomalous.96%, C:\USERS\TIBOR\DESKTOP\MASTERPOOL2.EXE, Quarantined, [0], [392687],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\films-bg.jpg, Quarantined, [266], [464596],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\sitesThumbnails\gtranslte.png, Quarantined, [266], [464596],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\films\vudu-FFFFFF.svg, Quarantined, [266], [464596],1.0.8858 Did you reset sync during removal/reinstall of Chrome, I see Search Manager listed in Chrome extensions with current date...? PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\doodle.png, Quarantined, [266], [443378],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\sitesThumbnails\facebook.png, Quarantined, [266], [464596],1.0.8858 MachineLearning/Anomalous.96%, C:\USERS\TIBOR\DESKTOP\MASTERPOOL.EXE, Quarantined, [0], [392687],1.0.8858 If the tool does not run from any of the links provided, please let me know. AdwCleaner[C07].txt - [2187 octets] - [17/01/2019 15:03:36] Well anyways the problem is mentioned below I have this strange and … Do not paste the logs in your posts, attachments make my work easier. The following will implement some post-cleanup procedures: The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\tiles\DOC-to-PDF.jpg, Quarantined, [266], [443378],1.0.8858 "FRST.txt" and "Addition.txt". PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\weather\50n.svg, Quarantined, [266], [443378],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\converter\doc-icon-FFFFFF.svg, Quarantined, [266], [443378],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\tiles\View-PDF.jpg, Quarantined, [266], [443378],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\_locales\en\messages.json, Quarantined, [266], [464596],1.0.8858 Also, just one of them is too long to fit in one post. However, if it doesn’t identify the Bing redirect virus on your computer, consider updating Malwarebytes before you run a system scan. Adware and other Potentially Unwanted Programs (PUP Malware) Removal in one click. Sadly when I open chrome it just adds the stupid search manager again. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\maps\google-maps-FFFFFF.svg, Quarantined, [266], [464596],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\sitesThumbnails\booking.png, Quarantined, [266], [464596],1.0.8858 Any help greatly appreciated. If needed, print this information or use another browser to read the information. Heuristics: Enabled This is proving difficult to shift, usually Malwarebytes removes this nuisance without any returns..... Open Chrome, type or copy/paste this into the address bar chrome://extensions hit enter key. # ------------------------------- PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\sitesThumbnails\yahoo.png, Quarantined, [266], [443378],1.0.8858 AdwCleaner[S05].txt - [1795 octets] - [17/01/2019 10:11:08] Open it with Notepad and paste its content in your next reply. Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\yahoo_large.png, Quarantined, [266], [464596],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\index.html, Quarantined, [266], [464596],1.0.8858 Lets try this way: It says this when I try to save the notepad file. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\weather\50d.svg, Quarantined, [266], [443378],1.0.8858 It was bundled in. PUP.Optional.SearchManager, C:\USERS\TIBOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, [266], [443378],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\maps\switch-8881FF.svg, Quarantined, [266], [443378],1.0.8858 Scan Date: 1/18/19 Ivankov, end:: http://www.wikihow.com/Export-Bookmarks-from-Chrome, https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html, https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html, https://support.google.com/chrome/answer/95319?hl=en-GB, http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/, https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en, When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the, If asked to restart your computer to complete the removal, please do so. Only turn on extensions that you trust. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\mountain-bg.jpg, Quarantined, [266], [464596],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.65_0\content\images\icons\trends.svg, Quarantined, [266], [464596],1.0.8858 Companies are making revenue via computers, so it is good thing to pay someone to repair it. PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\films-bg.jpg, Quarantined, [266], [443378],1.0.8858 PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\sitesThumbnails\expedia_tile_v2.png, Quarantined, [266], [443378],1.0.8858 Hitman Pro utility will begin scanning the whole machine to find out PUP.Optional.MySearchDial. I have a problem with aswMBR, it just stalled while it was scanning on a file. I just got a message saying "Freeware implementation of XCACLS stopped working" should I close it? PUP: Detect PUP.Optional.SearchManager, C:\Users\tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.3.62_0\content\images\maps\search-4A4A4A.svg, Quarantined, [266], [443378],1.0.8858