Sign in to follow this  
jmcdowal

cannot remove malware

Recommended Posts

Hi jmcdowal,

 

1. Have you or the adware changed this Chrome setting?

CHR dev: Chrome dev build detected! <======= ATTENTION
It means that test versions of Chrome are installed and Chrome is less secure. The only way of restore this setting and only get released versions of Chrome is to uninstall Chrome, remove its configuration folder and restart computer before installing Chrome again.

Configuration folder: C:\Users\jmcdowal\AppData\Local\Google\Chrome\User Data\Default

 

2. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

Share this post


Link to post
Share on other sites

You're welcome :)

 

1. If Chrome isn't installed, please delete this folder: C:\Users\jmcdowal\AppData\Local\Google\Chrome\User Data\Default

 

2.Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net...d/1-adwcleaner/

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

Share this post


Link to post
Share on other sites

I deleted that folder and ran the scan. Here is the results:

 

# AdwCleaner v5.003 - Logfile created 24/08/2015 at 12:00:59
# Updated 20/08/2015 by Xplode
# Database : 2015-08-23.3 [server]
# Operating system : Windows 8.1 (x64)
# Username : jmcdowal - JIMS_LAPTOP
# Running from : C:\Users\jmcdowal\Downloads\adwcleaner_5.003.exe
# Option : Scan

***** [ Services ] *****

Service Found : cherimoya
Service Found : 01c94d82

***** [ Folders ] *****

Folder Found : C:\Program Files\shopperz
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Iminent
Folder Found : C:\Program Files (x86)\deal4real
Folder Found : C:\Program Files (x86)\ClICikiForSalee
Folder Found : C:\Program Files (x86)\dEaal4reael
Folder Found : C:\Program Files (x86)\Deal4real
Folder Found : C:\Program Files (x86)\LuckuyCoupone
Folder Found : C:\Program Files (x86)\SalesChEcekuer
Folder Found : C:\Program Files (x86)\tPuerfeectcoUUpoN
Folder Found : C:\ProgramData\6961704986627485363
Folder Found : C:\ProgramData\ec3fe2f800007c8a
Folder Found : C:\ProgramData\{5d7a0c4a-4c93-a7da-5d7a-a0c4a4c93129}
Folder Found : C:\ProgramData\{994fd22f-daf5-f63c-994f-fd22fdaf48bf}
Folder Found : C:\ProgramData\{cf04821e-5246-ca4e-cf04-4821e5240879}
Folder Found : C:\ProgramData\dpdehegehjjmjenkeoagefjmfohjnbge
Folder Found : C:\ProgramData\oghliofknnfaladobnhegjkmjbpligie
Folder Found : C:\Users\jmcdowal\AppData\Local\globalUpdate
Folder Found : C:\Users\jmcdowal\AppData\Local\pokki
Folder Found : C:\Users\jmcdowal\AppData\Local\Temp\Iminent
Folder Found : C:\Users\jmcdowal\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}

***** [ Files ] *****

File Found : C:\Users\jmcdowal\AppData\Roaming\Mozilla\Firefox\Profiles\eg3rhcz8.default\searchplugins\Web Search.xml
File Found : C:\Users\jmcdowal\AppData\Roaming\Mozilla\Firefox\Profiles\eg3rhcz8.default\searchplugins\yahoo.xml

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA

***** [ Registry ] *****

Key Found : HKCU\Software\Classes\pokki
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Found : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found : HKCU\Software\Classes\Directory\shell\pokki
Key Found : HKCU\Software\Classes\Drive\shell\pokki
Key Found : HKCU\Software\Classes\lnkfile\shell\pokki
Key Found : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Key Found : HKLM\SOFTWARE\Classes\P869EB171_0929_4031_9E2A_D721CB093174_.P869EB171_0929_4031_9E2A_D721CB093174_
Key Found : HKLM\SOFTWARE\Classes\P869EB171_0929_4031_9E2A_D721CB093174_.P869EB171_0929_4031_9E2A_D721CB093174_.9
Key Found : HKLM\SOFTWARE\Classes\PAB7F7FA5_9E27_44C5_A805_4DA11886EEFC_.PAB7F7FA5_9E27_44C5_A805_4DA11886EEFC_
Key Found : HKLM\SOFTWARE\Classes\PAB7F7FA5_9E27_44C5_A805_4DA11886EEFC_.PAB7F7FA5_9E27_44C5_A805_4DA11886EEFC_.9
Key Found : HKLM\SOFTWARE\c09851d3-d933-1740-b9f4-3e6d0d413d96
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{535b69cf-44f6-4c9f-96b1-b5adb65c582d}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{535b69cf-44f6-4c9f-96b1-b5adb65c582d}]
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ehhlaekjfiiojlddgndcnefflngfmhen
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\adpeheiliennogfclcgmchdfdmafjegc
Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{869EB171-0929-4031-9E2A-D721CB093174}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AB7F7FA5-9E27-44C5-A805-4DA11886EEFC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{38BAB45F-0A8A-48B5-8C46-F2A8C7EEFAEE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BB1C0445-8E37-4D66-B4E4-947E53F654A8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BD601133-B03F-4C73-B593-DB2322CBD22E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CC6F4F54-6EF8-4E84-BDC6-ABC6F83100BE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{67B87BDE-141A-4CB3-AC00-49501C139D4A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F895EF08-C980-4DFC-A0C8-C40E25D66ADF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{869EB171-0929-4031-9E2A-D721CB093174}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AB7F7FA5-9E27-44C5-A805-4DA11886EEFC}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{869EB171-0929-4031-9E2A-D721CB093174}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{AB7F7FA5-9E27-44C5-A805-4DA11886EEFC}]
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{869EB171-0929-4031-9E2A-D721CB093174}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AB7F7FA5-9E27-44C5-A805-4DA11886EEFC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\Pokki
Key Found : HKCU\Software\YorkNewCin
Key Found : HKCU\Software\HighDefAction
Key Found : HKCU\Software\ArenaHD
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\SimpleFiles
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\YorkNewCin
Key Found : HKLM\SOFTWARE\HighDefAction
Key Found : HKLM\SOFTWARE\ArenaHD
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Iminent
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\YorkNewCin
Key Found : [x64] HKCU\Software\HighDefAction
Key Found : [x64] HKCU\Software\ArenaHD
Key Found : [x64] HKLM\SOFTWARE\Iminent
Key Found : [x64] HKLM\SOFTWARE\YorkNewCin
Key Found : [x64] HKLM\SOFTWARE\HighDefAction
Key Found : [x64] HKLM\SOFTWARE\ArenaHD
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3213852C-47AD-11E5-826B-3CA82AA48159}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {3213852C-47AD-11E5-826B-3CA82AA48159}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3213852C-47AD-11E5-826B-3CA82AA48159}
Data Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {3213852C-47AD-11E5-826B-3CA82AA48159}

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [12690 bytes] ##########

Share this post


Link to post
Share on other sites

1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Clean button.

Click on OK.
Click on OK on any message that pops up.
The computer will be restarted.

A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[s0].txt

 

2. Start FRST.

Select Addition.txt.

Scan with FRST and attach the two new logs.

 

3. Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this