cannot remove malware

Customer

• June 11, 2021 12:20

here are my logs

Addition.txt

FRST.txt

0

• 

  Support

  • June 11, 2021 12:20

  
  

  Hi jmcdowal,

   

  1. Have you or the adware changed this Chrome setting?

  CHR dev: Chrome dev build detected! <======= ATTENTION
  It means that test versions of Chrome are installed and Chrome is less secure. The only way of restore this setting and only get released versions of Chrome is to uninstall Chrome, remove its configuration folder and restart computer before installing Chrome again.

  Configuration folder: C:\Users\jmcdowal\AppData\Local\Google\Chrome\User Data\Default

   

  2. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/
  
  Turn off all programs, including browsers.
  Double-click on AdwCleaner to start the program.
  
  Click on the Scan button.
  Wait until the search has finished.
  
  Click on the Log file button.
  A report will be displayed, copy its content and paste into your reply.
  If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.
  

  0
• 

  Customer

  • June 11, 2021 12:20

  
  

  I am not using Chrome, I am using IE. Please advise.

   

  Thanks.

  0
• 

  Support

  • June 11, 2021 12:20

  
  

  You're welcome

   

  1. If Chrome isn't installed, please delete this folder: C:\Users\jmcdowal\AppData\Local\Google\Chrome\User Data\Default

   

  2.Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net...d/1-adwcleaner/
  
  Turn off all programs, including browsers.
  Double-click on AdwCleaner to start the program.
  
  Click on the Scan button.
  Wait until the search has finished.
  
  Click on the Log file button.
  A report will be displayed, copy its content and paste into your reply.
  If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

  0
• 

  Customer

  • June 11, 2021 12:20

  
  

  I deleted that folder and ran the scan. Here is the results:

   

  # AdwCleaner v5.003 - Logfile created 24/08/2015 at 12:00:59
  # Updated 20/08/2015 by Xplode
  # Database : 2015-08-23.3 [server]
  # Operating system : Windows 8.1 (x64)
  # Username : jmcdowal - JIMS_LAPTOP
  # Running from : C:\Users\jmcdowal\Downloads\adwcleaner_5.003.exe
  # Option : Scan

  ***** [ Services ] *****

  Service Found : cherimoya
  Service Found : 01c94d82

  ***** [ Folders ] *****

  Folder Found : C:\Program Files\shopperz
  Folder Found : C:\Program Files (x86)\globalUpdate
  Folder Found : C:\Program Files (x86)\Iminent
  Folder Found : C:\Program Files (x86)\deal4real
  Folder Found : C:\Program Files (x86)\ClICikiForSalee
  Folder Found : C:\Program Files (x86)\dEaal4reael
  Folder Found : C:\Program Files (x86)\Deal4real
  Folder Found : C:\Program Files (x86)\LuckuyCoupone
  Folder Found : C:\Program Files (x86)\SalesChEcekuer
  Folder Found : C:\Program Files (x86)\tPuerfeectcoUUpoN
  Folder Found : C:\ProgramData\6961704986627485363
  Folder Found : C:\ProgramData\ec3fe2f800007c8a
  Folder Found : C:\ProgramData\{5d7a0c4a-4c93-a7da-5d7a-a0c4a4c93129}
  Folder Found : C:\ProgramData\{994fd22f-daf5-f63c-994f-fd22fdaf48bf}
  Folder Found : C:\ProgramData\{cf04821e-5246-ca4e-cf04-4821e5240879}
  Folder Found : C:\ProgramData\dpdehegehjjmjenkeoagefjmfohjnbge
  Folder Found : C:\ProgramData\oghliofknnfaladobnhegjkmjbpligie
  Folder Found : C:\Users\jmcdowal\AppData\Local\globalUpdate
  Folder Found : C:\Users\jmcdowal\AppData\Local\pokki
  Folder Found : C:\Users\jmcdowal\AppData\Local\Temp\Iminent
  Folder Found : C:\Users\jmcdowal\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}

  ***** [ Files ] *****

  File Found : C:\Users\jmcdowal\AppData\Roaming\Mozilla\Firefox\Profiles\eg3rhcz8.default\searchplugins\Web Search.xml
  File Found : C:\Users\jmcdowal\AppData\Roaming\Mozilla\Firefox\Profiles\eg3rhcz8.default\searchplugins\yahoo.xml

  ***** [ Shortcuts ] *****

  ***** [ Scheduled tasks ] *****

  Task Found : globalUpdateUpdateTaskMachineCore
  Task Found : globalUpdateUpdateTaskMachineUA

  ***** [ Registry ] *****

  Key Found : HKCU\Software\Classes\pokki
  Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
  Key Found : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
  Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
  Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
  Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
  Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
  Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
  Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
  Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
  Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
  Key Found : HKCU\Software\Classes\Directory\shell\pokki
  Key Found : HKCU\Software\Classes\Drive\shell\pokki
  Key Found : HKCU\Software\Classes\lnkfile\shell\pokki
  Key Found : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
  Key Found : HKLM\SOFTWARE\Classes\P869EB171_0929_4031_9E2A_D721CB093174_.P869EB171_0929_4031_9E2A_D721CB093174_
  Key Found : HKLM\SOFTWARE\Classes\P869EB171_0929_4031_9E2A_D721CB093174_.P869EB171_0929_4031_9E2A_D721CB093174_.9
  Key Found : HKLM\SOFTWARE\Classes\PAB7F7FA5_9E27_44C5_A805_4DA11886EEFC_.PAB7F7FA5_9E27_44C5_A805_4DA11886EEFC_
  Key Found : HKLM\SOFTWARE\Classes\PAB7F7FA5_9E27_44C5_A805_4DA11886EEFC_.PAB7F7FA5_9E27_44C5_A805_4DA11886EEFC_.9
  Key Found : HKLM\SOFTWARE\c09851d3-d933-1740-b9f4-3e6d0d413d96
  Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
  Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{535b69cf-44f6-4c9f-96b1-b5adb65c582d}]
  Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{535b69cf-44f6-4c9f-96b1-b5adb65c582d}]
  Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ehhlaekjfiiojlddgndcnefflngfmhen
  Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\adpeheiliennogfclcgmchdfdmafjegc
  Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
  Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
  Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
  Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{869EB171-0929-4031-9E2A-D721CB093174}
  Key Found : HKLM\SOFTWARE\Classes\CLSID\{AB7F7FA5-9E27-44C5-A805-4DA11886EEFC}
  Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
  Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
  Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
  Key Found : HKLM\SOFTWARE\Classes\TypeLib\{38BAB45F-0A8A-48B5-8C46-F2A8C7EEFAEE}
  Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BB1C0445-8E37-4D66-B4E4-947E53F654A8}
  Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BD601133-B03F-4C73-B593-DB2322CBD22E}
  Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CC6F4F54-6EF8-4E84-BDC6-ABC6F83100BE}
  Key Found : HKLM\SOFTWARE\Classes\TypeLib\{67B87BDE-141A-4CB3-AC00-49501C139D4A}
  Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F895EF08-C980-4DFC-A0C8-C40E25D66ADF}
  Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
  Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
  Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{869EB171-0929-4031-9E2A-D721CB093174}
  Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AB7F7FA5-9E27-44C5-A805-4DA11886EEFC}
  Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{869EB171-0929-4031-9E2A-D721CB093174}]
  Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{AB7F7FA5-9E27-44C5-A805-4DA11886EEFC}]
  Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
  Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
  Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
  Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
  Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{869EB171-0929-4031-9E2A-D721CB093174}
  Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AB7F7FA5-9E27-44C5-A805-4DA11886EEFC}
  Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
  Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
  Key Found : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
  Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
  Key Found : HKCU\Software\GlobalUpdate
  Key Found : HKCU\Software\Iminent
  Key Found : HKCU\Software\Optimizer Pro
  Key Found : HKCU\Software\Pokki
  Key Found : HKCU\Software\YorkNewCin
  Key Found : HKCU\Software\HighDefAction
  Key Found : HKCU\Software\ArenaHD
  Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
  Key Found : HKCU\Software\AppDataLow\Software\adawarebp
  Key Found : HKCU\Software\AppDataLow\Software\Crossrider
  Key Found : HKCU\Software\AppDataLow\Software\DynConIE
  Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
  Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
  Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
  Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
  Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
  Key Found : HKLM\SOFTWARE\GlobalUpdate
  Key Found : HKLM\SOFTWARE\Iminent
  Key Found : HKLM\SOFTWARE\SimpleFiles
  Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
  Key Found : HKLM\SOFTWARE\YorkNewCin
  Key Found : HKLM\SOFTWARE\HighDefAction
  Key Found : HKLM\SOFTWARE\ArenaHD
  Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
  Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
  Key Found : [x64] HKCU\Software\GlobalUpdate
  Key Found : [x64] HKCU\Software\Iminent
  Key Found : [x64] HKCU\Software\Optimizer Pro
  Key Found : [x64] HKCU\Software\Pokki
  Key Found : [x64] HKCU\Software\YorkNewCin
  Key Found : [x64] HKCU\Software\HighDefAction
  Key Found : [x64] HKCU\Software\ArenaHD
  Key Found : [x64] HKLM\SOFTWARE\Iminent
  Key Found : [x64] HKLM\SOFTWARE\YorkNewCin
  Key Found : [x64] HKLM\SOFTWARE\HighDefAction
  Key Found : [x64] HKLM\SOFTWARE\ArenaHD
  Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
  Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3213852C-47AD-11E5-826B-3CA82AA48159}
  Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {3213852C-47AD-11E5-826B-3CA82AA48159}
  Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3213852C-47AD-11E5-826B-3CA82AA48159}
  Data Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {3213852C-47AD-11E5-826B-3CA82AA48159}

  ***** [ Web browsers ] *****

  ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [12690 bytes] ##########

  0
• 

  Support

  • June 11, 2021 12:20

  
  

  1. Please, turn off all programs, including browsers.
  Double-click on AdwCleaner to start the program.
  
  Click on the Scan button.
  Wait until the search has finished.
  
  Click on the Clean button.
  
  Click on OK.
  Click on OK on any message that pops up.
  The computer will be restarted.
  
  A report will be displayed, copy its content and paste into your reply.
  If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[s0].txt
  

   

  2. Start FRST.

  Select Addition.txt.

  Scan with FRST and attach the two new logs.

   

  3. Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
  To shorten the scanning time disable your antivirus program while scanning.
  
  Select Enable detection of potentially unwanted applications.
  Click Advanced Settings.
  
  Deselect Remove found threats.
  
  Select:
  Scan Archives
  Scan for potentially unsafe applications
  Enable Anti-Stealth Technology
  
  Click Start.
  
  When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

  0
• 

  Support

  • June 11, 2021 12:20

  Due to lack of feedback, this topic has been closed.
  
  
  If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
  
  
  Everyone else please begin a New Topic.
  
  
  Thank You !

  0

Please sign in to leave a comment.