Can't remove SShopDorOPP 4.7 extension from Chrome

[Juliet]

This is what concerns me
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51579;https=127.0.0.1:51579 -> Trovato -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51579;https=127.0.0.1:51579 -> Trovato->Found

Do you connect through a Proxy?

Tell me how your computer is acting now.

[vorto]

I dont' really know if I am connecting through a proxy...
At home I am using a pc, and a wifi router provided by the internet operator (the main telephone company in my country)

I don't notice anything strange in the computer, but I don't use it extensively, only some surfing

[Juliet]

Well so far thats good news.

Let's try a different anti-malware scanner.

Emsisoft Anti-Malware

1. Download and save the Emsisoft Anti-Malware setup program to your desktop. The download is fairly large, so please be patient while it downloads.
2. Once the file has been downloaded, close all open programs.
3. Double-click on the EmsisoftAntiMalwareSetup.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway.
4. If the setup program displays an alert about safe mode, please click on the Yes button to continue. You should now see a dialog asking what language you would like to use. Please select the language you wish to use and press the OK button.
5. You will eventually get to a screen asking the mode that you wish to use Emsisoft Anti-Malware.
6. Click on the Freeware mode link:
   
7. You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and uncheck the options that you wish to use. When you are ready click on the Next button.
8. Allow it to update the definitions. Please be patient as it may take a few minutes for the updates to finish downloading.
9. When the updates are completed, click on the Clean computer now button. Emsisoft Anti-Malware will start to load its scanning engine and then display a screen asking what type of scan you would like to perform.
10. Please select the Deep Scan option and then click on the Scan button. The Deep Scan option will take the longest time to scan your computer, but will also be the most thorough. As you are here to clean infections, it is worth the wait to make sure your computer is properly scanned. Please don't run any other program while it is scanning.
11. When the scan has finished, the program will display the scan results that shows what infections where found.
12. Click on the View Report link, and double click the text file to open it. Please copy and paste the contents of this text file into your next reply (this file can be found at C:\Users\Tim\Documents\Anti-Malware\Reports)
13. Click on the Quarantine Selected Objects button, which will remove the infections and place them in the program's quarantine. You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so.

In your next reply, please include:

• Emsisoft Anti-Malware log (located at C:\Users\Tim\Documents\Anti-Malware\Reports)

[vorto]

I did as you suggested and here is the log. (thank you for your support by the way)

----------------------------------------------------------------------------------
Emsisoft Anti-Malware - Versione 9.0
Ultimo aggiornamento: 23/01/2015 22:03:38
Account utente: User-PC\User

Impostazioni scansione:

Tipo scansione: Completa
Oggetti: Rootkits, Memoria, Tracce, C:\, F:\

Rileva PUPs: On
Archivio scansioni: On
Scansione ADS: On
Filtro estensione dei file: Off
Caching avanzato: On
Accesso diretto al disco: Off

Scansione avviata: 23/01/2015 22:04:26
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} rilevati: Application.AdGenie (A)
Value: HKEY_USERS\S-1-5-21-1430131261-1029319254-1685335828-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR rilevati: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS rilevati: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1430131261-1029319254-1685335828-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS rilevati: Setting.DisableRegistryTools (A)
F:\Lacie\Backup\Outlook\Outlookimap.alumni.sdabocconi.it-00000007.pst -> [Subject: Give we shall meet!][From: Gustavo Sterling] -> (body) -> (JAVASCRIPT 1) rilevati: Trojan.Script.34854 (B)
F:\Lacie\Backup\Outlook\Outlookimap.alumni.sdabocconi.it-00000007.pst -> [Subject: Give we shall meet!][From: Gustavo Sterling] -> (body) -> (JAVASCRIPT 2) rilevati: Trojan.Script.34880 (B)
F:\Lacie\Backup\Outlook\Outlookimap.alumni.sdabocconi.it-00000007.pst -> [Subject: Give we shall meet!][From: Gustavo Sterling] -> (body) -> (JAVASCRIPT-COMPILATION) rilevati: Trojan.Script.34854 (B)
F:\Lacie\Backup\Outlook\Outlookimap.alumni.sdabocconi.it-00000007.pst -> [Subject: Give we shall meet!][From: Gustavo Sterling] -> (body) -> (INFECTED_JS) rilevati: JS:Trojan.Script.FR (B)

Scansionati 289401
Rilevato 9

Fine scansione: 23/01/2015 23:53:08
Tempo scansione: 1:48:42

[Juliet]

Click on the Quarantine Selected Objects button ?

Hows the computer now?

[vorto]

I did click on the Quarantine selected objects.
The computer is still looking good

[Juliet]

Good deal

DelFix

• Please download DelFix
  or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
  
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  
  
• Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malwareby quietman7, MVP
  

The following programmes come highly recommended in the security community.

• AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
• CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
• Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
• Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
• NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
• Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
• Secuina PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
• SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
• Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

[vorto]

*I ran Delfix, it also gave me a log (see below)

*On the desktop I still have the tweaking.com_registry_backup_setup, should I keep it?

*There are some programs that I have installed in the past days while trying to remove the infection, should I remove them:
Emsisoft Anti-Malware
Tweaking.com - Registry Backup
ERUNT 1.1.j
Malwarebytes Anti-Malware

Thanks a lot!

# DelFix v10.8 - Logfile created 26/01/2015 at 22:18:27
# Updated 29/07/2014 by Xplode
# Username : User - USER-PC
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\User\Desktop\Addition.txt
Deleted : C:\Users\User\Desktop\AdwCleaner.exe
Deleted : C:\Users\User\Desktop\aswmbr.exe
Deleted : C:\Users\User\Desktop\aswMBR.txt
Deleted : C:\Users\User\Desktop\Extras.Txt
Deleted : C:\Users\User\Desktop\Fixlog.txt
Deleted : C:\Users\User\Desktop\FRST.exe
Deleted : C:\Users\User\Desktop\FRST.txt
Deleted : C:\Users\User\Desktop\JRT.exe
Deleted : C:\Users\User\Desktop\JRT.txt
Deleted : C:\Users\User\Desktop\MBR.dat
Deleted : C:\Users\User\Desktop\OTL.Txt
Deleted : C:\Users\User\Desktop\OTL.exe
Deleted : C:\Users\User\Desktop\rkill.exe
Deleted : C:\Users\User\Desktop\Rkill.txt
Deleted : C:\Users\User\Desktop\RKreport_SCN_01222015_135609.log
Deleted : C:\Users\User\Desktop\RogueKiller.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

########## - EOF - ##########

[Juliet]

We can delete Tweaking and create a restore point, or continue to use Tweaking.com as a back up.

To create a restore point

Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.
In the left pane, click System protection. ...
Click the System Protection tab, and then click Create.
In the System Protection dialog box, type a description, and then click Create.

~~
I would keep Malwarebytes Anti-Malware, update it regularly and use it as needed.

~~~
Not sure if Emsisoft Anti-Malware has an update feature to use it regularly. You can always download and use it again if needed.

~~~
ERUNT 1.1.j <-- you can delete.

[vorto]

Thank you very much