[Aspenblue]

Hi, I was hoping you could solve a mystery for me. My service for Norton Security Scan was going great until I decided to turn on the "Power Eraser." Ever since then, a sporadic message would pop up every 10-30 seconds reading: Security Request! Outbound Traffic Detected!

 

My computer runs like normal and this pop-up is more of an annoyance to me than a legitimate concern. If someone can help me with this issue, I would Very Highly appreciate it. Thanks!

Attached Files

•  Addition.txt   49.52KB   272 downloads
•  FRST.txt   75.62KB   278 downloads

[Advertisements]

Could you let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKLM-x32\...\RunOnce: [360safeuninst_1f0fb7c2d13cc0c07ff2ca40747bc03e] => C:\Users\Admin\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_remove360.bat <===== ATTENTION
HKU\S-1-5-21-2914342479-599456684-1323885937-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-2914342479-599456684-1323885937-1010\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
Startup: C:\Users\Big Honcho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-08-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-08-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicyUsers\S-1-5-21-2914342479-599456684-1323885937-1009\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2914342479-599456684-1323885937-1000\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.the...&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-2914342479-599456684-1323885937-1000 -> {7289D456-38AE-4D0D-9AA3-D43C6587CF93} URL = http://websearch.ask...E0-9211614E6656
SearchScopes: HKU\S-1-5-21-2914342479-599456684-1323885937-1000 -> {BA81612F-2080-4A4A-AF43-8E05CF64A6B4} URL = http://search.condui...4763186111&UM=2
SearchScopes: HKU\S-1-5-21-2914342479-599456684-1323885937-1010 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
BHO: youtubeadblocker -> {fa3e848c-76f8-42fa-8a1f-302831703d64} -> C:\Program Files (x86)\youtubeadblocker\zWv0gPTy02pNbY.x64.dll No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelper.dll [2014-11-14] (We-Care.com)
BHO-x32: No Name -> {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} -> c:\Program Files (x86)\PicLensIE\cooliris.dll [2010-06-23] (Cooliris Inc.)
Toolbar: HKLM-x32 - No Name - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
Toolbar: HKU\S-1-5-21-2914342479-599456684-1323885937-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=2921&r=2015/01/13&hid=4604233012006461757&lg=EN&cc=US&unqvl=74&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://websearch.thesearchpage.info/?pid=2921&r=2015/01/13&hid=4604233012006461757&lg=EN&cc=US&unqvl=74
FF Keyword.URL: hxxp://websearch.thesearchpage.info/?pid=2921&r=2015/01/13&hid=4604233012006461757&lg=EN&cc=US&unqvl=74&l=1&q=
FF DefaultSearchEngine,S: WebSearch
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-06-30] (Best Buy)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rdsfimcf.default-1414610373672\searchplugins\WebSearch.xml [2015-01-13]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-10-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\Exts\Chrome.crx [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
2015-06-13 20:42 - 2014-11-24 23:46 - 00000000 __SHD C:\Users\Big Honcho\AppData\Local\EmieBrowserModeList
2015-06-13 20:42 - 2014-04-30 12:33 - 00000000 __SHD C:\Users\Big Honcho\AppData\Local\EmieUserList
2015-06-13 20:42 - 2014-04-30 12:33 - 00000000 __SHD C:\Users\Big Honcho\AppData\Local\EmieSiteList
CustomCLSID: HKU\S-1-5-21-2914342479-599456684-1323885937-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Big Honcho\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2914342479-599456684-1323885937-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Big Honcho\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2914342479-599456684-1323885937-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Big Honcho\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
Task: {0FFDCFDF-F030-43AC-8D8A-A5DEFACBC939} - \Driver Support-RTMRules No Task File <==== ATTENTION
Task: {1363B54C-088B-4E98-B504-27B3400A2ACA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2914342479-599456684-1323885937-1000UA => C:\Users\Big Honcho\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-20] (Google Inc.)
Task: {3C9A2E08-5F0E-4722-82A0-2A9D255CDB94} - \Driver Support-RTMUpdater No Task File <==== ATTENTION
Task: {485AE869-5AA1-4D15-9543-25CEFF320741} - \Driver Support-RTMScanRunOnce No Task File <==== ATTENTION
Task: {A0DE988D-A03E-44C4-9F3B-CC8CE936EA8B} - \ITECIR Filter Application for RCMM No Task File <==== ATTENTION
Task: {DBCA2C4C-D54D-403B-8D9C-B7401AB7E853} - \Driver Support-RTMScan No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914342479-599456684-1323885937-1000Core.job => C:\Users\Big Honcho\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914342479-599456684-1323885937-1000UA.job => C:\Users\Big Honcho\AppData\Local\Google\Update\GoogleUpdate.exe
C:\ProgramData\WeCareReminder
C:\Program Files (x86)\Itibiti Soft Phone
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.

[Essexboy]

Could you let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKLM-x32\...\RunOnce: [360safeuninst_1f0fb7c2d13cc0c07ff2ca40747bc03e] => C:\Users\Admin\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_remove360.bat <===== ATTENTION
HKU\S-1-5-21-2914342479-599456684-1323885937-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-2914342479-599456684-1323885937-1010\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
Startup: C:\Users\Big Honcho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-08-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-08-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicyUsers\S-1-5-21-2914342479-599456684-1323885937-1009\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2914342479-599456684-1323885937-1000\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.the...&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-2914342479-599456684-1323885937-1000 -> {7289D456-38AE-4D0D-9AA3-D43C6587CF93} URL = http://websearch.ask...E0-9211614E6656
SearchScopes: HKU\S-1-5-21-2914342479-599456684-1323885937-1000 -> {BA81612F-2080-4A4A-AF43-8E05CF64A6B4} URL = http://search.condui...4763186111&UM=2
SearchScopes: HKU\S-1-5-21-2914342479-599456684-1323885937-1010 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
BHO: youtubeadblocker -> {fa3e848c-76f8-42fa-8a1f-302831703d64} -> C:\Program Files (x86)\youtubeadblocker\zWv0gPTy02pNbY.x64.dll No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelper.dll [2014-11-14] (We-Care.com)
BHO-x32: No Name -> {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} -> c:\Program Files (x86)\PicLensIE\cooliris.dll [2010-06-23] (Cooliris Inc.)
Toolbar: HKLM-x32 - No Name - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
Toolbar: HKU\S-1-5-21-2914342479-599456684-1323885937-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=2921&r=2015/01/13&hid=4604233012006461757&lg=EN&cc=US&unqvl=74&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://websearch.thesearchpage.info/?pid=2921&r=2015/01/13&hid=4604233012006461757&lg=EN&cc=US&unqvl=74
FF Keyword.URL: hxxp://websearch.thesearchpage.info/?pid=2921&r=2015/01/13&hid=4604233012006461757&lg=EN&cc=US&unqvl=74&l=1&q=
FF DefaultSearchEngine,S: WebSearch
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-06-30] (Best Buy)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rdsfimcf.default-1414610373672\searchplugins\WebSearch.xml [2015-01-13]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-10-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\Exts\Chrome.crx [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
2015-06-13 20:42 - 2014-11-24 23:46 - 00000000 __SHD C:\Users\Big Honcho\AppData\Local\EmieBrowserModeList
2015-06-13 20:42 - 2014-04-30 12:33 - 00000000 __SHD C:\Users\Big Honcho\AppData\Local\EmieUserList
2015-06-13 20:42 - 2014-04-30 12:33 - 00000000 __SHD C:\Users\Big Honcho\AppData\Local\EmieSiteList
CustomCLSID: HKU\S-1-5-21-2914342479-599456684-1323885937-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Big Honcho\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2914342479-599456684-1323885937-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Big Honcho\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2914342479-599456684-1323885937-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Big Honcho\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
Task: {0FFDCFDF-F030-43AC-8D8A-A5DEFACBC939} - \Driver Support-RTMRules No Task File <==== ATTENTION
Task: {1363B54C-088B-4E98-B504-27B3400A2ACA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2914342479-599456684-1323885937-1000UA => C:\Users\Big Honcho\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-20] (Google Inc.)
Task: {3C9A2E08-5F0E-4722-82A0-2A9D255CDB94} - \Driver Support-RTMUpdater No Task File <==== ATTENTION
Task: {485AE869-5AA1-4D15-9543-25CEFF320741} - \Driver Support-RTMScanRunOnce No Task File <==== ATTENTION
Task: {A0DE988D-A03E-44C4-9F3B-CC8CE936EA8B} - \ITECIR Filter Application for RCMM No Task File <==== ATTENTION
Task: {DBCA2C4C-D54D-403B-8D9C-B7401AB7E853} - \Driver Support-RTMScan No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914342479-599456684-1323885937-1000Core.job => C:\Users\Big Honcho\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914342479-599456684-1323885937-1000UA.job => C:\Users\Big Honcho\AppData\Local\Google\Update\GoogleUpdate.exe
C:\ProgramData\WeCareReminder
C:\Program Files (x86)\Itibiti Soft Phone
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.