Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspicious Malware with Norton Security [Closed]

Malware Norton

  • This topic is locked This topic is locked

#1
Aspenblue

Aspenblue

    New Member

  • Member
  • Pip
  • 2 posts

Hi, I was hoping you could solve a mystery for me. My service for Norton Security Scan was going great until I decided to turn on the "Power Eraser." Ever since then, a sporadic message would pop up every 10-30 seconds reading: Security Request! Outbound Traffic Detected!

 

My computer runs like normal and this pop-up is more of an annoyance to me than a legitimate concern. If someone can help me with this issue, I would Very Highly appreciate it. Thanks!

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:


CreateRestorePoint:
HKLM-x32\...\RunOnce: [360safeuninst_1f0fb7c2d13cc0c07ff2ca40747bc03e] => C:\Users\Admin\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_remove360.bat <===== ATTENTION
HKU\S-1-5-21-2914342479-599456684-1323885937-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-2914342479-599456684-1323885937-1010\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
Startup: C:\Users\Big Honcho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-08-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2012-08-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicyUsers\S-1-5-21-2914342479-599456684-1323885937-1009\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2914342479-599456684-1323885937-1000\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.the...&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-2914342479-599456684-1323885937-1000 -> {7289D456-38AE-4D0D-9AA3-D43C6587CF93} URL = http://websearch.ask...E0-9211614E6656
SearchScopes: HKU\S-1-5-21-2914342479-599456684-1323885937-1000 -> {BA81612F-2080-4A4A-AF43-8E05CF64A6B4} URL = http://search.condui...4763186111&UM=2
SearchScopes: HKU\S-1-5-21-2914342479-599456684-1323885937-1010 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the...&cc=US&unqvl=74
BHO: youtubeadblocker -> {fa3e848c-76f8-42fa-8a1f-302831703d64} -> C:\Program Files (x86)\youtubeadblocker\zWv0gPTy02pNbY.x64.dll No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelper.dll [2014-11-14] (We-Care.com)
BHO-x32: No Name -> {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} -> c:\Program Files (x86)\PicLensIE\cooliris.dll [2010-06-23] (Cooliris Inc.)
Toolbar: HKLM-x32 - No Name - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
Toolbar: HKU\S-1-5-21-2914342479-599456684-1323885937-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=2921&r=2015/01/13&hid=4604233012006461757&lg=EN&cc=US&unqvl=74&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://websearch.thesearchpage.info/?pid=2921&r=2015/01/13&hid=4604233012006461757&lg=EN&cc=US&unqvl=74
FF Keyword.URL: hxxp://websearch.thesearchpage.info/?pid=2921&r=2015/01/13&hid=4604233012006461757&lg=EN&cc=US&unqvl=74&l=1&q=
FF DefaultSearchEngine,S: WebSearch
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-06-30] (Best Buy)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rdsfimcf.default-1414610373672\searchplugins\WebSearch.xml [2015-01-13]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-10-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\Exts\Chrome.crx [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
2015-06-13 20:42 - 2014-11-24 23:46 - 00000000 __SHD C:\Users\Big Honcho\AppData\Local\EmieBrowserModeList
2015-06-13 20:42 - 2014-04-30 12:33 - 00000000 __SHD C:\Users\Big Honcho\AppData\Local\EmieUserList
2015-06-13 20:42 - 2014-04-30 12:33 - 00000000 __SHD C:\Users\Big Honcho\AppData\Local\EmieSiteList
CustomCLSID: HKU\S-1-5-21-2914342479-599456684-1323885937-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Big Honcho\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2914342479-599456684-1323885937-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Big Honcho\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2914342479-599456684-1323885937-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Big Honcho\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
Task: {0FFDCFDF-F030-43AC-8D8A-A5DEFACBC939} - \Driver Support-RTMRules No Task File <==== ATTENTION
Task: {1363B54C-088B-4E98-B504-27B3400A2ACA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2914342479-599456684-1323885937-1000UA => C:\Users\Big Honcho\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-20] (Google Inc.)
Task: {3C9A2E08-5F0E-4722-82A0-2A9D255CDB94} - \Driver Support-RTMUpdater No Task File <==== ATTENTION
Task: {485AE869-5AA1-4D15-9543-25CEFF320741} - \Driver Support-RTMScanRunOnce No Task File <==== ATTENTION
Task: {A0DE988D-A03E-44C4-9F3B-CC8CE936EA8B} - \ITECIR Filter Application for RCMM No Task File <==== ATTENTION
Task: {DBCA2C4C-D54D-403B-8D9C-B7401AB7E853} - \Driver Support-RTMScan No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914342479-599456684-1323885937-1000Core.job => C:\Users\Big Honcho\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914342479-599456684-1323885937-1000UA.job => C:\Users\Big Honcho\AppData\Local\Google\Update\GoogleUpdate.exe
C:\ProgramData\WeCareReminder
C:\Program Files (x86)\Itibiti Soft Phone
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware, Norton

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP