Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Norton Power Eraser [Solved]


  • This topic is locked This topic is locked

#31
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Please disregard my last post as you did get the FRST fix to run.

 

Let me know if you've been able to complete the Chrome steps... :D


  • 0

Advertisements


#32
harrybeetle

harrybeetle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Ive uninstalled Chrome. But it didn't ask me this. Just  -  Note: When asked about user data or settings you must remove this also so please check the box.


  • 0

#33
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, thanks.  It looks like Google changed the prompts.  Have you rebooted, re-installed and set it back up?

 

How is the computer running, and are you getting any further Norton pop-ups?


  • 0

#34
harrybeetle

harrybeetle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

ive just turned on my pc and re-installed chrome. So far so good. No Norton Power Eraser pop ups.


  • 0

#35
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

:thumbsup:

 

OK, lets see what else we can catch here.  :)

 

First
Run Junkware Removal Tool:

Please download Junkware Removal Tool to your Desktop.

  • Shut down your protection software now to avoid potential conflicts.  See here for more information.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Second
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.


  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    AdwCleaner_Scan_zpsvt1mvqxm.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Third
Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here


  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application.  (x.x.x.xxxx represents the current version number).
  • If prompted to uninstall a previous version, please do so.
  • During installation, make sure to uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish.  You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
     
  • If an update is found, it should download and install the latest updates automatically:
    MBAM_Dash_zpsd9c2j7gn.png
     
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM_ScanSettings_zpsobmtmm4g.png
     
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM_Dash_zpsd9c2j7gn.png
     
  • The scan may take some time to finish,so please be patient.
    MBAM_Scanning_zps7ytxgci2.png
     
  • When the scan is complete, it will show you the results:
    MBAM_Remove_zpszsjiczt4.png
     
  • Make sure that everything is checked, and click Remove Selected (or similar).
  • When disinfection is completed, a log may open in Notepad and you may be prompted to Restart.  (See Extra Note below)
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs.
  • Choose the latest Scan Log:
    MBAM_ScanLog_zpslkvxr7dk.png
     
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt).  Save the report to your Desktop.
    MBAM_ExportLog_zpswbzi1y40.png
  • Copy & Paste the entire contents of the report log in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Finally
In your next reply, please copy/paste the contents of the following logs:


  • JRT log
  • AdwCleaner log
  • MBAM log

And tell me how the system is running. :)

 


  • 0

#36
harrybeetle

harrybeetle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

system is currently running well. Im only studying so not putting it thru too much stress. 

JRT log below....

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 8.1 x64
Ran by Pearmanman on Mon 03/08/2015 at 22:33:15.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_395F0B7C82473C1225D0044D308AC1CB
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Pearmanman\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\Pearmanman\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Pearmanman\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.mystartsearch.com_0.localstorage
Successfully deleted: [File] C:\Users\Pearmanman\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.mystartsearch.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Public\Desktop\ebay.lnk
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\apn
Successfully deleted: [Folder] C:\Users\Pearmanman\AppData\Roaming\opencandy
 
 
 
~~~ Chrome
 
 
[C:\Users\Pearmanman\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Pearmanman\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Pearmanman\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Pearmanman\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/08/2015 at 22:36:16.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#37
harrybeetle

harrybeetle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
# AdwCleaner v4.208 - Logfile created 03/08/2015 at 22:46:23
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Pearmanman - PEARMAN-PC
# Running from : C:\Users\Pearmanman\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\PEARMA~1\AppData\Local\Temp\apn
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nortonsafe.search.ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DC4101EC-F2D3-4648-A1F6-B4EECC52443A}
Key Found : HKLM\SOFTWARE\mystartsearchSoftware
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v44.0.2403.125
 
 
*************************
 
AdwCleaner[R0].txt - [1224 bytes] - [03/08/2015 22:46:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1283 bytes] ##########

  • 0

#38
harrybeetle

harrybeetle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/08/2015
Scan Time: 11:05 PM
Logfile: scanlog.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.03.03
Rootkit Database: v2015.07.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Pearmanman
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388235
Time Elapsed: 7 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.MyStartSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Quarantined, [a8c7bf457219ce6894475dcf3ac9bf41], 
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, [16590afa008be74f093d62b207fcca36], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#39
harrybeetle

harrybeetle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Thanks Dan  :thumbsup: ,  thats about enough for me today.  :wave:​ 


  • 0

#40
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello harrybeetle,

 

When you are ready, here are the next steps.  Everything is looking good here; almost done, but not just yet...

 

If you have trouble with the ESET scan (ActiveX and browser permissions), let me know and I can help.

 

First
Run AdwCleaner
 

  • Close all open windows and browsers.
  • Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Cleaning button will be activated.
  • Click the Cleaning button.
    AdwCleaner_Clean_zpsmn8bl7wa.png
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this
    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Second

 

Please run a free online scan with the ESET Online Scanner:

Important: You must use Internet Explorer and also disable your Anti-Virus scanner for this step!
 

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to Yes, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications.
  • Select Advanced Settings:
    ESET2_zpsc701c045.png
  • Check the option Enable Anti-Stealth technology, but make sure that Remove found threats is unchecked!
  • Click Start.  (This scan can take several hours, so please be patient.)
  • Allow the program to update:
    ESETupdate_zps36feabec.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Important: Make sure that the Uninstall application on close and Delete quarantined files checkboxes are both unchecked !

    Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)
  • Copy and paste that log as a reply to this topic.

 

 

Finally
In your next reply, please copy/paste the contents of the following logs:

  • AdwCleaner log
  • ESET scan log

And tell me how the system is running. :)

 


  • 0

Advertisements


#41
harrybeetle

harrybeetle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
# AdwCleaner v4.208 - Logfile created 04/08/2015 at 19:41:50
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Pearmanman - PEARMAN-PC
# Running from : C:\Users\Pearmanman\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\PEARMA~1\AppData\Local\Temp\apn
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DC4101EC-F2D3-4648-A1F6-B4EECC52443A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nortonsafe.search.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v44.0.2403.125
 
 
*************************
 
AdwCleaner[R0].txt - [1362 bytes] - [03/08/2015 22:46:23]
AdwCleaner[R1].txt - [1319 bytes] - [04/08/2015 19:40:17]
AdwCleaner[S0].txt - [1256 bytes] - [04/08/2015 19:41:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1315  bytes] ##########

  • 0

#42
harrybeetle

harrybeetle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

ESETlog result

 

C:\FRST\Quarantine\C\Program Files (x86)\CutoTHePPricce\CutoTHePPricce.exe a variant of Win32/Adware.MultiPlug.JY application


  • 0

#43
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello harrybeetle,

 

Everything looks good in your logs here, so I'm happy to tell you:

 

Congratulations, your log is clean! :thumbsup:

Now, let's cover some additional steps to clean up your computer and help you avoid getting infected again...

Tools Cleanup and Housekeeping
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Tool Removal
We need to remove the tools we've used during cleaning your machine

  • Download DelFix from here
  • Ensure Remove disinfection tools is ticked
  • Also check these options:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix_zpsjnkukbim.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log.

Please paste the log in your next reply, and delete any logs that you have left over on your desktop.

Now let's take a few preventative measures to reduce the risk of further infections. :cool:


Automatic Updates for Windows 8
Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 8

Web Browser security
Most malware is exploiting Internet Explorer's vulnerabilities, with Firefox you will likely be more secure.

Note: If you are going to use Firefox, I would suggest the use of these add-ons:

  • NoScript - for blocking ads and other potential website attacks.
  • AdBlock Plus - block annoying ads that cost you expensive bandwith, with the added benefit of faster page loading.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

 

Other Program updates
If you use any Adobe software make sure to keep them updated.  Best of all, they are FREE.
Note: Make sure to uncheck the check box labelled "Yes, install McAfee Security Scan Plus - optional", or any other optional "features".

 

Anti Virus Programs
On to personal Anti Virus programs. One AV is a must have, but never more than one, as this can and will cause conflicts, system slow-downs, and false readings.

If you wish to keep using your current program, always make sure it is up to date and enabled.

These FREE ones are as good as any paid subscription AV, as long as you allow them to update themselves:



Anti Spyware Programs
You already have an excellent preventative program that will help to keep the nasties away - Malwarebytes Anti-Malware.  I would advise running this at least once a month.  If you need to download it again, you can get it from here:  
Malwarebytes Anti-Malware

 

File/System Cleaners
Finally, it is a good idea to clear out all your temp files every now and again. This will help keep your computer running optimally. It can detect registry errors, missing shortcuts, invalid files, etc. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

CryptoLocker Warning
CryptoLocker is a particularly nasty infection which is becoming more prevalent...
 
Go here for information about CryptoLocker Ransomware. Learning about what is out there may help you prevent infection. The best protection against this infection is to backup your files often. If you're using an external drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever have the frustrating experience of contracting it.
 
It is suggested to Download CryptoPrevent, which is free for home use. It will help prevent CryptoLocker infection.


Further Reading
Here are some articles that are must reads and should be read by everybody in your household that uses the Internet:

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this excellent article, originally written by Tony Klein, and updated by SpySentinel.

I will keep this log open for the next couple of days, so if you have any further problems, you can post another reply here.

OK, happy computing, and stay safe! :cool:

Please reply again to this thread to acknowledge you have read my last post.  If you have no further questions, this thread will be closed to prevent others from posting here.

Thanks!


 

 


  • 1

#44
harrybeetle

harrybeetle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
# DelFix v1.010 - Logfile created 05/08/2015 at 18:29:49
# Updated 26/04/2015 by Xplode
# Username : Pearmanman - PEARMAN-PC
# Operating System : Windows 8.1  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Pearmanman\Desktop\FRST-OlderVersion
Deleted : C:\Users\Pearmanman\Desktop\Addition.txt
Deleted : C:\Users\Pearmanman\Desktop\AdwCleaner.exe
Deleted : C:\Users\Pearmanman\Desktop\aswmbr.exe
Deleted : C:\Users\Pearmanman\Desktop\aswMBR.txt
Deleted : C:\Users\Pearmanman\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Pearmanman\Desktop\Fixlog.txt
Deleted : C:\Users\Pearmanman\Desktop\FRST.txt
Deleted : C:\Users\Pearmanman\Desktop\FRST64.exe
Deleted : C:\Users\Pearmanman\Desktop\JRT.exe
Deleted : C:\Users\Pearmanman\Desktop\JRT.txt
Deleted : C:\Users\Pearmanman\Desktop\MBR.dat
Deleted : C:\Users\Pearmanman\Desktop\rkill.com
Deleted : C:\Users\Pearmanman\Desktop\Rkill.txt
Deleted : C:\Users\Pearmanman\Downloads\aswmbr.exe
Deleted : C:\Users\Pearmanman\Downloads\rkill (1).com
Deleted : C:\Users\Pearmanman\Downloads\rkill (1).scr
Deleted : C:\Users\Pearmanman\Downloads\rkill.com
Deleted : C:\Users\Pearmanman\Downloads\rkill.scr
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #8 [Windows Update | 06/17/2015 11:13:55]
Deleted : RP #9 [Windows Update | 06/20/2015 11:44:59]
Deleted : RP #10 [Removed TuneUp Utilities 2014 | 07/09/2015 10:18:55]
Deleted : RP #11 [Windows Update | 07/19/2015 03:29:58]
Deleted : RP #12 [Norton_Power_Eraser_20150726121634598 | 07/26/2015 02:16:37]
Deleted : RP #14 [Restore Point Created by FRST | 08/02/2015 04:35:12]
Deleted : RP #15 [JRT Pre-Junkware Removal | 08/03/2015 12:33:21]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#45
harrybeetle

harrybeetle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Thanks Dan. 

Been really helpful.

 

Now, to upgrade to windows 10 or not? Hmmm.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP