Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I am getting a pop-up message from Norton saying that it has detected


  • This topic is locked This topic is locked

#1
jmbbradle

jmbbradle

    New Member

  • Member
  • Pip
  • 1 posts

recently I began getting a message on my lap top from Norton saying that it has detected a high level of outbound internet traffic.  It asks if I would like to run Norton Power Eraser.  The first time this popped up, I ran Norton Power Eraser and allowed it to through the cycle, but received no notifications about what it did during the process.  The notifications continued.  I've done everything I can think of - a full system antivirus scan, disk defragment, etc. - but nothing stops these notifications about running Power Eraser from popping up every hour or so, sometimes multiple times in succession.  Can anyone give me some advice on how to turn off the Power Eraser notifications?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Jason (administrator) on JMB-TOSHIBA (02-09-2015 14:01:58)
Running from C:\Users\Jason\Downloads
Loaded Profiles: Jason (Available Profiles: Jason)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\lync.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Windows\ERUNT.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-20] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-01-28] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-07-28] (Panda Security, S.L.)
HKU\S-1-5-21-2563996265-3980964405-695694909-1001\...\Run: [Google Update] => C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-28] (Google Inc.)
HKU\S-1-5-21-2563996265-3980964405-695694909-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27839144 2015-05-19] (Microsoft Corporation)
HKU\S-1-5-21-2563996265-3980964405-695694909-1001\...\Run: [OutlookOnDesktop] => C:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe [316928 2010-08-29] (SMR Computer Services)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DAB3769D-7B91-41D6-BCA7-97365BA1BF46}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2563996265-3980964405-695694909-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2563996265-3980964405-695694909-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15
HKU\S-1-5-21-2563996265-3980964405-695694909-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-2563996265-3980964405-695694909-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba13.msn.com/?pc=TNJB
hxxp://mystart.toshiba.com
HKU\S-1-5-21-2563996265-3980964405-695694909-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKU\S-1-5-21-2563996265-3980964405-695694909-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2563996265-3980964405-695694909-1001 -> {9C10887D-8B7F-11E4-8269-008CFA860C5A} URL = hxxp://Trovi.com/Results.aspx?ctid=CT3333048&searchsource=56&UM=6&q={searchTerms}
BHO: No Name -> {193C0BB0-70C1-4F61-8A24-53EAA922035E} ->  No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO: No Name -> {E44308F8-9A6B-44F7-B031-B1F72D3B9AE2} ->  No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://odcvpn.csgsupport.com/CACHE/stc/1/binaries/vpnweb.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2563996265-3980964405-695694909-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jason\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-2563996265-3980964405-695694909-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jason\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-2563996265-3980964405-695694909-1001: LWAPlugin15.8 -> C:\Users\Jason\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Jason\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-08-27]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=toshibaupd&m=start"
CHR DefaultNewTabURL: Default -> https://www.trovi.co...=UP_ID&SAT=CNTS
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-28]
CHR Extension: (Google Docs) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-28]
CHR Extension: (Google Drive) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-28]
CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-28]
CHR Extension: (Google Cast) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-11-29]
CHR Extension: (Adblock Plus) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-10]
CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-28]
CHR Extension: (Cortex) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\decglnkhpfoocpafihfbeodhgofefaoc [2015-08-10]
CHR Extension: (Google Sheets) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-28]
CHR Extension: (Adblock Plus For Crhome) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\kllpgpcpibfcmabmdndgnhdfinglofbk [2015-07-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-29]
CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-28]
CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-28]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-30]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-23] () [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R4 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-07-29] (Panda Security, S.L.)
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-07-23] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-07-28] (Panda Security, S.L.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-08-27] (Enigma Software Group USA, LLC.)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881984 2014-01-07] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150821.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-29] (Symantec Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-08-27] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-08-27] ()
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150901.003\IDSvia64.sys [767224 2015-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150901.025\ENG64.SYS [138488 2015-07-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150901.025\EX64.SYS [2146040 2015-07-29] (Symantec Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [78072 2015-07-09] ()
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-03-25] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-02 14:01 - 2015-09-02 14:02 - 00025882 _____ C:\Users\Jason\Downloads\FRST.txt
2015-09-02 13:59 - 2015-09-02 14:02 - 00000000 ____D C:\FRST
2015-09-02 13:57 - 2015-09-02 13:57 - 02188800 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2015-09-02 09:00 - 2015-09-02 09:00 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C496E1A5-45ED-45F6-A87E-7F0111DDD18D}
2015-08-27 00:49 - 2015-08-27 00:49 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Enigma Software Group
2015-08-27 00:49 - 2015-08-27 00:49 - 00000000 _____ C:\autoexec.bat
2015-08-27 00:48 - 2015-08-27 00:49 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-08-27 00:48 - 2015-08-27 00:48 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-08-27 00:48 - 2015-08-27 00:48 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-08-27 00:48 - 2015-08-27 00:48 - 00001114 _____ C:\Users\Jason\Desktop\SpyHunter.lnk
2015-08-27 00:48 - 2015-08-27 00:48 - 00000000 ____D C:\sh4ldr
2015-08-27 00:48 - 2015-08-27 00:48 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-08-27 00:47 - 2015-08-27 00:47 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Jason\Downloads\SpyHunter-Installer.exe
2015-08-27 00:43 - 2015-09-02 12:53 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2563996265-3980964405-695694909-1001
2015-08-27 00:29 - 2015-08-27 00:42 - 00002459 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-08-24 01:19 - 2015-08-24 01:19 - 00280848 _____ C:\Windows\Minidump\082415-62656-01.dmp
2015-08-13 21:11 - 2015-05-22 03:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-08-13 21:10 - 2015-08-13 21:10 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Panda Security
2015-08-13 21:09 - 2015-08-13 21:12 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2016.lnk
2015-08-13 21:09 - 2015-08-13 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2016
2015-08-13 21:08 - 2015-08-13 21:10 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-08-13 21:05 - 2015-08-13 21:10 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-13 21:04 - 2015-08-13 21:04 - 02113152 _____ C:\Users\Jason\Downloads\PANDAFREEAV.exe
2015-08-10 10:14 - 2015-08-10 10:14 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-08-10 09:22 - 2015-09-02 13:33 - 00000000 ____D C:\Users\Jason\AppData\Local\NPE
2015-08-10 09:21 - 2015-08-10 09:21 - 00000000 ____D C:\Users\Jason\AppData\Local\bvxvyxvec
2015-08-10 09:20 - 2015-08-10 09:20 - 00000000 ____D C:\Program Files (x86)\Cortex
2015-08-10 09:18 - 2015-08-13 21:40 - 00000000 ____D C:\Program Files (x86)\CUtThePriice
2015-08-10 09:18 - 2015-08-10 09:20 - 00000000 ____D C:\ProgramData\13524945122781317132
2015-08-10 09:17 - 2015-08-10 10:06 - 00000000 ____D C:\ProgramData\{9ede0946-b65a-b655-9ede-e0946b65251a}
2015-08-10 09:17 - 2015-08-10 09:17 - 00000000 ____D C:\ProgramData\gpjlfabmpcapimceepgdkmghfcjbngpb

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-02 14:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-02 13:27 - 2014-11-28 23:40 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2563996265-3980964405-695694909-1001UA.job
2015-09-02 13:02 - 2014-12-23 22:34 - 00033792 ___SH C:\Users\Jason\Desktop\Thumbs.db
2015-09-02 13:02 - 2014-09-03 22:16 - 00000000 ____D C:\ProgramData\Norton
2015-09-02 13:01 - 2014-12-23 22:34 - 00001353 _____ C:\Users\Jason\Desktop\Norton Installation Files.lnk
2015-09-02 12:26 - 2014-09-03 21:39 - 01388211 _____ C:\Windows\WindowsUpdate.log
2015-09-02 10:27 - 2014-11-28 23:40 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2563996265-3980964405-695694909-1001Core.job
2015-09-02 09:34 - 2013-08-22 09:46 - 00021581 _____ C:\Windows\setupact.log
2015-09-02 09:14 - 2014-12-23 22:34 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-08-27 00:45 - 2014-11-28 23:03 - 00000000 ____D C:\Users\Jason\AppData\Local\Pokki
2015-08-27 00:42 - 2014-11-28 23:09 - 00002871 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk
2015-08-27 00:42 - 2014-11-28 23:09 - 00002628 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire.lnk
2015-08-27 00:42 - 2014-11-28 23:09 - 00002604 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragons of Atlantis.lnk
2015-08-27 00:42 - 2014-11-28 23:09 - 00002589 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Groupon.lnk
2015-08-27 00:42 - 2014-11-28 23:09 - 00002584 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edgeworld.lnk
2015-08-27 00:42 - 2014-11-28 23:09 - 00002305 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2015-08-27 00:41 - 2014-11-28 23:09 - 00000000 ___DO C:\Users\Jason\OneDrive
2015-08-27 00:41 - 2014-09-03 21:42 - 01209462 _____ C:\Windows\SysWOW64\rootpa.e2e
2015-08-27 00:39 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-27 00:38 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-27 00:37 - 2014-09-03 21:40 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-08-27 00:37 - 2014-04-10 23:56 - 00682626 _____ C:\Windows\PFRO.log
2015-08-27 00:37 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-27 00:31 - 2014-11-28 23:04 - 00000000 ____D C:\Users\Jason\AppData\Local\Packages
2015-08-27 00:31 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-24 01:19 - 2014-12-10 22:42 - 00000000 ____D C:\Windows\Minidump
2015-08-24 01:19 - 2013-08-22 09:44 - 00394112 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-24 01:18 - 2014-12-10 22:42 - 697393235 _____ C:\Windows\MEMORY.DMP
2015-08-24 01:18 - 2014-11-28 23:02 - 00000000 ____D C:\Users\Jason
2015-08-24 01:18 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-08-13 22:56 - 2014-12-04 10:10 - 00002246 ____H C:\Users\Jason\Documents\Default.rdp
2015-08-13 21:45 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-08-10 10:08 - 2015-07-30 10:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-08-10 10:08 - 2014-12-24 10:15 - 00002268 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-08-10 10:08 - 2014-12-24 10:12 - 00000000 ____D C:\Windows\system32\Drivers\N360x64

==================== Files in the root of some directories =======

2014-09-03 21:44 - 2014-09-03 21:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-02 12:53

==================== End of FRST.txt ============================

Attached Files


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Multiple Anti-Virus Warning

Multiple Anti-Virus Programs Installed

Your log indicates you have 3 anti-virus programs installed on your machine.
  • Research shows that having multiple anti-virus programs installed is not a good idea. This is a case of more is not better. They will often conflict with each, provide false positives, and consume system resources as well as many other problems.
  • We need to remove two of these from your system. Do you have a preference as to which one? If you have paid for one, I would recommend you keep that one and uninstall the others.
Step 2: Program Uninstalls and Chrome Reinstall

Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
  • bestadblocker
  • Cortex
  • SpyHunter 4
Re-Install Google Chrome

Unfortunately, the malware infection has changed your Chrome browser into the Development Build. This greatly lowers the security of the browser and allows malware to install any extension it pleases. We need to resolve this immediately.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chromevia the Control Panel.
Note: When asked about user data or settings you must remove this also, so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome.
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.


Step 3: Fix with FRST

Note: Before performing this step, please move FRST64.exe from C:\Users\Jason\Downloads to your Desktop or the fix will not work. All tools must be run from the Desktop.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2563996265-3980964405-695694909-1001 -> {9C10887D-8B7F-11E4-8269-008CFA860C5A} URL = hxxp://Trovi.com/Results.aspx?ctid=CT3333048&searchsource=56&UM=6&q={searchTerms}
BHO: No Name -> {193C0BB0-70C1-4F61-8A24-53EAA922035E} -> No File
BHO: No Name -> {E44308F8-9A6B-44F7-B031-B1F72D3B9AE2} -> No File
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\decglnkhpfoocpafihfbeodhgofefaoc
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
C:\Program Files (x86)\CUtThePriice
C:\Program Files (x86)\Cortex
C:\Users\Jason\AppData\Local\bvxvyxvec
CustomCLSID: HKU\S-1-5-21-2563996265-3980964405-695694909-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jason\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2563996265-3980964405-695694909-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jason\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2563996265-3980964405-695694909-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jason\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
Task: {11C7322F-679D-47DE-A032-556E47AF445B} - \GoogleUpdateTaskUserS-1-5-21-2563996265-3980964405-695694909-1001UA -> No File <==== ATTENTION
Task: {143A4252-3E5D-4040-8660-5BB8A776217B} - \Optimize Start Menu Cache Files-S-1-5-21-2563996265-3980964405-695694909-500 -> No File <==== ATTENTION
Task: {154BC634-A715-408B-8F99-3C3CB096C5A5} - \GoogleUpdateTaskUserS-1-5-21-2563996265-3980964405-695694909-1001Core -> No File <==== ATTENTION
Task: {701E61DB-B532-4EE3-9C92-37BBB9283A5B} - \Pokki -> No File <==== ATTENTION
Task: {7A10FF25-0ABE-43A5-900A-7D6AE912344C} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {D06F8168-A753-45DB-B672-47A893898EB2} - \bvxvyxvec -> No File <==== ATTENTION
Task: {D9335FCA-AB79-4E18-8107-F7A5E022AE25} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 4: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\
Step 6: Fresh FRST Scans
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

Question: Have the alerts stopped?

  • 0

#3
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP