Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Sept 30, 2014 13:33:00 GMT -8
You may as well have Adwcleaner fix what was stated above, (except the items in RED)
I have to think, for starters your 30th may be what is my today being the 1st of October.
Don't have Norton stop notifying as we can use the Norton continual alerts to tell when it is gone.
poweliks does check for updates, so maybe an update file or whatever downloaded before, we broke the old key, then the new version installed somewhere later.
Quads
|
|
|
Post by kmcard on Sept 30, 2014 14:19:42 GMT -8
Here is the report generated from the Clean function in AdwCleaner:
# AdwCleaner v3.310 - Report created 30/09/2014 at 18:12:13 # Updated 12/09/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Birdview - BIRDVIEWPC # Running from : C:\Users\Birdview\Desktop\AdwCleaner.exe # Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
File Deleted : C:\Users\Public\Desktop\eBay.lnk
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
[x] Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [x] Not Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v29.0.1 (en-US)
[ File : C:\Users\Birdview\AppData\Roaming\Mozilla\Firefox\Profiles\gu4hh183.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2288 octets] - [30/09/2014 00:02:21] AdwCleaner[R1].txt - [2348 octets] - [30/09/2014 18:07:09] AdwCleaner[S0].txt - [2194 octets] - [30/09/2014 18:12:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2254 octets] ##########
FYI, it is Sep 30th here; 6:19pm EST. What next?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Sept 30, 2014 14:22:31 GMT -8
Is Norton still alerting?? It's a pity Norton does not give the Registry key in the info also
Quads
|
|
|
Post by kmcard on Sept 30, 2014 14:35:17 GMT -8
Intrusion Prevention Notifications are ON. I did not click Stop Notifying Me.
I agree with you on Norton giving registry keys -- it would be *very* helpful!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Sept 30, 2014 15:01:31 GMT -8
Is Norton still giving Popup alerts as we are talking (messaging) over the last hour?? lets try this Download and run MBAR, www.malwarebytes.org/antirootkit/ It is not MBAM, and make sure you update the definitions in MBAR, so they are the latest available. Lets see if that will find the key for us even though users find MBAR cannot handle the registry key. Quads
|
|
|
Post by kmcard on Sept 30, 2014 15:04:06 GMT -8
Just had--but didn't see (could have been looking the other direction)--the following attempt to invade my system:
Category: Norton Product Tamper Protection Date & Time 9/30/2014 6:19:51 PM Risk Medium Activity Unauthorized access blocked (Access Process Data) Status Blocked Recommended Action No Action Required Date 9/30/2014 6:19:51 PM Actor C:\WINDOWS\SYSTEM32\CONHOST.EXE Actor PID 4156 Target C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\cltlmh.exe Target PID 4872 Action Access Process Data Reaction Unauthorized access blocked
Or may not have been shown because the risk is Medium.
|
|
|
Post by kmcard on Sept 30, 2014 15:04:56 GMT -8
Will do. I'll get right back with you.
Had to go back into IE and enable downloads again for the internet zone. Must go walk my dog before it gets dark. I'll be back with you in about 40 minutes.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Sept 30, 2014 15:07:38 GMT -8
Nope Not Poweliks, That is a Windows file brushing up against Norton and Norton's Anti-Tamper Protection goes NO YOU DON'T and protects itself then logs the attempt.
Quads
|
|
|
Post by kmcard on Sept 30, 2014 15:11:45 GMT -8
Good to know.
|
|
|
Post by kmcard on Sept 30, 2014 15:42:44 GMT -8
Ran MBAR. Got "Scan Complete. No Malware Found."
|
|