CeciliaB

Hi Andersyn, Yes, see here: https://www.adaware.com/user-guide/scan_reports

Hi Peter, Please see this topic: https://forum.adaware.com/index.php?/topic/35079-problem-with-activation-of-paid-versions-of-adaware-antivirus-12/

You're welcome and I'm glad the problem is gone. You renamed two Chrome Extensions called Google Translate and Chrome Media Router since they were changed during the same day as your problem started. It's common to have those extensions but in your case they might have been changed in a bad way. If you've another computer you can copy those two folders from the other computer. You can also ask a friend to send them to you. At the end of the week you can delete those renamed files and folders and uninstall FRST in this way: Rename FRST/FRST64.exe to uninstall.exe and run it.

1. You should change to another antivirus program since it's important to always have the realtime scanning running. But not now. 2. Please, start Notepad. Copy all text that is in the box: CreateRestorePoint: CloseProcesses: AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75} FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E} Norton Online Backup (HKLM-x32\...\NARA) (Version: 4.6.0.12 - Symantec Corporation) Hidden ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File HKLM-x32\...\Run: [] => [X] HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION S3 np_ck64s; C:\WINDOWS\syswow64\np_ck64s.sys [108976 2019-07-01] (INCA Internet Co.,Ltd. -> INCA Internet Co.,Ltd.) S3 TKCtrl; C:\WINDOWS\SysWOW64\TKCtrl2k64.sys [147240 2019-01-15] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION S3 TKFsAvM; C:\WINDOWS\SysWOW64\TKFsAv64.sys [198808 2019-01-15] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION S3 TKFsFtM; C:\WINDOWS\SysWOW64\TKFsFt64.sys [28824 2019-01-15] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION S3 TKPcFt; C:\WINDOWS\SysWOW64\TKPcFtCb64.sys [54504 2019-01-15] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION S3 TKRgAc; C:\WINDOWS\SysWOW64\TKRgAc2k64.sys [115760 2019-01-15] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION S3 TKRgFt; C:\WINDOWS\SysWOW64\TKRgFtXp64.sys [68968 2019-01-15] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION S3 TKTool; C:\WINDOWS\system32\TKTool2k64.sys [32496 2019-01-15] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) <==== ATTENTION U1 avgbdisk; no ImagePath Reboot: and paste in Notepad. Check that no files have been split on two lines. Save the file as fixlist.txt on the desktop. Exit all programs. Start FRST, please. Click the Fix button. Wait until the tool has finished. It creates a log file, called Fixlog.txt, on the desktop. Please, paste the content of that file in your reply. 3. Please, locate these files or folders and change their names, e.g. by adding the text _bad. 2020-11-18 14:32 - 2020-11-18 14:32 - 000000024 _____ C:\ProgramData\33764.bat 2020-11-18 14:29 - 2020-11-18 22:03 - 000000000 ___HD C:\ProgramData\Windows Host 2020-11-18 14:29 - 2020-11-18 14:29 - 000000024 _____ C:\ProgramData\64657.bat 2020-11-18 14:28 - 2020-11-29 17:39 - 000000000 ____D C:\Users\micecom\Documents\VlcpVideoV1.0.1 2020-12-01 02:07 - 2019-04-20 10:24 - 000000000 ____D C:\Program Files (x86)\INCAInternet CHR Extension: (Google Translate) - C:\Users\micecom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfhfpkmpnmlmlgfeabpegnfpdnmokco [2020-11-18] CHR Extension: (Chrome Media Router) - C:\Users\micecom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-18] Some of these files and folders are hidden and you need to change a setting to be able to see them: https://support.microsoft.com/en-us/windows/view-hidden-files-and-folders-in-windows-10-97fbc472-c603-9d90-91d0-1166d1d9f4b5 I suggest a name change since it's difficult to know if something will stop working or give you a lot of error messages when the files/folders get a new name or are deleted. If you get any such problems you can change the names back to the original names. Please tell me if something happens. Restart the computer and check how Chrome works. 4. I'll soon leave the computer for maybe 14 hours.

Can you disable the sync feature in Chrome? It's possible that something you do in Chrome to prevent e.g. addons is changed back by the sync feature. McAfee hasn't registered in Windows as an antivirus program, only as a firewall. Can you see that the antivirus part is working? Can you uninstall nProtect Online Security? Please restart the computer afterwards. Please upload new FRST logs since you've uninstalled the Norton programs and hopefully nProtect.

Are you using the synchronization feature in Chrome? Have you installed nProtect Online Security by INCA Internet yourself? Are you using Norton Online Backup (program) or Norton Studio (app from Microsoft Store? If not, please uninstall. Which antivirusprogram are you using? Did you install the adware November 18th (strange .bat files are created at that date as well as the folder C:\Users\micecom\Documents\VlcpVideoV1.0.1)?

Sync in Chrome?

Thanks. Sorry, still only the last part of FRST.txt. Do you get any error messages while running FRST? Try to delete FRST.txt and Addition.txt before running FRST again.

That isn't the complete FRST.txt, please try again.

You've to uninstall more of it. Follow this: https://support.norton.com/sp/en/us/home/current/solutions/v15972972 Restart the computer. Run FRST and upload new log files.

You've firewalls from Norton and McAfee according to Addition.txt. The recommendation is to have only one firewall and one antivirusprogram. Having two can cause conflicts and lower security. Which program do you want to use? Are there any problems with adware in Edge or Firefox? Which program do you think installed the adware and when did that happen?

I can see that you're using Norton. Can't they help you? But I'll continue to go through the log files.

Please see this topic: https://forum.adaware.com/index.php?/topic/30823-read-this-before-you-post/

Hi hRC, Have you gone through all settings in Chrome to check if they're correct? Have you tried to disable all add-ons to make sure that none of them is the culprit? Note that adware aren't virus or a malicious program since they don't destroy Windows and you've selected to install it. Therefore adware are seldom detected by antivirus programs.