Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox/Chrome Won't Load Webpages


  • This topic is locked This topic is locked
10 replies to this topic

#1 jkinst

jkinst

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 09 October 2015 - 08:41 PM

Earlier this week I started to notice that Firefox was taking progressively longer to return searches and load pages. It is now to the point where I can't get either Firefox or Chrome to even open the Google search page. My computer runs wirelessly to the stock gateway that I lease from Comcast. Another computer runs wired to the same gateway and has zero internet connectivity issues. My wireless computer shows full wireless connection with zero problems as far as receiving data from the gateway.

 

I can connect wirelessly to the gateway using my mobile phone on the exact same network that my wireless computer is connected to. I can browse effortlessly with my phone; zero page loading issues, such as it is, while sitting right in front of the computer with the browser issue. Additionally, I can connect with a wireless laptop sitting right in front of the computer with the issue.

 

I had switched to Comcast Xfinity internet service from ATT 2 or so months ago. I've had no noticable problems with wireless connections or browsing until this week. I called Comcast and ran through some resetting procedures for the gateway. They had no impact on my wireless computer's issue.

 

I generally keep my computer up to date and clean using CCleaner. I regularly purge unneeded software and files and keep it backed up. I've been using Microsoft Security Essentials as virus protection and keep the firewall on. I also ran Malwarebytes a couple of times. It found a bunch of files I then deleted, but ultimately that had no impact on the browser problem.

 

I'm running Windows 7, 64 with an i7 3930k on an Asus p9x79 Pro board. 32 G DDRAm with 2 SSD 840 Pro drives - one with the Windows OS, the other with an Apple OS. I also have 1T back up mechanical drive. The graphics card is a Quadro 4000. If you need any other details, please ask.

 

I've used you guys in the past and am hoping you can help again. Thanks for your help.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 PM

Posted 10 October 2015 - 09:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1007246190-3075859505-3213529307-1000 -> DefaultScope {07EF1C94-624B-4A63-A31E-0F04DE83F00F} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN12067631792778718&UM=2
SearchScopes: HKU\S-1-5-21-1007246190-3075859505-3213529307-1000 -> {07EF1C94-624B-4A63-A31E-0F04DE83F00F} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN12067631792778718&UM=2
SearchScopes: HKU\S-1-5-21-1007246190-3075859505-3213529307-1000 -> {D6E86B87-E782-4773-92A1-8A900807E12E} URL =
Toolbar: HKU\S-1-5-21-1007246190-3075859505-3213529307-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1007246190-3075859505-3213529307-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Johnnysporto\AppData\Local\Citrix\Plugins\104\npappdetector.dll No File
CHR Extension: (Poppit!) - C:\Users\Johnnysporto\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-06-15]
U2 Remote Solver for Flow Simulation 2014; no ImagePath
C:\Users\Johnnysporto\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
Task: {274250C1-49ED-4C01-A81B-E1A826C8685B} - System32\Tasks\{BA312B6A-AFE2-4076-8CEB-3FFE99C43FBF} => pcalua.exe -a "C:\Program Files (x86)\SearchProtect\bin\uninstall.exe" -c /S <==== ATTENTION
C:\Program Files (x86)\SearchProtect
C:\Users\KnH\AppData\Local\Temp\d__jfn9p.dll
C:\Users\KnH\AppData\Local\Temp\he1ed3ux.dll
C:\Users\KnH\AppData\Local\Temp\sqlite3.dll
C:\Users\KnH\AppData\Local\Temp\{72B6ECD8-CA54-4C10-BC47-F202C4CBF762}.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#3 jkinst

jkinst
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 10 October 2015 - 12:36 PM

Thanks for your help nasdaq.

 

Here are the logs:

 

 

Fixlog:

 

 

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1007246190-3075859505-3213529307-1000 -> DefaultScope {07EF1C94-624B-4A63-A31E-0F04DE83F00F} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN12067631792778718&UM=2
SearchScopes: HKU\S-1-5-21-1007246190-3075859505-3213529307-1000 -> {07EF1C94-624B-4A63-A31E-0F04DE83F00F} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN12067631792778718&UM=2
SearchScopes: HKU\S-1-5-21-1007246190-3075859505-3213529307-1000 -> {D6E86B87-E782-4773-92A1-8A900807E12E} URL =
Toolbar: HKU\S-1-5-21-1007246190-3075859505-3213529307-1000 ->
No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1007246190-3075859505-3213529307-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Johnnysporto\AppData\Local\Citrix\Plugins\104\npappdetector.dll No File
CHR Extension: (Poppit!) - C:\Users\Johnnysporto\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-06-15]
U2 Remote Solver for Flow Simulation 2014; no ImagePath
C:\Users\Johnnysporto\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
Task: {274250C1-49ED-4C01-A81B-E1A826C8685B} - System32\Tasks\{BA312B6A-AFE2-4076-8CEB-3FFE99C43FBF} => pcalua.exe -a "C:\Program Files (x86)\SearchProtect\bin\uninstall.exe" -c /S <==== ATTENTION
C:\Program Files
(x86)\SearchProtect
C:\Users\KnH\AppData\Local\Temp\d__jfn9p.dll
C:\Users\KnH\AppData\Local\Temp\he1ed3ux.dll
C:\Users\KnH\AppData\Local\Temp\sqlite3.dll
C:\Users\KnH\AppData\Local\Temp\{72B6ECD8-CA54-4C10-BC47-F202C4CBF762}.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1007246190-3075859505-3213529307-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1007246190-3075859505-3213529307-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07EF1C94-624B-4A63-A31E-0F04DE83F00F}" => key removed successfully
HKCR\CLSID\{07EF1C94-624B-4A63-A31E-0F04DE83F00F} => key not found.
"HKU\S-1-5-21-1007246190-3075859505-3213529307-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D6E86B87-E782-4773-92A1-8A900807E12E}" => key removed successfully
HKCR\CLSID\{D6E86B87-E782-4773-92A1-8A900807E12E} => key not found.
HKU\Toolbar: HKU\S-1-5-21-1007246190-3075859505-3213529307-1000 ->\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-1007246190-3075859505-3213529307-1000 -> => value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-1007246190-3075859505-3213529307-1000 -> => key not found.
No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File => Error: No automatic fix found for this entry.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKU\S-1-5-21-1007246190-3075859505-3213529307-1000\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin" => key removed successfully
C:\Users\Johnnysporto\AppData\Local\Citrix\Plugins\104\npappdetector.dll => not found.
C:\Users\Johnnysporto\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi => moved successfully
Remote Solver for Flow Simulation 2014 => service removed successfully
"C:\Users\Johnnysporto\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{274250C1-49ED-4C01-A81B-E1A826C8685B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{274250C1-49ED-4C01-A81B-E1A826C8685B}" => key removed successfully
C:\Windows\System32\Tasks\{BA312B6A-AFE2-4076-8CEB-3FFE99C43FBF} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BA312B6A-AFE2-4076-8CEB-3FFE99C43FBF}" => key removed successfully
"C:\Program Files" => Warning: FRST is scripted not to move this directory.
(x86)\SearchProtect => Error: No automatic fix found for this entry.
"C:\Users\KnH\AppData\Local\Temp\d__jfn9p.dll" => File/Folder not found.
"C:\Users\KnH\AppData\Local\Temp\he1ed3ux.dll" => File/Folder not found.
"C:\Users\KnH\AppData\Local\Temp\sqlite3.dll" => File/Folder not found.
"C:\Users\KnH\AppData\Local\Temp\{72B6ECD8-CA54-4C10-BC47-F202C4CBF762}.exe" => File/Folder not found.
EmptyTemp: => 103.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:00:44 ====

 

 

MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/10/2015
Scan Time: 12:11:21 PM
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.10.07.06
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Johnnysporto

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 450504
Time Elapsed: 18 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 30
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\media player, , [497090c3fc8fca6c9098f50cb54bae52],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\credentials, , [9227b79c18733105dc4c24dd9967bf41],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\device metadata, , [f5c474df692267cf34f411f0f90724dc],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\device stage, , [8336eb689dee092d2107966b6c948779],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\event viewer, , [dcdd98bbcebd7db9a5830ef3d927857b],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\feeds, , [e9d0ca8906850531de4a877a1de35ba5],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\feeds cache, , [9a1f163d1675ea4cd55333ced32d06fa],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\helpviewer2.0, , [546574dfbecd34028a9e9b66f80844bc],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\ime12, , [477285ceaae1c27446e222df13ed8f71],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\imjp12, , [0aaf82d1c2c9d165ec3c2dd43bc5867a],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\imjp8_1, , [7643cc87a1eac472190fdb26c33d12ee],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\imjp9_0, , [98211241ddae6fc7b67247ba5da3b54b],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\inputpersonalization, , [78414e05aae192a40c1c40c11fe1966a],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\internet explorer, , [b0099eb50d7e112557d149b86b9524dc],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\msdn, , [93260f448902ac8a77b1a55ce8184fb1],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\nettraces, , [a118fa5967243402190fd03177899d63],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\photo acquisition, , [3980be95e3a8a6909d8b38c9c739c739],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\playready, , [31881b380d7e1d194eda778ae21ecc34],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\portable devices, , [8d2c57fc840738feff29ed147090f907],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\vault, , [96236ee5b1da4aec6fb9857c36cad42c],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\vscommon, , [5b5ede759deeb284091f32cf47b939c7],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\vsta, , [2a8f381b6c1fda5cc464f9081de3a45c],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\vstahost, , [d2e7fc571576270f84a43bc64bb5e11f],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\wdexpress, , [ebce94bfbbd0cf675dcb8081d62ace32],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\windows, , [7d3c61f21576d561f731d42d748c59a7],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\windows mail, , [0eab4f046328072fa4847a879f61956b],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\windows media, , [cdec1a39593281b52cfc3fc23fc157a9],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\u\windows sidebar, , [6950074c2d5e300660c87a87d72907f9],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\l\automaticdestinations, , [4c6d8bc8d6b5e0569e8cb34e67994bb5],
Trojan.Siredef.C, c:\$recycle.bin\s-1-5-21-1007246190-3075859505-3213529307-1000\$rnxkurt.works\l\customdestinations, , [4a6faba8a8e3092d9397cc35e91717e9],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#4 jkinst

jkinst
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 10 October 2015 - 12:49 PM

I reset both of them like you requested and the same problem persists.



#5 jkinst

jkinst
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 10 October 2015 - 06:03 PM

At this point I've uninstalled both firefix and chrome. I can't get malwarebytes to remove the trojan from my computer. Can you recommend some other software that can do it? Can I do it manually? If so, how?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 PM

Posted 11 October 2015 - 07:46 AM

The bad files are quarantined in the Recycle bin.
Empty it as suggested below.

http://windows.microsoft.com/en-us/windows/permanently-delete-files-recycle-bin#1TC=windows-7

Keep me posted.

#7 jkinst

jkinst
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 11 October 2015 - 02:26 PM

No, they were all getting deleted. It seems like there's another program that's running in the background that's causing the problem. I'm pasting 3 more mbam logs below. I actually ran 1 more with the same results as the last time.

 

It's no longer catching anything, there's nothing in the recycle bin, i've deleted every google and mozilla folder I can find across every user account on my system. I've reloaded firefox. Still can't connect. I really need to be able access the internet with that computer as I have work to do and lot of software loaded on it. I'm getting worried I'll need to reformat the drive and reload everything.

 

Is there anything else to do here? This is getting ridiculous.

 

mbam log 2

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/11/2015
Scan Time: 10:28 AM
Logfile: mbamlog2.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.06.03.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Johnnysporto

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 455781
Time Elapsed: 22 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ABB70543-0896-45F9-91A1-C3684800861F}, , [bb94caec15758fa741e7d1af40c5e41c],
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-1007246190-3075859505-3213529307-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{62807D39-033A-41FA-B2EC-4EA62B6DF01A}, , [301ff5c1ed9d37ff7fa8037d64a14cb4],
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-1007246190-3075859505-3213529307-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ABB70543-0896-45F9-91A1-C3684800861F}, , [f8576f477c0ef14567c0166a26df16ea],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1007246190-3075859505-3213529307-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{407085BB-1F5A-454F-85EB-C031A1405496}, , [06496c4a9af0b581fdecffe86b9831cf],

Registry Values: 4
PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ABB70543-0896-45F9-91A1-C3684800861F}|AppPath, C:\Users\Johnnysporto\AppData\Local\Conduit\CT3306061, , [bb94caec15758fa741e7d1af40c5e41c]
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-1007246190-3075859505-3213529307-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{62807D39-033A-41FA-B2EC-4EA62B6DF01A}|AppPath, C:\Users\Johnnysporto\AppData\Local\Conduit\CT3306061, , [301ff5c1ed9d37ff7fa8037d64a14cb4]
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-1007246190-3075859505-3213529307-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ABB70543-0896-45F9-91A1-C3684800861F}|AppPath, C:\Users\Johnnysporto\AppData\Local\Conduit\CT3306061, , [f8576f477c0ef14567c0166a26df16ea]
PUP.Optional.Spigot.A, HKU\S-1-5-21-1007246190-3075859505-3213529307-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{407085BB-1F5A-454F-85EB-C031A1405496}|URL, http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}, , [06496c4a9af0b581fdecffe86b9831cf]

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1, , [4906fcbaa4e60e28d89b483044c17b85],
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk, , [4906fcbaa4e60e28d89b483044c17b85],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1, , [d87775412367b0869ed5ea8ef0158f71],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk, , [d87775412367b0869ed5ea8ef0158f71],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1, , [361932841971c76fabc88deb669f6d93],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk, , [361932841971c76fabc88deb669f6d93],

Files: 18
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\lsdb.js, , [4906fcbaa4e60e28d89b483044c17b85],
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\background.html, , [4906fcbaa4e60e28d89b483044c17b85],
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\content.js, , [4906fcbaa4e60e28d89b483044c17b85],
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\manifest.json, , [4906fcbaa4e60e28d89b483044c17b85],
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\NbChjyA02z.js, , [4906fcbaa4e60e28d89b483044c17b85],
PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\newtab.html, , [4906fcbaa4e60e28d89b483044c17b85],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\lsdb.js, , [d87775412367b0869ed5ea8ef0158f71],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\background.html, , [d87775412367b0869ed5ea8ef0158f71],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\content.js, , [d87775412367b0869ed5ea8ef0158f71],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\manifest.json, , [d87775412367b0869ed5ea8ef0158f71],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\NbChjyA02z.js, , [d87775412367b0869ed5ea8ef0158f71],
PUP.Optional.MultiPlug.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\newtab.html, , [d87775412367b0869ed5ea8ef0158f71],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\lsdb.js, , [361932841971c76fabc88deb669f6d93],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\background.html, , [361932841971c76fabc88deb669f6d93],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\content.js, , [361932841971c76fabc88deb669f6d93],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\manifest.json, , [361932841971c76fabc88deb669f6d93],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\NbChjyA02z.js, , [361932841971c76fabc88deb669f6d93],
PUP.Optional.MultiPlug.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\opedahpaodkgfpjfegdehdfmbhnpppmk\2.1\newtab.html, , [361932841971c76fabc88deb669f6d93],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

mbam log 3

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/11/2015
Scan Time: 12:16 PM
Logfile: mbamlog3.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.11.05
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Johnnysporto

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 460592
Time Elapsed: 20 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5, , [347d7cd99bf09c9a9484cbf831d3cd33],

Files: 27
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\{5A1D3F9E-73B5-95EC-1233-6646E1358965}.20140708175134, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\7507b1760d291bcbf7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\0f839359446eec4cf7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\18ddebc21b1899cef7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\320bcc5e40d548abf7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\40d6d488e7bd7db3f7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\4de7f7ba0f170162f7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\5fd9088430f752d0f7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\60b6132765a7b0abf7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\eb6fe1e673371e2ef7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\f5cc729cb4343855f7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\{7223EDAC-E091-B3C1-BD91-B66CE557800F}.20141008183104, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\{A695893E-A5C7-2E5C-6953-52B0E61E4C1A}.20140817175911, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}.20140817175857, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\{C5BEEF27-CB82-4A8B-0498-92143CA75423}, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.old, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\7974260873336aadf7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\7a747dec3812979ff7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\8452e691c1478e9af7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\8c84dcdc46445dd6f7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\a3961ecd467f2a7bf7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\a4972f3d267d7857f7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\c639ec01ae8d99a9f7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],
PUP.Optional.MultiPlug, C:\ProgramData\63480854b2ef99b5\d08d3ab0b9962d8df7d1c4f241b854f9.ini, , [347d7cd99bf09c9a9484cbf831d3cd33],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

 

 

 

 

mbam log 4

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/11/2015
Scan Time: 1:01 PM
Logfile: mbamlog4.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.11.05
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Johnnysporto

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 460608
Time Elapsed: 22 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#8 jkinst

jkinst
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 11 October 2015 - 03:28 PM

I've run rkill followed by microsoft security essentials: it found something and removed. No change.

 

I've run combofix: it removed a bunch of stuff. No change.

 

I've run jrt: it removed some stuff. No change.

 

Any help here?



#9 jkinst

jkinst
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 11 October 2015 - 07:39 PM

Alright, well I've now run adwcleaner and roguekiller. And now it seems to work again. Not sure which one did it, but my browsers are loading web pages again.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 PM

Posted 12 October 2015 - 08:01 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 PM

Posted 18 October 2015 - 09:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users