Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No websites will load


  • This topic is locked This topic is locked
4 replies to this topic

#1 TippyW

TippyW

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 04 April 2017 - 10:47 AM

Dear Bleepingcomputer!

 

I hope I am posting in the correct forum.

 

I am using windows10. Yesterday I had the sudden problem that no web pages would load. I am able to use gmail, wikipedia and facebook, and I can make a Google search, but no other webpages will, instead I get the "Server not found" notice. I am having the same problem in firefox and internet explorer. I saw something about "googleadservice" in one of the notices yesterday and so I assumed that was the problem. I reset firefox and internet explorer, I deleted everything with "googleadservices" from registry editor, I ran malwarebytes (which detected a few problems which I dealt with) and "exterminate-it" (which picked up nothing), I cleared my internet caches and cookies. The problem is still there. I am finding it quite hard to run security scans because any sites which I might download a program from will not open.

 

Is there any advice you can give me? Would you advise that I reset my computer to factory settings? It is a relatively new computer and so there is nothing irreplaceable there yet, and I can save all valuable files on a USB stick.

 

Any advice would be appreciated.

 

Thank you!

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:07 AM

Posted 04 April 2017 - 11:10 AM

Welcome to BC...

 

Have you tried booting into safe mode with networking to see if you can download from there? If not....try that.

 

Did MBAM find anything malicious? It would be helpful if you could post its last scan log showing what it found and removed.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 TippyW

TippyW
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 04 April 2017 - 11:48 AM

Thank you for the fast reply,

 

I have rebooted in safe mode. Nothing is loading in firefox and now gmail is not loading.

 

The scan report from malwarebytes is below.

 

Thanks again,

 

 

-Log Details-

Scan Date: 4/4/17

Scan Time: 12:08 AM

Logfile: scan report.txt

Administrator: Yes

 

-Software Information-

Version: 3.0.6.1469

Components Version: 1.0.96

Update Package Version: 1.0.1622

License: Free

 

-System Information-

OS: Windows 10

CPU: x64

File System: NTFS

User: LAPTOP-O4U8AQ37\timwi

 

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 420378

Time Elapsed: 5 min, 58 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 11

Adware.Elex, HKLM\SOFTWARE\jhtrsq, Quarantined, [305], [363186],1.0.1622

PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Fakthertuverge Controls, Quarantined, [15], [322128],1.0.1622

Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\jhtrsq, Quarantined, [305], [363186],1.0.1622

Adware.Elex, HKU\S-1-5-18\SOFTWARE\jhtrsq, Quarantined, [305], [363194],1.0.1622

PUP.Optional.Wajam.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [18446], [-1],0.0.0

PUP.Optional.YTAdBlocker, HKU\S-1-5-21-3891160051-3566189663-2573057544-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}, Quarantined, [2281], [345517],1.0.1622

PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{61575A6F-A3FA-4FF4-A6FC-1EC5FA8CD226}, Quarantined, [15], [322127],1.0.1622

PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\da7a49cb9ec6a299f6ecb03772ca7838, Quarantined, [18492], [261569],1.0.1622

PUP.Optional.YTAdBlocker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}, Quarantined, [2281], [345516],1.0.1622

PUP.Optional.YTAdBlocker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}, Quarantined, [2281], [345516],1.0.1622

PUP.Optional.YTAdBlocker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}, Quarantined, [2281], [345516],1.0.1622

 

Registry Value: 5

PUP.Optional.Wajam.Gen, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [18446], [-1],0.0.0

PUP.Optional.Wajam.Gen, HKU\S-1-5-21-3891160051-3566189663-2573057544-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [18446], [-1],0.0.0

PUP.Optional.Wajam.Gen, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [18446], [-1],0.0.0

PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{61575A6F-A3FA-4FF4-A6FC-1EC5FA8CD226}|PATH, Quarantined, [15], [322127],1.0.1622

PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\da7a49cb9ec6a299f6ecb03772ca7838|DISPLAYNAME, Quarantined, [18492], [261569],1.0.1622

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 9

PUP.Optional.Elex.SHHKRST, C:\USERS\TIMWI\APPDATA\ROAMING\Ghasetion, Quarantined, [446], [340565],1.0.1622

PUP.Optional.FakeFFProfile, C:\Users\timwi\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\iwz64idz.default, Quarantined, [2796], [363173],1.0.1622

PUP.Optional.FakeFFProfile, C:\Users\timwi\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles, Quarantined, [2796], [363173],1.0.1622

PUP.Optional.FakeFFProfile, C:\USERS\TIMWI\APPDATA\ROAMING\Mozilla\Firefox\naweriweentcofise, Quarantined, [2796], [363173],1.0.1622

PUP.Optional.Elex, C:\PROGRAM FILES (X86)\Tjaiedrevak, Quarantined, [15], [332351],1.0.1622

PUP.Optional.Elex, C:\USERS\TIMWI\APPDATA\LOCAL\Aticolyvqage, Quarantined, [15], [332350],1.0.1622

PUP.Optional.Wajam.Gen, C:\Program Files\da7a49cb9ec6a299f6ecb03772ca7838\7b14b10e69ef74f4b9944252feade711, Quarantined, [18446], [259462],1.0.1622

PUP.Optional.Wajam.Gen, C:\PROGRAM FILES\da7a49cb9ec6a299f6ecb03772ca7838, Quarantined, [18446], [259462],1.0.1622

PUP.Optional.ProxyGate, C:\WINDOWS\SYSTEM32\SSL, Quarantined, [1173], [382064],1.0.1622

 

File: 27

PUP.Optional.FakeFFProfile, C:\Users\timwi\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\iwz64idz.default\prefs.js, Quarantined, [2796], [363173],1.0.1622

PUP.Optional.FakeFFProfile, C:\Users\timwi\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\iwz64idz.default\profiles.ini, Quarantined, [2796], [363173],1.0.1622

PUP.Optional.FakeFFProfile, C:\Users\timwi\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\iwz64idz.default\search.json.mozlz4, Quarantined, [2796], [363173],1.0.1622

PUP.Optional.Elex, C:\Program Files (x86)\Tjaiedrevak\CrashReport.dll, Quarantined, [15], [332351],1.0.1622

PUP.Optional.Elex, C:\Program Files (x86)\Tjaiedrevak\mple.exe, Quarantined, [15], [332351],1.0.1622

PUP.Optional.Trotux, C:\USERS\TIMWI\APPDATA\ROAMING\PROFILES\FECTHERCHERGERY.DEFAULT\SEARCHPLUGINS\KGD7PY88.XML, Quarantined, [420], [324483],1.0.1622

PUP.Optional.Trotux, C:\USERS\TIMWI\APPDATA\ROAMING\PROFILES\FECTHERCHERGERY.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1622

PUP.Optional.Trotux, C:\USERS\TIMWI\APPDATA\ROAMING\PROFILES\FECTHERCHERGERY.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1622

PUP.Optional.Trotux, C:\USERS\TIMWI\APPDATA\ROAMING\PROFILES\FECTHERCHERGERY.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1622

PUP.Optional.Trotux, C:\USERS\TIMWI\APPDATA\ROAMING\PROFILES\FECTHERCHERGERY.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1622

PUP.Optional.Trotux, C:\USERS\TIMWI\APPDATA\ROAMING\PROFILES\FECTHERCHERGERY.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1622

PUP.Optional.Trotux, C:\USERS\TIMWI\APPDATA\ROAMING\PROFILES\FECTHERCHERGERY.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1622

PUP.Optional.Trotux, C:\USERS\TIMWI\APPDATA\ROAMING\PROFILES\FECTHERCHERGERY.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1622

PUP.Optional.NeoBar.Generic, C:\USERS\TIMWI\APPDATA\LOCAL\TEMP\40E0D74B-BDE1-43A5-BF76-CA153F6F230C\YT.EXE, Quarantined, [1977], [341543],1.0.1622

Adware.HPDefender, C:\USERS\TIMWI\APPDATA\LOCAL\TEMP\4A9EA3BE-B080-473A-8E8D-BFAD8D083DF1\BILEPLAHNCO.RU_WORLD.EXE, Quarantined, [35], [331403],1.0.1622

PUP.Optional.Elex, C:\WINDOWS\SYSTEM32\TASKS\Fakthertuverge Controls, Quarantined, [15], [322129],1.0.1622

PUP.Optional.Wajam.Gen, C:\PROGRAM FILES\da7a49cb9ec6a299f6ecb03772ca7838\7b14b10e69ef74f4b9944252feade711\047b1469409f6134081953d258d33551.ico, Quarantined, [18446], [259462],1.0.1622

PUP.Optional.Wajam.Gen, C:\Program Files\da7a49cb9ec6a299f6ecb03772ca7838\7b14b10e69ef74f4b9944252feade711\51fae7f69b2becf2fc060a8a7902b796.ico, Quarantined, [18446], [259462],1.0.1622

PUP.Optional.Wajam.Gen, C:\Program Files\da7a49cb9ec6a299f6ecb03772ca7838\7b14b10e69ef74f4b9944252feade711\d9b19d170b3eb3614875235d5ad0354f.ico, Quarantined, [18446], [259462],1.0.1622

PUP.Optional.Wajam.Gen, C:\Program Files\da7a49cb9ec6a299f6ecb03772ca7838\0c34eb289aa4f20992a8f4e79adf5296.exe, Quarantined, [18446], [259462],1.0.1622

PUP.Optional.Wajam.Gen, C:\Program Files\da7a49cb9ec6a299f6ecb03772ca7838\85505b9068336a8d164108e31c8755a9.exe, Quarantined, [18446], [259462],1.0.1622

PUP.Optional.Wajam.Gen, C:\Program Files\da7a49cb9ec6a299f6ecb03772ca7838\d0b3e9b0862a200c2fa1e8ee02a6ec0c, Quarantined, [18446], [259462],1.0.1622

PUP.Optional.Wajam.Gen, C:\Program Files\da7a49cb9ec6a299f6ecb03772ca7838\d9b19d170b3eb3614875235d5ad0354f.ico, Quarantined, [18446], [259462],1.0.1622

PUP.Optional.ProxyGate, C:\WINDOWS\SYSTEM32\SSL\XV.DB, Quarantined, [1173], [382064],1.0.1622

PUP.Optional.ProxyGate, C:\Windows\System32\SSL\b5206da38f9a2775.cer, Quarantined, [1173], [382064],1.0.1622

PUP.Optional.ProxyGate, C:\Windows\System32\SSL\cert.db, Quarantined, [1173], [382064],1.0.1622

PUP.Optional.ProxyGate, C:\Windows\System32\SSL\xtls.db, Quarantined, [1173], [382064],1.0.1622

 

Physical Sector: 0

(No malicious items detected)

 

 

(end)



#4 buddy215

buddy215

  • Moderator
  • 13,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:07 AM

Posted 04 April 2017 - 01:53 PM

See if you can download the files needed to scan your computer to a flash drive or CD to be able to post a FRST log in the malware removal forum and transfer

them to the infected computer. Best to do the FRST scans in regular mode.

 

Below are the general instructions I would give for posting in the malware removal forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:07 AM

Posted 05 April 2017 - 09:37 AM

MRL topic:  https://www.bleepingcomputer.com/forums/t/643762/websites-not-loading/ .

 

Now that OP has properly posted a topic in the Logs forum, this AII topic is now closed to prevent confusion.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users