Laptop Internet Running Slow, New Tabs Opening

[RonnieDoitch]

My laptop internet is running slow and new tabs are opening up while I am using Google Chrome. I have purchased Malware Bytes but it is not finding anything to fix on my computer. My anti-virus software is BitDefender and it also is not finding anything. Attached are the FRST.TXT and Addition.txt files FRST64 created when I ran the program fr the first time.

Addition.txt

FRST.txt

[LiquidTension]

Hello RonnieDoitch, welcome to Malwarebytes' Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. 
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

• Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
• Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
• Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
• If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
• Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
• I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
• Ensure you are following this topic. Click  at the top of the page. 

======================================================
 
STEP 1
 Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key  + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
  

  ​startCreateRestorePoint:HKLM\...\Run: [] => [X]HKU\S-1-5-21-2168784989-1792140673-624790977-1000\...\MountPoints2: F - F:\autorun.exeHKU\S-1-5-21-2168784989-1792140673-624790977-1000\...\MountPoints2: G - G:\Launch.exeHKU\S-1-5-21-2168784989-1792140673-624790977-1000\...\MountPoints2: {1591418e-0ee8-11e4-a063-60eb69e61acc} - G:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-2168784989-1792140673-624790977-1000\...\MountPoints2: {36c0fcc2-631f-11e3-958f-60eb69e61acc} - G:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-2168784989-1792140673-624790977-1000\...\MountPoints2: {5cc2bcea-ace1-11e0-8e37-60eb69e61acc} - F:\TL-Bootstrap.exeHKU\S-1-5-21-2168784989-1792140673-624790977-1000\...\MountPoints2: {5cc2bcf9-ace1-11e0-8e37-60eb69e61acc} - F:\TL-Bootstrap.exeHKU\S-1-5-21-2168784989-1792140673-624790977-1000\...\MountPoints2: {62a09328-8fd6-11e2-8662-60eb69e61acc} - H:\TL-Bootstrap.exeHKU\S-1-5-21-2168784989-1792140673-624790977-1000\...\MountPoints2: {68d320c3-f042-11e1-b456-60eb69e61acc} - G:\TL-Bootstrap.exeHKU\S-1-5-21-2168784989-1792140673-624790977-1000\...\MountPoints2: {9eb93d11-e2d8-11e3-b722-60eb69e61acc} - G:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-2168784989-1792140673-624790977-1000\...\MountPoints2: {c88be5f8-efc6-11e1-8af1-60eb69e61acc} - G:\TL-Bootstrap.exeSearchScopes: HKU\S-1-5-21-2168784989-1792140673-624790977-1000 -> DefaultScope {D4F47210-44F2-450D-98AE-B38979A24559} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}SearchScopes: HKU\S-1-5-21-2168784989-1792140673-624790977-1000 -> {6C758769-0004-4F0E-8A9A-7E0E3A4D88D8} URL = SearchScopes: HKU\S-1-5-21-2168784989-1792140673-624790977-1000 -> {A8F916B6-604C-4370-8631-0D990952A120} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}SearchScopes: HKU\S-1-5-21-2168784989-1792140673-624790977-1000 -> {D4F47210-44F2-450D-98AE-B38979A24559} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}Toolbar: HKU\S-1-5-21-2168784989-1792140673-624790977-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No FileFF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileCHR Extension: (Java for Web Pages) - C:\Users\MegaLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmcbmmehggielopebenlpgcghiigckn [2014-11-08]S3 Tosrfcom; No ImagePathS3 dump_wmimmc; \??\C:\Program Files (x86)\TERA\TERA_HG\GameGuard\dump_wmimmc.sys [X]C:\Users\MegaLaptop\AppData\Local\Temp\BackupSetup.exeC:\Users\MegaLaptop\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\MegaLaptop\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exeC:\Users\MegaLaptop\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\MegaLaptop\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\MegaLaptop\AppData\Local\Temp\jre-8u31-windows-au.exeC:\Users\MegaLaptop\AppData\Local\Temp\nsjB977.exeC:\Users\MegaLaptop\AppData\Local\Temp\nsjBB9A.exeC:\Users\MegaLaptop\AppData\Local\Temp\nso8E4E.exeC:\Users\MegaLaptop\AppData\Local\Temp\nsqD1B3.exeC:\Users\MegaLaptop\AppData\Local\Temp\nst912C.exeC:\Users\MegaLaptop\AppData\Local\Temp\OfficeSetup.exeC:\Users\MegaLaptop\AppData\Local\Temp\SearchProtectionSetup.exeC:\Users\MegaLaptop\AppData\Local\Temp\SkypeSetup.exeC:\Users\MegaLaptop\AppData\Local\Temp\utt206D.tmp.exeAlternateDataStreams: C:\Users\MegaLaptop\Desktop\FRST64.exe:BDUAlternateDataStreams: C:\Users\MegaLaptop\Downloads\stamps.exe:BDUCMD: ipconfig /flushdnsCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end

• Click File, Save As and type fixlist.txt as the File Name. 
• Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
   

STEP 2
 Malwarebytes Anti-Malware (MBAM)

• Open Malwarebytes Anti-Malware and click Update Now.
• Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
• Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
• Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• Click Copy to Clipboard and paste the log in your next reply. 
   

STEP 3
 Junkware Removal Tool (JRT)

• Please download Junkware Removal Tool and save the file to your Desktop.
• Create a System Restore Point. For instructions, please refer to the following link (W7).
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Right-Click JRT.exe and select  Run as administrator to run the programme.
• Follow the prompts and allow the scan to run uninterrupted. 
• Upon completion, a log (JRT.txt) will open on your desktop.
• Re-enable your anti-virus software.
• Copy the contents of JRT.txt and paste in your next reply.
   

STEP 4
 AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select  Run as administrator to run the programme.
• Follow the prompts. 
• Click Scan. 
• Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean. 
• Follow the prompts and allow your computer to reboot. 
• After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
======================================================

STEP 5
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Fixlog.txt
• MBAM log
• JRT.txt
• AdwCleaner[s0].txt

[RonnieDoitch]

Thank you for the quick reply. Attached are the 4 logs you requested

AdwCleanerS0.txt

Fixlog.txt

JRT.txt

MalwareBytes Log.txt

[LiquidTension]

Hello, 
 
Please let me know what issues remain after doing the following. Is your browser still opening random tabs? 
 
STEP 1
 ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme. 
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Place a checkmark next to Enable detection of potentially unwanted applications.
• Click Advanced settings. Place a checkmark next to:
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Ensure Remove found threats is unchecked.
• Click Start.
• Wait for the scan to finish. Please be patient as this can take some time.
• Upon completion, click . If no threats were found, skip the next two bullet points. 
• Click  and save the file to your Desktop, naming it something such as "MyEsetScan".
• Push the Back button.
• Place a checkmark next to  and click .
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.
   

STEP 2
 RogueKiller

• Please download RogueKiller (x64) and save the file to your Desktop.
• Close any running programmes.
• Right-Click RogueKiller.exe and select  Run as administrator to run the programme.
• Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
• A browser window may open. Close the browser window.
• Click . Upon completion, click .
• Close the programme. Do not fix anything!
• A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
   

STEP 3
 Farbar Recovery Scan Tool (FRST) Scan

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
   

======================================================
 
STEP 4
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• ESET Online Scan log
• RKreport.txt
• FRST.txt
• Addition.txt

[RonnieDoitch]

ESET did not create any log. It did not find anything to report. Attached are the three other logs you requested.

 

The internet has been faster and no new tabs have opened since the first round of fixes you had me do. Usually while using Hulu a new tab would open up each time a new show would start, that hasnt happened at all.

Addition.txt

FRST.txt

RKreport_SCN_02182015_230553.log

[LiquidTension]

Hello, 
 
Just one item to remove. 
 
 Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
  

  startCreateRestorePoint:CHR Extension: (No Name) - C:\Users\MegaLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmcbmmehggielopebenlpgcghiigckn [2015-02-18]end

• Click File, Save As and type fixlist.txt as the File Name. 
• Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST64.exe and select Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
   

----------------
 

The internet has been faster and no new tabs have opened since the first round of fixes you had me do. 

Excellent!
 
Now for the good news. 
 
All Clean!
Congratulations, your computer appears clean! 
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful. 
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. 
 

 DelFix

• Please download DelFix and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
  • Reset system settings
• Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malware by quietman7, MVP
   

The following programmes come highly recommended in the security community.

•  AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
• CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
•  Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
•  Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
•  NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
•  Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
•  Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
•  SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
•  Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing.     
Adam

[RonnieDoitch]

Everything is working fine now. Thank you for your help! I made the FRST log, but then I ran the DelFix and it deleted the log. Whoops. Do you need me to run the FRST fixist again and get the log again?

 

Attached is the DelFix log.

[RonnieDoitch]

The DelFix file wont attach, so here it is:

 

# DelFix v10.8 - Logfile created 19/02/2015 at 04:17:19

# Updated 29/07/2014 by Xplode

# Username : MegaLaptop - MEGALAPTOP-PC

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

~ Activating UAC ... OK

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\MegaLaptop\Desktop\Addition.txt

Deleted : C:\Users\MegaLaptop\Desktop\AdwCleaner.exe

Deleted : C:\Users\MegaLaptop\Desktop\AdwCleaner[s0].txt

Deleted : C:\Users\MegaLaptop\Desktop\esetsmartinstaller_enu.exe

Deleted : C:\Users\MegaLaptop\Desktop\Fixlog.txt

Deleted : C:\Users\MegaLaptop\Desktop\FRST.txt

Deleted : C:\Users\MegaLaptop\Desktop\FRST64.exe

Deleted : C:\Users\MegaLaptop\Desktop\JRT.exe

Deleted : C:\Users\MegaLaptop\Desktop\JRT.txt

Deleted : C:\Users\MegaLaptop\Desktop\RKreport_SCN_02182015_230553.log

Deleted : C:\Users\MegaLaptop\Desktop\RogueKillerX64.exe

Deleted : HKLM\SOFTWARE\AdwCleaner

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #398 [Restore Point Created by FRST | 02/18/2015 11:15:39]

Deleted : RP #399 [Malware Bytes Help Restore Point 1 | 02/18/2015 11:33:32]

Deleted : RP #401 [Restore Point Created by FRST | 02/19/2015 12:16:02]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

 

[LiquidTension]

Hello,
 

Everything is working fine now. Thank you for your help!

Excellent. You're welcome.
 

Do you need me to run the FRST fixist again and get the log again?

No, that's OK.
 
Are you ready for your topic to be marked as solved?

[RonnieDoitch]

Yes thank you.

[Naathim]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!