constant error/security messages in firefox, and more

Discussion in 'Malware Help (A Specialist Will Reply)' started by manfromchiron, Apr 8, 2013.

  1. manfromchiron

    manfromchiron Private E-2

    this morning I went downstairs, leaving facebook open, to get coffee.. when I returned 10 min later, I had a pc in the midst of error checking a failed reboot and attempting to start a sys restore.. I was unable to cancel the error check. After about 15 min with nothing more happening, and no end to the check, I shut down. 2-3 attempts at reboot continued to fail. I removed cmos and hard restarted.. np :)
    I'm now getting error messages for most websites I try to go to, a firefox security message :


    This Connection is Untrusted


    You have asked Firefox to connect
    securely to www.facebook.com, but we can't confirm that your connection is secure.
    Normally, when you try to connect securely,
    sites will present trusted identification to prove that you are
    going to the right place. However, this site's identity can't be verified.


    What Should I Do?

    If you usually connect to
    this site without problems, this error could mean that someone is
    trying to impersonate the site, and you shouldn't continue.

    that looks like the above appears, I even got a few of them from coming here, and in the download process of obtaining the tools to do a pc clean

    I'm running win 7 home on an AMD quad with 6gig of ram
    after the hard restart I didn't reset the time/date and so the dates will reflect 1/22/2010.. please lol and ignore that

    I don't know what, if anything is happening or what I might have let get into my pc. I seriously appreciate that you are here to help, thanks so much

    Kelly
     

    Attached Files:

    manfromchiron, Apr 8, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Nope we cannot ignore this because this is probably why you are having a problem. Security certificates rely on having the date/time of your PC correct. Fix it and tell us if you are still having a problem.
     
    chaslang, Apr 10, 2013
    #2
  3. manfromchiron

    manfromchiron Private E-2

    Thank you for the response, I reset the time/date.

    it seemed ok for a day or so, but it restarts (following ?) in the night or when I'm out of the room.
    sometimes it won't reboot following a shutdown. I get the error message that windows failed to shut dwn properly etc.. regardless of what I do, it cycles booting without ever fully starting, and freezes in random spots during the boot process.
    I ran a system restore and even though I got the message that sys restore was unable to finish due to error, on the second try, it apparently did restore to a point where it will now restart.

    I don't know what's wrong with it, but this looks like one of the virus types that won't let your pc boot. I've lost a few computers (my kids ) to those, but never had trouble with my own this way.

    since it's running right now, I'm going to be busy saving all my files to disk tonight..
     
    manfromchiron, Apr 12, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I don't know what you mean " following ? "

    These problems do not sound like malware but let's remove some misc junk you have and see what happens.


    Please download OTM by Old Timer and save it to your Desktop.
    • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe

 
:Files
C:\Users\KCD\AppData\Local\ArcadeCandy\candyUpdater.exe
C:\Users\KCD\AppData\Local\ArcadeCandy
C:\Program Files (x86)\4shared Toolbar
C:\Windows\TEMP\*.*
C:\Users\KCD\AppData\Local\Temp\*.*
:Reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2BB8C53A-4A40-46A5-BFBD-AFF83E7C9AAF}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{12995981-2FD6-4BEE-9FB0-B1674E8E5E7E}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2BB8C53A-4A40-46A5-BFBD-AFF83E7C9AAF}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95525BD9-6136-4A26-8263-9CEE295D442D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AAA9C380-E19A-4436-88F6-02942C31CC9E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AAA9C381-E19A-4436-88F6-02942C31CC9E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D74CCC9B-C87E-49B8-B686-5DFEED1CCF08}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A2F3646F-8BEE-4D69-856A-8434159A6E9E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D74CCC9B-C87E-49B8-B686-5DFEED1CCF08}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}]
[-HKEY_USERS\S-1-5-21-3049469855-3706590364-2643730211-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2F3646F-8BEE-4D69-856A-8434159A6E9E}]
[-HKEY_USERS\S-1-5-21-3049469855-3706590364-2643730211-1001\Software\Softonic]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.txt log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Apr 16, 2013
    chaslang, Apr 15, 2013
    #4
  5. manfromchiron

    manfromchiron Private E-2

    I want to start with thank you :) I've been raising kids and keeping them in pc's for over 20 years, and as you know, a lot of things have changed. Since win7 I haven't kept up and it's a lot different than XP was in admin ways. So, I really appreciate all you guys do to help us, thank you.

    So.. after I ran the original set of malware scans, it seemed ok, but I was leary. I turned the UAC back on and set it to the highest setting. for the last three days this pc has randomly restarted, not always successfully. I hadn't been able to see anything in particular that indicated why it was doing this, but it was often when, or if I stepped out of the room and was away from the screen. I kept finding it in the middle of a restart, or the 3rd or 4th one in a row. The disk check program that runs by default often won't run, it freezes, or simply blanks out and restarts..again.

    Today however, I got a pop up asking if I wanted the User account control to make changes to the hard drive, to which I said no. That was just before I opened my email and saw your reply to my thread, so I followed the instructions.
    when I ran OTM and it asked for a restart, it took about 4 attempts to get fully booted up again. After the first failed start, I opted for the default repair and was informed that the program failed to finish in a popup that only offered to shut down the pc. the next two tries were similar, first opted for normal start, then repair, which after blanking out to black screen twice, finally seemed to work and then, it didn't. I tried one more time and it fitfully booted up.

    I didn't have to restart again for the other two scans, so I'm running at the moment, :) we'll see how it goes and I'll let you know if the problem persists and will watch for your reply if you see anything in the logs.

    the pattern of failure seems familiar except that in the past, I would have been locked out of being able to boot by now, so Idk if this is a virus or not
     

    Attached Files:

    manfromchiron, Apr 17, 2013
    #5
  6. manfromchiron

    manfromchiron Private E-2

    to update further; This morning when I woke, my pc was shut down. I'd left it on last night with music playing as is usual. I play long youtube sleep music vids that are 8 hrs in length or more for the ambiance at night.

    it booted up fine but I am noticing 2 things. 1. the menu options that appear when the pc has shut itself down have 2 different versions. this morning's option was the second version which looks more like the old xp offering with more than just two options, ie repair, safe mode, or normal start.. this pc has never offered that option (safe mode) in the power loss configuration when rebooting, until recently that is, and it isn't consistent. about half the time it offers only two options repair, or normal start.
    2. the second thing is a java update that always pops up after a reboot, asking to make changes to the hard drive initiated from user account control. usually it hasn't had that designation but asked if jucheck.exe may make those changes.. I've never allowed this update to process, and only noticed the difference in the last week .

    I don't know if this helps, but it's the latest odd or different things I've noticed.
     
    manfromchiron, Apr 17, 2013
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm sorry but none of the troubles you are mentioning sound like malware problems. And the items we have found and removed thus far are basically just nuisance junkware/adware which I do not believe would cause the problems you are having. We do have some additional junk to cleanup.

    I suggest that you uninstall Firefox and reboot. After reboot, delete the below folders:

    C:\Users\KCD\AppData\Roaming\Mozilla\Firefox
    C:\Program Files (x86)\Mozilla Firefox

    If you do not remove the above folders before reinstalling Firefox, the junk in Firefox will come right back. You can redownload and install Firefox from the below link:

    Mozilla Firefox 20.0.1 Final


    What is the below for?
    C:\Program Files (x86)\n52te\n52teHid.exe


    Uninstall the below old versions of Java:
    Java 7 Update 9
    Java(TM) 6 Update 23
    Java(TM) 6 Update 27 (64-bit)

    Now install the current version of Sun Java from: Sun Java Runtime Environment


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O3 - Toolbar: 4shared Toolbar - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files (x86)\4shared Toolbar\4sharedbar.dll (file missing)
    O8 - Extra context menu item: &4shared Search - res://C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll/MENUSEARCH.HTM

    After clicking Fix, exit HJT.
     
    Last edited: May 9, 2013
    chaslang, Apr 19, 2013
    #7
  8. manfromchiron

    manfromchiron Private E-2

    ok.. did what you requested, and the next morning..crash

    I was unable to restart pc at all.. just an endless trip through the reboot screens, regardless of what I tried it made no difference.. I finally in utter frustration ran a complete sys recovery to restore to factory.. unfortunately I didn't have (and still don't) a factory set of disks for this and used the recovery tool

    for a couple of weeks..no problems at all, now it's at it again.. I changed to Panda cloud for my anti virus after the recovery and downloaded the tools in the list except for malwarebytes antimalware cuz I honestly don't have the $24.. I haven't had a job in two years

    I ran some scans today.. I get the same message from both RKiller and Gmer.. I have an MBR error.. I looked up what that is, and understand I most likely imported the error with the recovery. I also understand that fixing this is beyond my limited ability

    I'll attach the rk report, and in the meantime I'm asking hp for a recovery disk so I can at least recover the system to original
     

    Attached Files:

    manfromchiron, May 8, 2013
    #8
  9. manfromchiron

    manfromchiron Private E-2

    I'm going to update once more.

    Every time this pc shuts down or restarts for any reason, it is having trouble resatrting.. if it sits unattended fro any length of time, it is prone to shutting down, there are only error logs in the "view file" nothing specific.

    the only way I was and am able to get this thing rebooted fully, is to remove the battery on the board and wait at least 10 min, or so

    I don't have a cd, this machine didn't come with one

    then after I reset the date time, I can log into the net.. interestingly I can access this site without resetting, although to get to the link for the thread I have to, in order to log into yahoo.mail ..

    so far, hard reset is working.. once the cycle starts, most system functions during the boot fail to work, sys restore won't run, and most processes simply stop at some random point in the boot sequence and it begins again, the only way to shut down is manually

    I don't know if that helps at all, but it's the same things I've been dealing with since this began
     
    manfromchiron, May 9, 2013
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Malwarebytes is free to use the scan only version. You don't need to purchase anything. We don't need a log from it anyway, because as I stated earlier, your problems are not due to malware. You should try posting in the Hardware Forum ( or possibly Software Forum ).


    Are you referring to the below item in RogueKiller? If so, it is not a problem.

    Error reading LL2 MBR!
     
    chaslang, May 10, 2013
    #10
  11. manfromchiron

    manfromchiron Private E-2

    that's sure odd, I don't have ANY software installed aside from what came from here on this site, ie; firefox, chrome, pandacloud etc.. literally nothing

    so long as I never allow a shut down, or sleep situation in any way, I have no problems.. every problem I do have can be cured by resetting the CMOS

    I don't understand, but then, if I did, I'd have fixed it in the first place.. thanks anyway, I appreciate the help
     
    manfromchiron, May 13, 2013
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, May 13, 2013
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds