X
Tap here to go to the mobile version of the site.

Support Forum

Firefox outbound connections to amazon.com

Posted

WHY does my Maleware-Bytes continually have to block attempted outbound connections to various emails at various amazon.com locations.

Most recent example as follows:

Malwarebytes www.malwarebytes.com

-Log Details- Protection Event Date: 3/30/18 Protection Event Time: 11:58 AM Log File: 50dbff14-344c-11e8-a61c-e89a8f9cddb1.json Administrator: Yes

-Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0

-Website Data- Category: Unspecified Domain: katie.runtnc.net IP Address: 34.192.108.247 Port: [55140] Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Scanning does not find the malware which obviously is embedded in: C:\ProgramFiles(x86)MozillaFirefox\firefox.exe

Please respond.

WHY does my Maleware-Bytes continually have to block attempted outbound connections to various emails at various amazon.com locations. Most recent example as follows: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/30/18 Protection Event Time: 11:58 AM Log File: 50dbff14-344c-11e8-a61c-e89a8f9cddb1.json Administrator: Yes -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Unspecified Domain: katie.runtnc.net IP Address: 34.192.108.247 Port: [55140] Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Scanning does not find the malware which obviously is embedded in: C:\ProgramFiles(x86)MozillaFirefox\firefox.exe Please respond.

Chosen solution

Seems my suspicion was correct and you were more than full of nasty things. Yes delete them and reboot as per the program. You can Google the below names and will turn up : TidyNetwork is ad virus FindWide is a virus PlaythruPlayer is adware iWinToolbar is malcious

These were all the things connecting to the net that you were seeing. You should be clean after deleting these things. As well should no longer have that issue.

Always be aware of programs you install that carry other programs they do not tell you about.

Please let us know if this solved your issue or if need further assistance.

Read this answer in context 1

Additional System Details

Installed Plug-ins

  • Shockwave Flash 29.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0

More Information

jscher2000
  • Top 10 Contributor
8767 solutions 71704 answers

Do these blocks only occur while Firefox is running?

One possible culprit would be an extension. You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either:

  • Ctrl+Shift+a (Mac: Command+Shift+a)
  • "3-bar" menu button (or Tools menu) > Add-ons
  • type or paste about:addons in the address bar and press Enter/Return

In the left column of the Add-ons page, click Extensions. Then cast a critical eye over the list on the right side. Any extensions Firefox installs for built-in features are hidden from this page, so everything listed here is your choice (and your responsibility) to manage. Anything suspicious or that you just do not remember installing or why? If you don't know it, remove it. If you can live without it for a day, disable it.

Any improvement?

You also can supplement your Malwarebytes scans with AdwCleaner or another program that may detect different problems. See: Troubleshoot Firefox issues caused by malware.

Do these blocks only occur while Firefox is running? One possible culprit would be an extension. You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either: * Ctrl+Shift+a (Mac: Command+Shift+a) * "3-bar" menu button (or Tools menu) > Add-ons * type or paste '''about:addons''' in the address bar and press Enter/Return In the left column of the Add-ons page, click Extensions. Then cast a critical eye over the list on the right side. Any extensions Firefox installs for built-in features are hidden from this page, so everything listed here is your choice (and your responsibility) to manage. Anything suspicious or that you just do not remember installing or why? If you don't know it, remove it. If you can live without it for a day, disable it. Any improvement? You also can supplement your Malwarebytes scans with AdwCleaner or another program that may detect different problems. See: [[Troubleshoot Firefox issues caused by malware]].

Question owner

Hi jscher2000... I am unsure if Foxfire is 'always' open... I do not recall seeing ever seeing any notice from Malware Bytes immediately upon this happening. I do however get a notice icon on the MB Dashboard and this shows all actions. IF this were an incoming connection attempt I would not be concerned as MB is successfully blocking the action. I found no extensions in my search. HOWEVER, this is an outbound connection attempt and it is coming from Mozilla Firefox, i.e.: C:\ProgramFiles(x86)\MozillaFirefox\firefox.exe FYI, I also run SuperAntiSpyware and Windows Defender and none can find any malware in complete scans. I did however discover an extra line in programs below Mozilla Firefox called mozillafirefox.exe.sig, I found an app which would open this PDF, as Adobe would not and in opening it I found it allows an addition to be added at the end of a command. I deleted this file to no apparent ill.

Hi jscher2000... I am unsure if Foxfire is 'always' open... I do not recall seeing ever seeing any notice from Malware Bytes immediately upon this happening. I do however get a notice icon on the MB Dashboard and this shows all actions. IF this were an incoming connection attempt I would not be concerned as MB is successfully blocking the action. I found no extensions in my search. HOWEVER, this is an outbound connection attempt and it is coming from Mozilla Firefox, i.e.: C:\ProgramFiles(x86)\MozillaFirefox\firefox.exe FYI, I also run SuperAntiSpyware and Windows Defender and none can find any malware in complete scans. I did however discover an extra line in programs below Mozilla Firefox called mozillafirefox.exe.sig, I found an app which would open this PDF, as Adobe would not and in opening it I found it allows an addition to be added at the end of a command. I deleted this file to no apparent ill.

Modified by bdelapp

jscher2000
  • Top 10 Contributor
8767 solutions 71704 answers

Connections may originate from Firefox for a number of reasons. The most common are requests for web pages and their many contents.

Setting those aside, it could be one of the activities listed in this article: How to stop Firefox from making automatic connections. Considering that you have a specific domain that is not associated with Firefox, I don't think it's one of Firefox's routine connections.

So that's why I suggested starting with your extensions. Some do not behave well.

Connections may originate from Firefox for a number of reasons. The most common are requests for web pages and their many contents. Setting those aside, it could be one of the activities listed in this article: [[How to stop Firefox from making automatic connections]]. Considering that you have a specific domain that is not associated with Firefox, I don't think it's one of Firefox's routine connections. So that's why I suggested starting with your extensions. Some do not behave well.

Question owner

jscher2000 said

Connections may originate from Firefox for a number of reasons. The most common are requests for web pages and their many contents. Setting those aside, it could be one of the activities listed in this article: How to stop Firefox from making automatic connections. Considering that you have a specific domain that is not associated with Firefox, I don't think it's one of Firefox's routine connections. So that's why I suggested starting with your extensions. Some do not behave well.

As I have no extensions or add on listed... I'll monitor the actions given I have deleted this extra line. BTW.... how do I check the Mozilla add ons?

''jscher2000 [[#answer-1095890|said]]'' <blockquote> Connections may originate from Firefox for a number of reasons. The most common are requests for web pages and their many contents. Setting those aside, it could be one of the activities listed in this article: [[How to stop Firefox from making automatic connections]]. Considering that you have a specific domain that is not associated with Firefox, I don't think it's one of Firefox's routine connections. So that's why I suggested starting with your extensions. Some do not behave well. </blockquote> As I have no extensions or add on listed... I'll monitor the actions given I have deleted this extra line. BTW.... how do I check the Mozilla add ons?
jscher2000
  • Top 10 Contributor
8767 solutions 71704 answers

The extensions that Firefox retrieves and installs automatically are in this folder (32-bit/64-bit varies):

  • C:\Program Files\Mozilla Firefox\browser\features
  • C:\Program Files (x86)\Mozilla Firefox\browser\features
The extensions that Firefox retrieves and installs automatically are in this folder (32-bit/64-bit varies): * C:\Program Files\Mozilla Firefox\browser\features * C:\Program Files (x86)\Mozilla Firefox\browser\features

Question owner

jscher2000 said

The extensions that Firefox retrieves and installs automatically are in this folder (32-bit/64-bit varies):
  • C:\Program Files\Mozilla Firefox\browser\features
  • C:\Program Files (x86)\Mozilla Firefox\browser\features

Are you familiar with the additional folder I found and deleted? C:\ProgramFiles(X86)MozillaFirefox\firefox.exe.sig which was listed in files right below C:\ProgramFiles(X86)MozillaFirefox\firefox

''jscher2000 [[#answer-1095894|said]]'' <blockquote> The extensions that Firefox retrieves and installs automatically are in this folder (32-bit/64-bit varies): * C:\Program Files\Mozilla Firefox\browser\features * C:\Program Files (x86)\Mozilla Firefox\browser\features </blockquote> Are you familiar with the additional folder I found and deleted? C:\ProgramFiles(X86)MozillaFirefox\firefox.exe.sig which was listed in files right below C:\ProgramFiles(X86)MozillaFirefox\firefox
jscher2000
  • Top 10 Contributor
8767 solutions 71704 answers

I have a firefox.exe.sig file, yes. It may be used to verify that firefox.exe has not changed since it was compiled. However, I haven't researched it.

Note: It may or may not be helpful in your investigation to stop Windows from hiding file extensions. See: https://www.bleepingcomputer.com/tutorials/how-to-show-file-extensions-in-windows/

I have a firefox.exe.sig file, yes. It may be used to verify that firefox.exe has not changed since it was compiled. However, I haven't researched it. Note: It may or may not be helpful in your investigation to stop Windows from hiding file extensions. See: https://www.bleepingcomputer.com/tutorials/how-to-show-file-extensions-in-windows/

Question owner

jscher2000 said

I have a firefox.exe.sig file, yes. It may be used to verify that firefox.exe has not changed since it was compiled. However, I haven't researched it. Note: It may or may not be helpful in your investigation to stop Windows from hiding file extensions. See: https://www.bleepingcomputer.com/tutorials/how-to-show-file-extensions-in-windows/

OK... thanks and I'll keep you updated...

''jscher2000 [[#answer-1095901|said]]'' <blockquote> I have a firefox.exe.sig file, yes. It may be used to verify that firefox.exe has not changed since it was compiled. However, I haven't researched it. Note: It may or may not be helpful in your investigation to stop Windows from hiding file extensions. See: https://www.bleepingcomputer.com/tutorials/how-to-show-file-extensions-in-windows/ </blockquote> OK... thanks and I'll keep you updated...

Question owner

bdelapp said

jscher2000 said
Connections may originate from Firefox for a number of reasons. The most common are requests for web pages and their many contents. Setting those aside, it could be one of the activities listed in this article: How to stop Firefox from making automatic connections. Considering that you have a specific domain that is not associated with Firefox, I don't think it's one of Firefox's routine connections. So that's why I suggested starting with your extensions. Some do not behave well.

As I have no extensions or add on listed... I'll monitor the actions given I have deleted this extra line. BTW.... how do I check the Mozilla add ons?

Hey JS... back again... although I deleted the firefox.exe.sig line and this seem to stop the outbound connection attempts for one day, the next day it is back again, this time using the fourth domain / website. Amazon in Oregon, Customtrck.com, the Katie.runtnc.net, now :

-Website Data- Category: Unspecified Domain: umekana.ru IP Address: 88.85.84.123 Port: [60713] Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

I have 'searched' Mozilla with search, and by hand each fold / file and I cannot find where this bug is located.

Is there any way to contact Mozilla for help?

''bdelapp [[#answer-1095892|said]]'' <blockquote> ''jscher2000 [[#answer-1095890|said]]'' <blockquote> Connections may originate from Firefox for a number of reasons. The most common are requests for web pages and their many contents. Setting those aside, it could be one of the activities listed in this article: [[How to stop Firefox from making automatic connections]]. Considering that you have a specific domain that is not associated with Firefox, I don't think it's one of Firefox's routine connections. So that's why I suggested starting with your extensions. Some do not behave well. </blockquote> As I have no extensions or add on listed... I'll monitor the actions given I have deleted this extra line. BTW.... how do I check the Mozilla add ons? </blockquote> Hey JS... back again... although I deleted the firefox.exe.sig line and this seem to stop the outbound connection attempts for one day, the next day it is back again, this time using the fourth domain / website. Amazon in Oregon, Customtrck.com, the Katie.runtnc.net, now : -Website Data- Category: Unspecified Domain: umekana.ru IP Address: 88.85.84.123 Port: [60713] Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe I have 'searched' Mozilla with search, and by hand each fold / file and I cannot find where this bug is located. Is there any way to contact Mozilla for help?
jscher2000
  • Top 10 Contributor
8767 solutions 71704 answers

This is Mozilla help! To remove a possible program folder infection, we usually suggest:

Clean Reinstall

We use this name, but it's not about removing your settings, it's about making sure the program files are clean (no inconsistent or alien code files). As described below, this process does not disturb your existing settings. It's not essential to uninstall Firefox, but you can if you like, saying No to any request about removing personal data.

It only takes a few minutes.

(A) Download a fresh installer for Firefox to a convenient location:

https://www.mozilla.org/firefox/all/

(B) Exit out of Firefox (if applicable).

If you use Microsoft Office, please change your default browser to Internet Explorer before the next step.

(C) Using Windows Explorer/My Computer (hold down the Windows key and press E to launch it), right-click > rename the program folder as follows (you might have one or both):

C:\Program Files (x86)\Mozilla Firefox =to=> C:\Program Files (x86)\OldFirefox

C:\Program Files\Mozilla Firefox =to=> C:\Program Files\OldFirefox

(D) Run the installer you downloaded in step (A). It should automatically connect to your existing settings.

Any improvement?

This is Mozilla help! To remove a possible program folder infection, we usually suggest: '''Clean Reinstall''' We use this name, but it's not about removing your settings, it's about making sure the program files are clean (no inconsistent or alien code files). As described below, this process does not disturb your existing settings. It's not essential to uninstall Firefox, but you can if you like, saying No to any request about removing personal data. It only takes a few minutes. (A) Download a fresh installer for Firefox to a convenient location: https://www.mozilla.org/firefox/all/ (B) Exit out of Firefox (if applicable). ''If you use '''Microsoft Office''', please change your default browser to Internet Explorer before the next step.'' (C) Using Windows Explorer/My Computer (hold down the Windows key and press E to launch it), right-click > rename the program folder as follows (you might have one or both): C:\Program Files (x86)\Mozilla Firefox =to=> C:\Program Files (x86)\OldFirefox C:\Program Files\Mozilla Firefox =to=> C:\Program Files\OldFirefox (D) Run the installer you downloaded in step (A). It should automatically connect to your existing settings. Any improvement?

Question owner

???? I thought my default browser was Mozilla Firefox???? Do you mean Microsoft Edge rather than IE?

???? I thought my default browser was Mozilla Firefox???? Do you mean Microsoft Edge rather than IE?
jscher2000
  • Top 10 Contributor
8767 solutions 71704 answers

bdelapp said

???? I thought my default browser was Mozilla Firefox???? Do you mean Microsoft Edge rather than IE?

Do you use the Microsoft Office suite? If so, changing your system's default browser to something else is a precaution to avoid the problem described in this article that can occur when you uninstall your default browser: https://www.slipstick.com/problems/this-operation-has-been-cancelled-due-to-restrictions/

''bdelapp [[#answer-1097226|said]]'' <blockquote> ???? I thought my default browser was Mozilla Firefox???? Do you mean Microsoft Edge rather than IE? </blockquote> Do you use the Microsoft Office suite? If so, changing your system's default browser to something else is a precaution to avoid the problem described in this article that can occur when you uninstall your default browser: https://www.slipstick.com/problems/this-operation-has-been-cancelled-due-to-restrictions/

Question owner

OK... so I have 'turn windows features on and off'... so I check IE 11 and hit ok?

OK... so I have 'turn windows features on and off'... so I check IE 11 and hit ok?

Question owner

FYI... I already downloaded the 'installer' to desktop

FYI... I already downloaded the 'installer' to desktop

Question owner

On the C: drive I have program files (x86)MozillaFirefox... is the Mozilla Firefox the folder I rename?

On the C: drive I have program files (x86)MozillaFirefox... is the Mozilla Firefox the folder I rename?
jscher2000
  • Top 10 Contributor
8767 solutions 71704 answers

bdelapp said

OK... so I have 'turn windows features on and off'... so I check IE 11 and hit ok?

Sorry, I don't use Windows 10. If you start IE and go to its Options dialog (tap Alt, Tools, Internet Options), Program tab, you can have IE make itself the default.

bdelapp said

On the C: drive I have program files (x86)MozillaFirefox... is the Mozilla Firefox the folder I rename?

Yes. If you have either program folder, rename it so that both are hidden from the installer and you get a clean install.

''bdelapp [[#answer-1097234|said]]'' <blockquote> OK... so I have 'turn windows features on and off'... so I check IE 11 and hit ok? </blockquote> Sorry, I don't use Windows 10. If you start IE and go to its Options dialog (tap Alt, Tools, Internet Options), Program tab, you can have IE make itself the default. ''bdelapp [[#answer-1097244|said]]'' <blockquote> On the C: drive I have program files (x86)MozillaFirefox... is the Mozilla Firefox the folder I rename? </blockquote> Yes. If you have either program folder, rename it so that both are hidden from the installer and you get a clean install.

Question owner

Sorry, I had to run yesterday. FYI, in reviewing the situation, I have had no more 'outbound connection' attempts since I deleted the extra (x86) Mozilla folder with the .sig. I will let this go for a few days, monitor it and IF I began to have the problem again, I will follow your instructions and do a 'clean install'. Thanks for all the help. Bruce

Sorry, I had to run yesterday. FYI, in reviewing the situation, I have had no more 'outbound connection' attempts since I deleted the extra (x86) Mozilla folder with the .sig. I will let this go for a few days, monitor it and IF I began to have the problem again, I will follow your instructions and do a 'clean install'. Thanks for all the help. Bruce
Shadow110 1072 solutions 14836 answers

Hi, just to be on the safe side please scan with https://www.hitmanpro.com/ install as 1 X only use.

Just in case Malwarebytes misses stuff and it does as I have the program also.

Keep us posted regarding the issue and if it is Solved please Mark the Solution that was the Answer. Thank You.

Hi, just to be on the safe side please scan with https://www.hitmanpro.com/ install as 1 X only use. Just in case Malwarebytes misses stuff and it does as I have the program also. Keep us posted regarding the issue and if it is Solved please Mark the Solution that was the Answer. Thank You.

Question owner

Pkshadow said

Hi, just to be on the safe side please scan with https://www.hitmanpro.com/ install as 1 X only use. Just in case Malwarebytes misses stuff and it does as I have the program also. Keep us posted regarding the issue and if it is Solved please Mark the Solution that was the Answer. Thank You. Hi PK... although I have had no more connection attempts since deleting the additional Mozilla file... I downloaded and ran Hitmanpro... You take a look and tell me. [code] HitmanPro 3.8.0.292 www.hitmanpro.com Computer name . . . . : SILLYGOOSE Windows . . . . . . . : 10.0.0.16299.X64/2 User name . . . . . . : SILLYGOOSE\bdela UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (31 days left) Scan date . . . . . . : 2018-04-08 14:24:12 Scan mode . . . . . . : Normal Scan duration . . . . : 7m 22s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 44 Traces . . . . . . . : 59 Objects scanned . . . : 1,533,211 Files scanned . . . . : 24,646 Remnants scanned . . : 249,070 files / 1,259,495 keys Malware remnants ____________________________________________________________ HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide) -> Deleted Potential Unwanted Programs _________________________________________________ C:\Program Files (x86)\TidyNetwork\ (TidyNetwork) -> Deleted C:\Windows\Installer\SourceHash{83245CDF-A15E-49E9-BE6D-AC32E96FCE78} (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Classes\Installer\Features\FDC54238E51A9E94EBD6CA239EF6EC87\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Classes\Installer\Products\FDC54238E51A9E94EBD6CA239EF6EC87\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\05BB5577539F40A4FAFEC6F91EE8AABC\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}\ (eShield) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}\ (eShield) -> Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\05BB5577539F40A4FAFEC6F91EE8AABC\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9572D7ACDEFC6D641ACD40531DD57FEF\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9EC3568A82CC21844A5215886D0967F5\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3AC66B3A4190F84ABE042AF8E3D7BAD\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD81C503E13D00B408488B81D6FB83F0\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDC54238E51A9E94EBD6CA239EF6EC87\ (PlaythruPlayer) -> Deleted HKU\.DEFAULT\Software\iWinArcade\ (iWinToolbar) -> Deleted HKU\S-1-5-18\Software\iWinArcade\ (iWinToolbar) -> PendingDelete
''Pkshadow [[#answer-1098051|said]]'' <blockquote> Hi, just to be on the safe side please scan with https://www.hitmanpro.com/ install as 1 X only use. Just in case Malwarebytes misses stuff and it does as I have the program also. Keep us posted regarding the issue and if it is Solved please Mark the Solution that was the Answer. Thank You. Hi PK... although I have had no more connection attempts since deleting the additional Mozilla file... I downloaded and ran Hitmanpro... You take a look and tell me. [code] HitmanPro 3.8.0.292 www.hitmanpro.com Computer name . . . . : SILLYGOOSE Windows . . . . . . . : 10.0.0.16299.X64/2 User name . . . . . . : SILLYGOOSE\bdela UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (31 days left) Scan date . . . . . . : 2018-04-08 14:24:12 Scan mode . . . . . . : Normal Scan duration . . . . : 7m 22s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 44 Traces . . . . . . . : 59 Objects scanned . . . : 1,533,211 Files scanned . . . . : 24,646 Remnants scanned . . : 249,070 files / 1,259,495 keys Malware remnants ____________________________________________________________ HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide) -> Deleted Potential Unwanted Programs _________________________________________________ C:\Program Files (x86)\TidyNetwork\ (TidyNetwork) -> Deleted C:\Windows\Installer\SourceHash{83245CDF-A15E-49E9-BE6D-AC32E96FCE78} (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Classes\Installer\Features\FDC54238E51A9E94EBD6CA239EF6EC87\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Classes\Installer\Products\FDC54238E51A9E94EBD6CA239EF6EC87\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\05BB5577539F40A4FAFEC6F91EE8AABC\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}\ (eShield) -> Deleted HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}\ (eShield) -> Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\05BB5577539F40A4FAFEC6F91EE8AABC\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9572D7ACDEFC6D641ACD40531DD57FEF\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9EC3568A82CC21844A5215886D0967F5\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3AC66B3A4190F84ABE042AF8E3D7BAD\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD81C503E13D00B408488B81D6FB83F0\ (PlaythruPlayer) -> Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDC54238E51A9E94EBD6CA239EF6EC87\ (PlaythruPlayer) -> Deleted HKU\.DEFAULT\Software\iWinArcade\ (iWinToolbar) -> Deleted HKU\S-1-5-18\Software\iWinArcade\ (iWinToolbar) -> PendingDelete </blockquote>
Shadow110 1072 solutions 14836 answers

Chosen Solution

Seems my suspicion was correct and you were more than full of nasty things. Yes delete them and reboot as per the program. You can Google the below names and will turn up : TidyNetwork is ad virus FindWide is a virus PlaythruPlayer is adware iWinToolbar is malcious

These were all the things connecting to the net that you were seeing. You should be clean after deleting these things. As well should no longer have that issue.

Always be aware of programs you install that carry other programs they do not tell you about.

Please let us know if this solved your issue or if need further assistance.

Seems my suspicion was correct and you were more than full of nasty things. Yes delete them and reboot as per the program. You can Google the below names and will turn up : TidyNetwork is ad virus FindWide is a virus PlaythruPlayer is adware iWinToolbar is malcious These were all the things connecting to the net that you were seeing. You should be clean after deleting these things. As well should no longer have that issue. Always be aware of programs you install that carry other programs they do not tell you about. Please let us know if this solved your issue or if need further assistance.