Over 1 million tech questions and answers.

Firefox opens random tabs / redirects sites

Q: Firefox opens random tabs / redirects sites

Hi,

I recently had a virus/rootkit or some type of malware installed on my computer. Basically because I accidentally clicked yes to one of those "you're computer is infected" links. I ran Malwarebytes and AD-Aware before hand and I thought I got rid of everything, unfortunately I did not as Firefox still opens random tabs.

I read the first steps, my logs are attached below. Unfortunately I do not have a Windows Install CD, I think it's forever lost somewhere.

I read the previous posts similar to mine but was not able to figure out what exactly to do. Any help would be greatly appreciated!




DDS (Ver_10-03-17.01) - NTFSx86
Run by Gov at 18:12:00.67 on Thu 05/13/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1727 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WLANExt.exe
C:\Users\Gov\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Gov\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sony.com/vaiopeople
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun: [5418] c:\users\gov\appdata\local\temp\lcibai.exe
StartupFolder: c:\users\gov\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mife85~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\gov\appdata\roaming\mozilla\firefox\profiles\7e26hxr9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seekingalpha.com
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\gov\appdata\roaming\mozilla\firefox\profiles\7e26hxr9.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\gov\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\gov\appdata\roaming\mozilla\firefox\profiles\7e26hxr9.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\gov\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-31 64288]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2008-2-26 21408]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-2 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-2 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-13 242896]
R1 SolDisk;SolDisk;c:\windows\system32\drivers\soldisk.sys [2009-1-8 38344]
R1 SolFS;SolFS;c:\windows\system32\drivers\solfs.sys [2009-1-8 285256]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-16 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-16 308064]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2008-4-24 125440]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-31 30152]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-4-24 17920]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-2-26 28464]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-3 3668480]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2008-2-26 75392]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2008-2-26 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-2-26 9344]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2008-2-26 14720]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-2-26 812544]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2008-4-24 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2008-4-24 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2008-4-24 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-2-26 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-2-26 79136]

=============== Created Last 30 ================

2010-05-05 03:08:10 0 d-----w- c:\users\gov\appdata\roaming\Malwarebytes
2010-05-05 03:08:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 03:08:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 03:08:03 0 d-----w- c:\programdata\Malwarebytes
2010-05-05 03:08:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 03:02:35 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-05-05 03:02:35 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-05-05 03:02:35 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-05-05 03:02:27 48 ----a-w- c:\windows\wininit.ini
2010-05-05 02:27:21 20 ----a-w- c:\windows\sd
2010-05-04 21:57:49 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-05-04 21:57:49 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-05-04 21:57:49 100880 ----a-w- c:\windows\system32\Packet.dll

==================== Find3M ====================

2010-04-20 19:53:16 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-11 22:49:04 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-11 22:49:04 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-11 22:49:04 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-16 22:47:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 22:47:19 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-13 04:57:59 94573 ----a-w- c:\users\gov\appdata\roaming\nvModes.dat
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:39:35 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2008-06-17 06:16:16 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-05-06 03:17:48 88 --sh--r- c:\windows\system32\FDF6CA62CF.sys
2008-05-06 03:18:39 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 18:13:23.42 ===============

RELEVANCY SCORE 200
Preferred Solution: Firefox opens random tabs / redirects sites

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Firefox opens random tabs / redirects sites

Hi ettes and welcome to TSF.

If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

** Note: Please stick with me until I declare that your system is free from malware. Even though your system may not have any symptoms of malware, it may still be infected. **

--------------------------------------------------------------
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions HERE.

Reply back with the following: C:\ComboFix.txt

Read other 19 answers
RELEVANCY SCORE 111.6

Internet explorer won't stop opening tabs unless I end the process.
Also the internet settings for IE keep changing to accept all cookies and I don't use IE ever.
While surfing the internet Firefox opens a new window to random websites or ads and sometimes blank pages with a changing url similar to these two:
(Urls are really long so I'll only post part of it)

Code:
http://77.93.75.150/dot.gif/?ver=120&cmp=profiling4&uid=
Code:
http://82.98.235.113/dot.gif/?ver=120&cmp=profiling4&uid=
I found this within the urls if it helps any.

Code:
www.google.com%2Fsearch%3Fq=rundll32.exe
Also when I shut down my PC an end task window appears labeled SuperMwindow
and when my PC boots up, a window appears saying:
Windows Drive not ready
Exception Processing Message
c00000a3 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c
asking me to continue cancel or try again
I'm new here and I don't know what's going on Please Help

I read the the first sticky and and downloaded Hijackthis
Here's the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:06 PM, on 1/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common F... Read more

A:IE tabs won't stop opening, FireFox opens up random sites

Read other 16 answers
RELEVANCY SCORE 109.6

Hi,A couple days ago I got a virus or something that would pop up a fake Windows AntiSpyware (don't remember exact name) program. I was finally able to get rid of it using AVG and MalwareByte's Anti-Malware.Now Firefox will open up random tabs on it's on (don't have to click on anything) and when I click on links sometimes it will redirect me for like 5 clicks of the link and then after that allow me to go to the site and then it will repeat this action maybe 10 minutes later.It also will not let me go to the microsoft update site (in IE and Firefox), and when I search w i n d o w s u p d a t e . m i c r o s o f t (without the spaces) in google or any text field that I submit (tried it in a forum) (in IE or Firefox) it will just bring up a page that says connection was reset or page failed to load. I have also tried it in safe mode and I get the same symptoms.I have tried running MalwareByte's Anti-Malware, Spybot S&D, AVG, and HJT. At one time MalwareBtyes said something about a tcipip.sys thing but I don't remember too much about what was wrong.I followed the prep guide but I cannot get a full gmer scan to run. It either just restarts my computer, freezes, shuts down the program, or locks down my computer (have to do a hard reset).Thanks for any and all helpEDIT: One of the pop-up tabs lingered on a site for a second before going to an ad site, the url of this site was..hxxp://apachejct.com/key/?qs=9434cd09aed34cc216c628c7eac958b4aa78b00b6706ac1a... Read more

A:Firefox opens random tabs and redirects, blocks microsoft update - rootkit?

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 8 answers
RELEVANCY SCORE 108.4

Ok so i've noticed that firefox randomly will open ad pages in new tabs and redirect my google searches.

I have run complete scans with superantisypware, avira, spybot, malwarebytes, iobit security 360 and inbuilt windows malware scanner. Some of which came up with detections which i got rid yet the problem remains. I tried to restore my comp but it failed, obviously one of the malwares clever tricks.

Here is my DDS log. The attach.txt file is attached but i could not get the GMER rootkit scanner to work. It would complete the scan but as soon as i tried to save it it would give a blue screen and restart...not good i would say. So hence i dont have an ark.txt.

Really starting to worry. I read that these things are usually to direct internet traffic to specific sites to increase ad revenue for the malware people. I havn't done any internet banking cos i am not that foolish but is there much of a chance they will get control of my gmail or facebook accounts? How paranoid should i be in terms of infections spreading to other networked computers and external hard drives?


DDS (Ver_09-12-01.01) - NTFSx86
Run by Darren at 16:35:42.58 on Wed 13/01/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3323.2523 [GMT 10.5:30]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system... Read more

A:Due to adware/spyware/malware firefox opens random tabs and google redirects pages

BUMP, please

Read other 12 answers
RELEVANCY SCORE 95.6

Internet Security 2012 appeared while I was streaming a football game on Sunday.
Ran Malawarebtyes and removed some files.

Now getting random tabs opening.

Can't not access windows updates or update windows security essentials..

Computer froze when running DDS

Here is the log from GMER.

A:Browser Opens Random Tabs & Redirects

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-20 19:48:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250310AS rev.3.ADA
Running: fwwj8zmk.exe; Driver: C:\DOCUME~1\Nate\LOCALS~1\Temp\kwldapob.sys
---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB0C59640]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9542000, 0x18FE04, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F5000A
.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F6000A
.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F4000C

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft C... Read more

Read other 3 answers
RELEVANCY SCORE 94.4

When I'm browsing the internet with Firefox, strange sites (like yellowmoxie.com) will open in new tabs randomly. This happens without any input from me at all.

I'm also having problems with Vista failing to boot when I start-up (requiring a few attempts) and Vista crashing usually once a day. I have posted about that in Windows support forum, but the two problems started happening at the same time.

I have tried system restore 3 times, but it hasn't worked to fix any of my problems.

Please help.

------------------------------------------------------------
? OS - Vista SP1
? x86 (32-bit)
? What was original installed OS on system? Vista SP1
? Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? OEM
? Age of system (hardware) 2 years
? Age of OS installation - have you re-installed the OS? 2 years. No.
? CPU - AMD Athlon X2 Dual-Core QL-60 1.90 GHz
? Video Card - ATI Radeon 3100
? MotherBoard - ???
? Power Supply (brand & wattage) - Toshiba, 65 W
Access

-------------------------------------------------------

DDS (Ver_10-12-12.02) - NTFSx86
Run by Kyle at 1511.10 on 08/02/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.1789.860 [GMT -8:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defend... Read more

A:Firefox Opens Strange Sites in New Tabs Without Input

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please download and run the programs in the order below.


TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue

If a suspicious file is detected, the default action will be Skip, click on Continue

If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware ... Read more

Read other 2 answers
RELEVANCY SCORE 92.4

This started about a week ago. I get popups like this: http://i.imgur.com/woPGCeq.png (screenshot) and webpages all stick double-underlined links into their text like this: http://i.imgur.com/w0zDkVW.png (screenshot).
 
I ran Malwarebytes, it removed a bunch of stuff, but apparently not what is causing these symptoms. Here's my log:
 Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.14.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476MacFall :: MACFALL-PC [administrator]12/14/2013 12:58:10 PMmbam-log-2013-12-14 (12-58-10).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 222271Time elapsed: 9 minute(s), 46 second(s)Memory Processes Detected: 1C:\ProgramData\QuickSet\SK.Enabler\SK.Enabler.exe (PUP.Optional.MultiPlug.A) -&gt; 696 -&gt; No action taken.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 5HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1495795506 (PUP.Optional.MultiPlug.A) -&gt; Quarantined and deleted successfully.HKCU\SOFTWARE\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -&gt; Quarantined and deleted successfully.HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -&gt; Quarantined and deleted successfully.HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -&gt; Quarantined and dele... Read more

A:Firefox opens tabs to sites like "findsection.net". Also, popups. Logs included

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.AdwCleaner created by Xplode.Junkware Removal Tool created by thisisu.
1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.Important: Do not reboot your computer until you complete the next step.
2. Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of... Read more

Read other 5 answers
RELEVANCY SCORE 92.4

Well like it says in the description i have been browsing the web on Firefox and random tabs constantly keep opening with malicious websites.I have ran my avast anti virus a couple of times and it hasn't found anything, i have yet to run Malwarebytes i don't know if that would find anything that avast hasn't. Although i am not much of a computer whiz.Thank you

A:firefox opens random tabs

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appe... Read more

Read other 18 answers
RELEVANCY SCORE 91.6

Greetings!

FF has been removed from computer
IE still has the redirecting errors: opens it own windows, redirects when links are clicked etc

Spybot Search and Destroy, Malwarebytes cannot find any files (ran both in regular and safe modes)(McAfee didn't find anything either)

Prep per guide has been completed (back-ups etc)
DeFogger ran

Attached are logs for DDS (X2) and GMER
RU42
DDS REPORT
DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 17:01:44.89 on Wed 11/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.145 [GMT -8:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\QuickTime\QTTask.e... Read more

A:Redirects from FF and IE links; tabs open to random sites

Hi ru42video,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.Please download TDSSKiller.exe and save it to your desktop.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.comDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install ... Read more

Read other 2 answers
RELEVANCY SCORE 90.4

I have been fighting this thing for weeks now and cannot find it. I have Malwarebytes and iexplore installed from removing System Tool a few moths ago and I am currently running Avira (after ditching AVG when this all happened). To try and solve this I downloaded and ran Hijackthis but it still has not come up with any substantial fix. If you need the log I can attach it easily enough but it has been a dead end to me.

Thank you all for running this site

Andrew
DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 12:08:18.34 on Tue 02/22/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.919 [GMT -6:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Program Fi... Read more

A:Google Redirect & firefox opens new tabs at random

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

Read other 2 answers
RELEVANCY SCORE 90.4

I'm getting random pop-up advertisements for a program called "Registry Defender" which I know for sure is a virus, and several other programs.

I have already scanned my computer with Avast and Malwarebytes and they don't detect any malware. How can I get rid of this virus?

A:Spyware problem: Firefox opens up random tabs

Depending of what your configuration is, the choices may vary, but I would recommend booting up with a LiveCD (i.e. not with your native OS), then scan your hard drive with a few of the online scanners - nowadays most major antivirus vendors offer free online scans. If your LiveCD contains some antivirus software, use that as well.

After that, you could go manually through your Program Files, with the LiveCD nothing will be hidden (or at least you can easily show hidden stuff) and find any file that may have a reference to the "Registry Defender" or any other program that bothers you. Just make sure to erase all instances of them, including from prefetch folders.

If everything fails and you have no earlier restore point to fall back to, there is always an option to re-install the OS, although personally I've never done that in a situation like that - it seems to drastic a move to me.

Read other 6 answers
RELEVANCY SCORE 87.2

Hey everyone, I'm hoping someone might be able to help me. Firefox and IE has been opening new tabs on random link clicks and sometimes without clicking at all. I'm getting links redirected to something with the site name followed by iebvz. (example of what I ran into while creating an account here http://bleepingcomputer.iebvz.com). The link then redirects to Quibids.com. I appreciate the time and assistance provided. Posted below are my DDS results and attach file. I've run malwarebytes, virus software, and spybot which removed mostly cookies and a couple of other "not so nasty" PUPs.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.21.2
Run by Sean at 20:10:50 on 2013-05-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4095.1663 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetwork... Read more

A:Firefox and IE Redirecting or opening new tabs to random sites

Hello Zonablazer I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sam... Read more

Read other 32 answers
RELEVANCY SCORE 86.4

Two days ago I had a dual attack of Antimalware Doctor and Security Suite. I seem to have gotten rid of them with Malwarebytes' Anti-Malware. It was rough, but I made it through.Since then, I am having some issues with Firefox. There are two things happening:1 - A tab will randomly open and go to some website. It's almost always benign - some news site or advert for software. (Recent one was Registry Defender software) If I just close the tab, it goes away and that's that. Happens once an hour or so. I have noticed that whatever my most recent Google search was will be somewhere in the address bar of the rogue tab, as a sort of query.2 - When I Google something and click on links in my search result, I will encounter something that looks like a poll - "Answer this question before going on to your site" - if I go back, then re-click the search result link, the poll question isn't there. I have AVG 9.0 free and it comes up with nothing. AdAware comes up with nothing. Malwarebytes' Anti-Malware comes up with nothing. SUPERAntiSpyware comes up with nothing.I tried to do a System Restore, but OH GOLLY it has been OFF all this time. So there is nothing saved that I can restore to.I uninstalled and reinstalled Firefox. That did not change anything.I deactivated all of the Firefox plugins. That did not change anything.Any advice would be very appreciated!!ETA: Most recent popup @ 1117PM: http://lpgen.info/mylpgen/regscan/64x217827... Read more

A:Firefox tabs opening at random to benign sites - can't figure out why!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 21 answers
RELEVANCY SCORE 85.2

A few days ago, Microsoft Security Essentials (MSE) noticed a threat to my computer. I went to remove/quarantine it, but before I could my computer started acting screwy. Desktop background was deleted. All program shortcuts on my desktop were deleted. IE kept opening by itself (I never use IE), taking me to google-themed websites. I decided to do a System Restore to a day prior to this incident. This seemed to clear up most of the issues, but a few still remain. IE continues to open on its own, and Firefox crashes at seemingly random moments. Any help would be appreciated! Thank you very much.

When I check the history logs of MSE, this is listed: Trojan:Win32/FakeSysdef -Action Taken: Allowed.
I run Win 7.
I use MSE for anti-virus.



.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Jack Package at 9:01:38 on 2011-08-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.1944 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Progr... Read more

A:Possible trojan? IE opens by itself to random sites. Firefox crashes.

I just wanted to say that I'll be traveling to an area with limited internet connection over the next few days. I understand that the Malware Response Team can get backlogged with requests occasionally, but if you happen to respond soon, please be patient with me as I will try to reply as quickly as possible.

Read other 13 answers
RELEVANCY SCORE 83.6

I've recently had many trojans get downloaded onto my computer when AVG crashed while detecting several threats. I remember my pc being locked out where I could not open any programs or task manager unless I download the fake anti-malware program. I had several types but I could only remember anti-malware doctor being present. I removed most of the stuff with malwarebytes, spybot and SUPERantispyware in safe mode but it doesn't seem to get rid of my firefox browser directing me to a random site periodically. I scan multiple times a day and each time I find a trojan which I thought I had already removed. Also GMER.exe seems to freeze whenever I try to scan and my CPU goes to 100% whenever the program is opened.Any help would be much appreciated,- JennyDDS (Ver_10-03-17.01) - NTFSx86 Run by User at 1:56:35.90 on Tue 09/14/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1202 [GMT 10:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.... Read more

A:Firefox opens/redirects to a random ad website randomly, as well as infections with various trojans

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 13 answers
RELEVANCY SCORE 83.6

Firstly, I think I probably got this from some shady porno sites while in private browsing, fwiw

basically, whenever I google stuff using firefox on my laptop (64 bit windows 7, dell xp), oftentimes, when I click on the links, it opens up some random spam website. It takes numerous clicks to actually get the actual link to open. Also, when this doesn't happen, clicking on any google searches redirects the browser to google.com/webhp. I have to exit this tab and open a new tab for google to work after this. Finally, firefox now uses up to 25% of my cpu performance when I check my task manager. So far, these problems only exist on firefox, and IE is fine, but I'd still like to get rid of this possible malware. Thanks!

A:Firefox google redirects to webhp after a search/opens up random links

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

Read other 6 answers
RELEVANCY SCORE 83.6

http://www.bleepingcomputer.com/forums/topic459101.html
as an add-on, firefox in general runs sluggishly

I skipped step 8 in the preparation guide: http://www.bleepingcomputer.com/forums/topic34773.html since I have a 64 bit computer

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Rajiv Desikan at 23:53:58 on 2012-07-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8106.5432 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program... Read more

A:Firefox google redirects to webhp after a search/opens up random links

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 16 answers
RELEVANCY SCORE 83.2

Well, like the title says, Firefox keeps redirecting me to random sites. For instance I clicked on a wikipedia link and got sent to Travelocity.com. This just started happening earlier today, out of nowhere, and it's only Firefox that does this. The last things I remember downloading are Artweaver, Torsion, Notepad++, and Torsion, but that was all maybe over a week ago. I've used Malwarebytes' Anti-Malware and deleted four infected files. I've researched a few other threads but I'm still not exactly sure what I need to do. Can somebody please give me some direction? I'm using Windows XP by the way.
 

A:Mozilla Firefox Redirects to Random Sites

Read other 16 answers
RELEVANCY SCORE 83.2

Recently purchased new laptop this thing has had next to none internet exposure however its seems i've still managed to pick somthing up....

Simply put everytime i open a new search in firefox i'm redirected to sites i've not searched for an example of would be searched facebook clicked on the link and found myself at ebay.. I have installed mcafee security center run a full scan and found nothing i have noticed there is another thread on the forum with the exact same problem so it nice to know i'm not the only person in this boat....

DDS (Ver_09-05-14.01) - NTFSx86
Run by Tim at 23:46:12.16 on 28/05/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.44.1033.18.894.200 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C: ... Read more

A:Browser (firefox) Redirects to random sites.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 81.6

Hi,

I've recently discovered what I believe is a trojan horse, which is hijacking links, and taking me to different sites from the one that I requested. This does not happen every single time, but is obviously causing a lot of worry and stress about whether the sites I am looking at are the correct ones. If anyone could help, that would be very appreciated.

My DDS log:
DDS (Ver_09-05-14.01) - NTFSx86
Run by Matt Tremayne at 10:28:26.65 on 20/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.371 [GMT 1:00]

AV: PC Tools AntiVirus 5.0.0.16 *On-access scanning enabled* (Updated) {832E7172-E406-4BB2-8B19-6D29F2C93A98}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program... Read more

A:Using IE7 or Firefox, clicking on links redirects me to totally random sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 38 answers
RELEVANCY SCORE 78

Hello, I've a new problem. Hope you guys can help me like you did before

Logfile of HijackThis v1.99.1
Scan saved at 22:04:48, on 03-24-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\program files\zango\zango.exe
C:\Documents and Settings\Ronnie\Local Settings\Application Data\Google\SearchWithGoogle\SearchWithGoogle.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Prog... Read more

A:IE opens new windows and Firefox opens new tabs

Read other 9 answers
RELEVANCY SCORE 76

My computer is running Windows XP Home Edition Version 2002 and Service Pack 3My browser is Firefox 3.6.9. Sometimes I use Explorer 8.0.6001.18702.No system changes have been made. It is possible that my house sitter during the summer may have visited one or more porno sites.Almost all the redirection takes place from Google, though about half the time I can get to the desired site. I have also been redirected from Yahoo search. I noticed this morning for the first time that even when I typed in a URL, the browser was redirected. I then closed Firefox and opened Explorer, typed in the URL and went there with no problem. However, redirection from Google happens in Explorer also.Often a new tab will open in Firefox spontaneouslyOften the redirected sites open the window to the full screen, sometimes with audio. Sometimes I can't close the tabs on the redirected sites as new small windows open asking me if I really want to close and I can't simply X them out (for another window will open asking again) and fear to click on anything else. I may then wind up closing the browser using Task Manager.Some of the sites I am redirected to are:removedThe following sites came up repeatedly after recirection so I put them in my "hosts" file:127.0.0.1 suitesmart.com127.0.0.1 cdn.optmd.com127.0.0.1 google-analytics.com127.0.0.1 ads.bluelithium.com127.0.0.1 7search.com127.0.0.1 asklots.com127.0.0.1 pixelstatservice.com127.0.0.1 www.registrydefender.com127.0.0.1 redirec... Read more

A:Malware That Redirects from Searches and Spontaneously Opens Tabs - Help!

Please do not post active links to malware or possible malware related sites. I have removed the one(s) you posted so others do not accidentally click on them.Please post the results of your last MBAM scan for review (even if nothing was found).To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Logs are saved to the following locations:-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\LogsPlease follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vis... Read more

Read other 8 answers
RELEVANCY SCORE 76

I don't know what to do I'm out of resources. I tried multiple solutions including running ad-aware in safe mode no dice. I also tried a solution you gave to pabs which included BFU ,Alcra Plus Remover, ATF Cleaner, and AVG spyware no dice as well. This darn thing specially likes to pop up on the initial start up of Firefox and every couple clicks please help. Here is my HJT log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:06:39 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program... Read more

A:Solved: While running firefox I get IE popups, it also opens tabs in my Firefox.

Read other 13 answers
RELEVANCY SCORE 76

I don't know if these are related, which is why I'm posting this in the same thread and I honestly don't know what to do.
 
I have a pretty good feeling this is malicious since the ads starting showing up at the bottom of every webpage and look the same. The ad says "Brought to you by ...".
 
Each day around 7am I get a popup window on my desktop that tells me that I need to update Flash, yet I've already downloaded and installed Flash from the adobe website and verified that it is up to date. So I close the reminder since I don't know if it is a virus or not.
 
I scanned using hijackthis so I could have a log handy if needed. However when I ran it, there was a warning window that said:
 
For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.
 
If that happens, you need to edit the file yourself. To do this, click Start, Run and type:
 
   notepad C:\Windows\System32\drivers\etc\hosts
 
and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.
 
For Vista and above: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'.
 

 

 
Any help would be appreciated. Thanks!
 

A:Firefox has new suspicious ads and opens 3 tabs every time Firefox is opened. Da

Welcome aboard  HJT is not allowed in this forum.  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you alr... Read more

Read other 14 answers
RELEVANCY SCORE 75.2

For the past week or so I have gotten many popups in new tabs (Chrome and IE) that contain downloads to fake media players some of which have actually downloaded themselves to my computer (I did not install them). I posted a topic in Am I infected? What do I do? but was told to go here for more help. Here is a link to the last topic http://www.bleepingcomputer.com/forums/t/539435/adware-opens-new-tabs-at-random-times/
 
As I said in the first topic I made, the virus is not found by any anti-virus, I have tried including, Malwarebytes, Avast, AVG, Superanti Spyware, JRT, eset ,and adwCleaner. The virus has also worked it's way onto two computers that are on my network. Any help getting ride of this virus would be much appreciated.
 
DDS files are attached below.

A:Malware opens sites in new tabs that contain ads and fake media players

I would like to have this topic closed due to some modification I made to my computer.

Read other 2 answers
RELEVANCY SCORE 74.4

Hello, I'm a complete computer novice, but I know things are not right. At startup I get two pop-ups stating some .dll files are missing. I've googled these files and only got a couple of hits, it seems they're some kind of virus. My browser also opens up new tabs on it's own, and google search results get redirected. Unfortunately these issues have been going on for a while and I'm just now trying to get it fixed. I hope I'm not beyond help . I also have the HiJack this log available if needed. Please help!

Edit: I do not have access to a Windows boot or start-up disk. I could probably get my hands on one from work if necessary.

DDS log

. DDS (Ver_11-03-05.01) - NTFSx86 Run by Louise at 9:39:26.50 on Sat 03/05/2011 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.316 [GMT -5:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\... Read more

A:.dll files missing, browser opens new tabs, google search redirects.

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

This next program is needed to remove the remaining malware entries I see. However...AVG incorrectly targets ComboFix's embedded files. ComboFix will not run with AVG instal... Read more

Read other 19 answers
RELEVANCY SCORE 73.6

I need help to figure out what on earth is wrong with my computer. When I open Explorer, sometimes there is an additional tab with some sort of advertisement. In addition, the browser will spontaneously close, Google search links lead to sites other than the one I have clicked, and audio from the web comes on even when no browser is open. I am operating on Windows XP and use Internet Explorer 8. Any help would be much appreciated. Below is my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:42 PM, on 8/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TrueSwitchComcast\TrueWizard.exe
C:\Program Files\Java\jre6\b... Read more

Read other answers
RELEVANCY SCORE 73.6

Hello there!

Firefox is opening new tabs, usually on crass and annoying sales sites, relating to search terms I've recently used in Google or the website I've just been looking at. It also sometimes takes me from Google searches to the wrong URL, again usually some site trying to sell me something related to the search. If I close Firefox and reopen it, and do the same search it will usually then take me to the right place.

I have run scans with Malwarebytes, Ad-Aware, Spybot and AVG, all of which came up clean. I have uninstalled and reinstalled Firefox. Google Chrome will not install on my PC, though this may be unrelated. Windows Update will not run on my PC, though again maybe unrelated. I do not use Internet Explorer if I can possibly help it. Any help greatly appreciated! Many thanks, OB.

EDIT: I have just tried Firefox in Safe Mode, disabled all add-ons, and then went to Google and searched "Second Hand Cars". First five or six links I clicked on went to wrong URL. So it's not a FF addon!

Hijack This log for your consideration:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:03:29, on 17/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\M... Read more

A:Firefox goes to wrong URL and opens new tabs without asking

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 5 answers
RELEVANCY SCORE 73.6

This is a weird case, and I'm pretty sure it's not attributed to a virus.Basically, I was playing full screen Starcraft whilst Firefox was running with multiple tabs open in the background. I alt-tabbed from the game to Firefox, and right clicked my taskbar and closed the game. As soon as I did this, a tab opened to Adtechus. (A legitimate AD company from what I can tell). I had a look on the website that was open when I alt tabbed before the new tab to Adtech opened and one of the ads on it had an Adtechus URL. The thing that perplexes me is that, my mouse didn't go near it, and so I couldnt have clicked it.After this, a short while later, I re-opened the game, alt tabbed and before I could close it, another tab opened automatically from a site I was on before with a Facebook box implemented into it, and for some reason the new tab contained the Facebook "like" box seperate from everything else. SEE HERE: http://www.facebook.com/plugins/likebox.ph...mp;header=falseFull website with the box to the left, here: http://www.gonintendo.com/I can recreate this by right clicking the Facebook box on this specific website and choosing "This Frame > Open Frame in New Tab". But the thing is, I never did this in the first place! Plus, the website was already closed 20 seconds previously before this new tab popped up. Then, automatically, another Adtechus tab popped up shortly after!I am quite sure I have not got any viruses as I have a multi lay... Read more

A:Firefox opens tabs randomly... but not in the way you'd think

Close out firefox and see if the issue continues.

Read other 9 answers
RELEVANCY SCORE 73.6

hi my firefox seems to open unknown tabs such as loa.teebik and something how would it be possible to fix this
this happens completely randomly and i dont even have any extensions installed on my firefox
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16912  BrowserJavaVersion: 10.45.2
Run by Teemu at 1:08:17 on 2014-03-23
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.358.1033.18.1790.741 [GMT 2:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSy... Read more

A:Firefox opens unknown tabs

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Multiple Antivirus Programs installed!I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products... Read more

Read other 2 answers
RELEVANCY SCORE 73.6

Ive tried everything, run every scanner i could find, there are no processes that shouldnt be there in task manager. Nothing in startup or in services of MSCONFIG. Im stumped. Every couple minutes a new tab will open in firefox(Or if Ff is not open then it will open) With and address that will have a website and then end "normal/yyy102.html"

For example

http://www.bigdiscountbuy.com/normal/yyy102.html

Where "http://www.bigdiscountbuy.com/" will change for other websites

Weird thing is the tab will just be Blank, nothing in there.
I had installed a something which gave m,e some spyware, but this was removed with Ad-aware, spybot, and webroot spysweeper. But this still clings on..

Heres my logfile.

Logfile of HijackThis v1.99.1
Scan saved at 23:26:54, on 18/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sanjay\Desktop\Tempy\HijackThis.exe

R0 - HKCU\Softw... Read more

A:Ad-ware opens tabs in Firefox

I see you have disabled some startuo items with Msconfig. Please open it and select normal startup. I need to see everything that is running on your PC to help you clean it out, you may return it to the way it was when we are finished.

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in ... Read more

Read other 19 answers
RELEVANCY SCORE 73.6

Attached is my HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:35:18 AM, on 11/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDO... Read more

A:Firefox and IE opens up by themselves. Multiple tabs with different ads

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appea... Read more

Read other 17 answers
RELEVANCY SCORE 73.6

Got something WRONG with my browsers. My computer, Dell 2400 w/Intel 2.4ghz, 1.5ghz RAM, WinXP Home SP3 works excellent and all programs run as they should. The problem is when I enable my LAN and connect to the Internet. When I first open my FireFox 3.6.8 it goes to my Home Page as it should. As long as I'm working on my Home Page everything works well. I can read all the articles on that page (Yahoo.com) and all is well. But, when I open a new tab and try to go to some site on that new tab, some MalWare opens a new FireFox browser and starts opening new tabs at an accelerated speed. It only takes a minute or less and the top of this new and 2nd FireFox is completely loaded with tabs, each displaying a different internet site. Well, all these tabs being opened at once causes my AVG 2011 to go bizerk! AVG uses 100% of my CPU trying to keep up with all the tabs being opened. After several minutes, I try to close that FireFox and FireFox warns me about closing multiple tabs....221 tabs to be exact. I got this MalWare from Google search engine by connecting to a medical site that Google had marked "SAFE". It took only seconds for AVG to open a window showing that it had found a virus "Win32/Cryptor" and had quarantined it in the Virus Vault and then a minute or so later it found another Malware "Win32.Arto.cbb" and quarantined it also. So, I disconnected from the side and in a few seconds, my ZoneAlarm asked for permission to connect a program ... Read more

A:FireFox browser opens 221 new tabs

Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. The malware removal experts are very busy! You should get an answer within the next 48 hours.
 

Read other 1 answers
RELEVANCY SCORE 73.2

About a week ago, just after I downloaded a Miles Davis torrent file (which I doubt was the cause), a fake anti-virus program popped up on my PC, doing fake scans and warning me about all sorts of horrible things on my computer. I think it was called "XP Defender". It was easily removed but afterwards I was left with a more resilient problem: once every couple of hours or so a random website opened in Firefox in a new tab. Some links open blank pages, others open seemingly random commercial pages from various countries. The links are sometimes redirected several times and often but not always they have an icon that resembles the band logo from A Perfect Circle, except it is green and the right half of the circle is further up. I will make a screen shot when it happens again. I ran Avira, AVG and Avast, Spybot and MWB Anti-Spyware but nothing was found. I also uninstalled Firefox and replaced it with Opera but the problem remains.I hope someone can make something out of my Hijackthis log because I'm clueless right now.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:13, on 23-3-2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Sy... Read more

A:Browser opens random new tabs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 12 answers
RELEVANCY SCORE 72.8

I use version 3.5.1 When I open firefox it opens with multiple tabs.I tried to find the answer in the FF helpcentre however it's rather confusing for me. I looked at the answer for this problem "preferences not saved" and followed the steps in order to resolve the issue and have been looking to the prefs.js files in the profile folder but none exist Help indicates that those files may be duplicated or corrupted. Also the help centre indicates that if those files are corrupted the preferences are not being saved.I am sure that is the issue but I cannot resolve it.I reinstalled FF several times but the result is the same. Is here a FF user that is able to help in simple words.
I disabled all addons but no result.
My OS Windows Vista Home premium My Laptop:Toshiba Satellite P 200 dual core T5450 Ram 2GB processor 1,66 Ghz I use FF for many years but eversince the 3.5 version was introduced i have this problem. Thanks in advance
 

A:Firefox opens multiple tabs upon start up

Read other 13 answers
RELEVANCY SCORE 72.8

Ever since I did a refresh of Firefox a few weeks ago, it now opens with TWO active tabs running my home page. How can I stop it from opening the second tab which is slowing down completion of opening the first tab?
 

A:Solved: Firefox opens with multiple tabs

check the Internet options and make sure the homepage is not listed twice
 

Read other 2 answers
RELEVANCY SCORE 72.8

Hi,

While I think I have temporarily stopped this problem, by blocking redirects in Firefox, I think there is still a malware/trojan on the system, which may cause other problems, so I?d appreciate help from a pro. Many thanks in advance.

Every five of so minutes firefox would open a new Window with 11 tabs 3 or four of them were Index of the folder where firefox is stored, another one is xn-eba.com and the others are page could not be loaded with addresses with lots of odd symbols, but always including the xn- characters. I can just close it but I notice in the Cookies section that a cookie is added each time there is the redirect that I have removed.

I have ran Malwarebytes and spybot search and destroy (which found three problems that I cleaned the first run and none the second) as well as the antivirus (avira). I?ve also cleaned out the temporary files and temporary internet files.

Thanks again,
Chris.

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Berta at 13:11:18 on 2012-05-01
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1022.30 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Archivo... Read more

A:Firefox opens new window with 11 various tabs, including xn-eba.com

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

Read other 3 answers
RELEVANCY SCORE 72.8

Firefox has been opening a new tab with a webpage in it, I used ctrl alt delete to close firefox whenever this happens. This does not occur very often and does not seem to have a set time. svchost.exe under SYSTEM is running with high CPU usage and high Mem Usage around 99% and 280,000 K.

I have used mcafee and spybot search and destroy along with windows malicious software removal tool, all of them have come up clean.

Here is a Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:15 PM, on 6/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program F... Read more

A:Please help firefox opens new tabs and svchost.exe issues

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 72.4

Chrome opens random advert tabs.  Tried malwarebytes and a few other programs but they can't seem to find anything that's causing this annoying issue.  Please, any help would be greatly appreciated.

A:Chrome opens random advert tabs

Hello there, 
 
You can start solving this issue by removing suspicious software from your system. This may include toolbars or browser extensions. To remove unwanted programs from Windows please follow the steps in this link:http://windows.microsoft.com/en-gb/windows/uninstall-change-program
 
Furthermore resetting all browsers and disabling their add-ons could help. 
 
I would also recommend installing "Adblock plus" in order to eliminate all the popup's and ads from your browsers. https://adblockplus.org/
 
Hope this helps! 

Read other 2 answers
RELEVANCY SCORE 72.4

Well I just installed windows 8 a while back (legit copy). While browsing the web with IE a new tab opened saying there are harmful processes on my computer. Well I managed to take a couple of screen shots of those webpages. I've tried to keep windows 8 updated but the internet speeds have been really slow here where I am and haven't updated it in a while. I updated windows defender and installed spybot search and destroy and mbam and updated those and ran them in safe mode but no viruses showed up.
 

A:Virus opens new tabs at random times

    Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:... Read more

Read other 1 answers
RELEVANCY SCORE 72.4

Two computers on my network have gotten an adware that effects both Internet explorer and Chrome (have not checked Firefox). I have run numerous scans including: Malwarebytes, Avg, Avast, AdwCleaner, Hitman, SuperAntiSpyware and tdsskiler, all of which have no effect on the virus (Nor do they find it). I also did a system restore to a couple weeks before any noticeable effect of the virus took place, still no luck. 
 
The virus itself randomly opens new tabs with links to download fake copies of media player like flash and says "Updates Recommend." The new tabs appear mostly when clicking on links but occasionally pop up at completely random times.
 
Links to some of the websites it brings me too:
 
http://9v3zz.playnow.codecpacXXXkplastic.eu/?sov=412093510&hid=cieskgmoqgoickc&id=XNSX.1143278450.242716.d9c3c44154.5716.af45d90edd99031f8ce39c9f4200df7c%3A%3Apc
 
http://www.appXXXisys.com/lp/videoperformer/v18/?v=18&cid=4535&clickid=00007584p6389922618
 
*XXX are to stop possible accidental clicks on links that may lead to the virus I have
 
It also originally took me to some website called mediamother.eu
 
Does anyone know anything about this virus and how to remove it; even a name would be very helpful. Help would be much appreciated.

A:Adware opens new tabs at random times

Try turning off all add ons and extensions in those browsers and see if it stops.How to Disable Extensions in Google Chrome - How to Uninstall Extensions in Google ChromeHow to Disable Extensions in Internet Explorer

Read other 12 answers
RELEVANCY SCORE 72.4

Hello everyone,

I am grateful to have found this forum, I saw somewhere else that someone had a similar issue. When I go to a website, and merely click on it somewhere, the browser would open up random tabs of random other websites, usually websites for me to by norton antivirus software, if I went to my banking site it would open tabs that look similar to my banks, but the url is different and so on.

I was wondering if I can please have some help in regards to this? My computer is less than 2 years old, and I really can't afford to buy a new one.

Thank you for your time and consideration in regards to this.
From Lagron

I have attached what I was able to obtain from performing the steps outlined at http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

There was an issue though, when I was performing step that requires the GMER scan, it worked and scanned it without finding anything related to rootkit, but it didn't give me a log file. So I took the steps that were needed as if there was a rootkit found, but in the process of this, I was away from the computer letting it scan, and my computer turned to a dark screen/standby or something like that...minutes later I return sit down and still wait for the scan to complete received a blue screen stating "Driver_Power_State_failure" I took a screenshot of this but think this occurred only because my computer went on standby as it was still scanning, but can upl... Read more

A:Browser Opens Up Random Websites In New Tabs

Read other 16 answers
RELEVANCY SCORE 72

I launch Firefox, and almost immediately am interrupted by ten or so new tabs unexpectedly opening, with paid-for ad sites like news7daily.tv, and a few raunchy sites. Later I get random redirects, too, after closing all the tabs.

Last week I installed and ran malwarebytes' anti-malware software, because I was seeing similar unwanted behavior (redirects, pop-ups, continually checking "allow third party cookies".) I killed a couple processes (xxx.exe) and deleted a program whose name I have forgotten, but which another discussion forum identified as malicious. I thought it was fixed, but the issues cropped back up after a few days. I did not have Windows firewall on, I discovered today, which is unfortunate, as it might have saved me a lot of trouble.

Thanks in advance for your help!

-Sid

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by Owner at 19:43:47 on 2012-01-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1277.66 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
sv... Read more

A:Ad malware opens dozens of unwanted tabs in Firefox

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 71.6

Please help me. I am having several problems that I've never had before with my computer and I am now convinced that it is hi-jacked and infected with malware.

The only protection I have used since I got the computer is avast antivirus protection and piriform ccleaner. I have had no malware, spyware or viruses on this computer in the past. I've had it for almost a year.

However my computer has since yesterday (i think) become infected. It has not slowed down much, but whenever I use Google, it redirects me to random sites. Many websites I visit regularly that have never had pop-up ads before now have pop-up ads.

When I went to check my e-mail in Hotmail, I received this message constantly:

"Please refresh your browser window. When you access your Windows Live Hotmail account from more than one computer, we ask you to sign in again to help keep your account private and secure."
At this point I decided to install Spybot, however the website was blocked. I went to download.com and downloaded it and attempted to install but I was unable to, receiving this message:

"Error sending request. The server name or address could not be resolved."

I just installed ad-aware and did a full scan and it found one malware agent and supposedly fixed it, but after rebooting all of these issues are still occuring.

So this brings me to here and now. I just downloaded Trend Micro HijackThis and here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Sca... Read more

A:Google redirects to random sites, some sites blocked, can't install spybot.

Read other 6 answers
RELEVANCY SCORE 71.2

In addition to the browser redirects. Boot up time has become extremely long. Often when boot up is complete Macaffee and wireless network adapter are not working. Thanks much for any support you can provide.
RSL
DDS (Ver_09-07-30.01) - NTFSx86
Run by Family at 17:13:11.14 on Tue 09/22/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.133 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Aventail\Connect\as32svc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched... Read more

A:IE Browser Hijacked... Redirects to random sites/search sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner o... Read more

Read other 2 answers
RELEVANCY SCORE 71.2

Hi guys, how are you? My laptop is having an issue in Firefox. While using Google's RSS Reader to read my feeds, I get randomly open new tabs that have various different links but are completely blank or have very weird scroll bars inside.

I ran the following in plain safe mode with newest updates: Spybot (clean), Malware full scan (clean), Norton Internet Security full scan (clean) & TSSDKiller (found one threat, rescan was clean).

Should I follow this thread (www.bleepingcomputer.com/forums/topic462907.html/page__p__2790786__hl__firefox+random+tab__fromsearch__1#entry2790786) or post my own logs? Thanks

A:Firefox 14 opens blank tabs while reading Google RSS feeds

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465907 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 50 answers