Over 1 million tech questions and answers.

Firefox opens random tabs and redirects, blocks microsoft update - rootkit?

Q: Firefox opens random tabs and redirects, blocks microsoft update - rootkit?

Hi,A couple days ago I got a virus or something that would pop up a fake Windows AntiSpyware (don't remember exact name) program. I was finally able to get rid of it using AVG and MalwareByte's Anti-Malware.Now Firefox will open up random tabs on it's on (don't have to click on anything) and when I click on links sometimes it will redirect me for like 5 clicks of the link and then after that allow me to go to the site and then it will repeat this action maybe 10 minutes later.It also will not let me go to the microsoft update site (in IE and Firefox), and when I search w i n d o w s u p d a t e . m i c r o s o f t (without the spaces) in google or any text field that I submit (tried it in a forum) (in IE or Firefox) it will just bring up a page that says connection was reset or page failed to load. I have also tried it in safe mode and I get the same symptoms.I have tried running MalwareByte's Anti-Malware, Spybot S&D, AVG, and HJT. At one time MalwareBtyes said something about a tcipip.sys thing but I don't remember too much about what was wrong.I followed the prep guide but I cannot get a full gmer scan to run. It either just restarts my computer, freezes, shuts down the program, or locks down my computer (have to do a hard reset).Thanks for any and all helpEDIT: One of the pop-up tabs lingered on a site for a second before going to an ad site, the url of this site was..hxxp://apachejct.com/key/?qs=9434cd09aed34cc216c628c7eac958b4aa78b00b6706ac1a831329d819113e82fb12ce20247413631491c4cbf4ea6e7e&t=exploit+neosploit+toolkitI've seen those last words before "exploit neosploit)I'm also going to try and run gmer but with it saved as a different name.-SethDDS (Ver_10-03-17.01) - NTFSx86 Run by Seth at 19:27:15.01 on Tue 04/27/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1120 [GMT -6:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\Rundll32.exeC:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeC:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEsvchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\AVG\AVG9\avgemc.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Documents and Settings\Seth\Desktop\dds.scr============== Pseudo HJT Report ===============BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dlluRun: [Creative MediaSource Go] "c:\program files\creative\mediasource5\go\CTCMSGoU.exe" /SCBmRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [SkyTel] SkyTel.EXEmRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exemRun: [P17Helper] Rundll32 P17.dll,P17HelpermRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"StartupFolder: c:\docume~1\seth\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cabDPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabDPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272319386484DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dllNotify: avgrsstarter - avgrsstx.dllNotify: igfxcui - igfxdev.dllNotify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dllSecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\seth\applic~1\mozilla\firefox\profiles\j57bkijs.default\FF - prefs.js: browser.search.selectedEngine - YouTubeFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/igFF - component: c:\documents and settings\seth\application data\mozilla\firefox\profiles\j57bkijs.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dllFF - component: c:\program files\avg\avg9\firefox\components\avgssff.dllFF - plugin: c:\documents and settings\seth\application data\move networks\plugins\npqmp071503000010.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-24 216200]R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-24 29512]R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-24 242896]R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-4-24 916760]R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-24 308064]S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-11-2 34944]=============== Created Last 30 ================2010-04-28 01:26:54 0 ----a-w- c:\documents and settings\seth\defogger_reenable2010-04-27 22:18:29 552 ----a-w- c:\windows\system32\d3d8caps.dat2010-04-27 19:36:51 98816 ----a-w- c:\windows\sed.exe2010-04-27 19:36:51 77312 ----a-w- c:\windows\MBR.exe2010-04-27 19:36:51 256512 ----a-w- c:\windows\PEV.exe2010-04-27 19:36:51 161792 ----a-w- c:\windows\SWREG.exe2010-04-25 17:02:23 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-04-25 17:02:23 411368 ----a-w- c:\windows\system32\deployJava1.dll2010-04-25 00:39:11 0 d-----w- C:\$AVG2010-04-24 23:21:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll2010-04-24 23:21:42 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys2010-04-24 23:21:38 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys2010-04-24 23:21:35 0 d-----w- c:\windows\system32\drivers\Avg2010-04-24 23:19:23 0 d-----w- c:\program files\AVG2010-04-24 23:19:11 0 d-----w- c:\docume~1\alluse~1\applic~1\avg92010-04-24 22:55:17 2560 ------w- c:\windows\system32\xpsp4res.dll2010-04-24 12:03:49 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys2010-04-24 12:03:31 0 d-----w- c:\program files\Hitman Pro 3.52010-04-24 12:03:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro2010-04-24 04:41:16 0 d-----w- c:\docume~1\alluse~1\applic~1\avG2010-04-24 03:59:33 0 d-----w- c:\docume~1\seth\applic~1\Malwarebytes2010-04-24 03:59:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-04-24 03:59:27 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-04-24 03:59:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-04-24 03:59:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-04-23 00:25:19 131072 ----a-w- c:\windows\system\SP5X_32.DLL2010-04-01 05:28:04 0 d-----w- c:\program files\Maxis2010-04-01 05:24:40 299008 ----a-w- c:\windows\uninst.exe2010-04-01 05:24:39 0 d-----w- c:\documents and settings\seth\WINDOWS==================== Find3M ====================2010-04-27 10:06:26 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys2010-03-16 00:20:13 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys2010-03-16 00:20:13 47360 ----a-w- c:\docume~1\seth\applic~1\pcouffin.sys2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll2009-06-11 05:30:17 696290 ----a-w- c:\program files\Alarm.zip2009-04-16 04:53:37 547472 ----a-w- c:\program files\GearsSetup.exe2008-02-01 08:39:03 113664 ----a-w- c:\windows\inf\hdaudio.sys2006-06-22 23:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe2008-11-02 20:08:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110220081103\index.dat============= FINISH: 19:28:23.45 ===============

RELEVANCY SCORE 200
Preferred Solution: Firefox opens random tabs and redirects, blocks microsoft update - rootkit?

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Firefox opens random tabs and redirects, blocks microsoft update - rootkit?

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logElle

Read other 8 answers
RELEVANCY SCORE 113.2

Hi,

I recently had a virus/rootkit or some type of malware installed on my computer. Basically because I accidentally clicked yes to one of those "you're computer is infected" links. I ran Malwarebytes and AD-Aware before hand and I thought I got rid of everything, unfortunately I did not as Firefox still opens random tabs.

I read the first steps, my logs are attached below. Unfortunately I do not have a Windows Install CD, I think it's forever lost somewhere.

I read the previous posts similar to mine but was not able to figure out what exactly to do. Any help would be greatly appreciated!




DDS (Ver_10-03-17.01) - NTFSx86
Run by Gov at 18:12:00.67 on Thu 05/13/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1727 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe ... Read more

A:Firefox opens random tabs / redirects sites

Hi ettes and welcome to TSF.

If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

** Note: Please stick with me until I declare that your system is free from malware. Even though your system may not have any symptoms of malware, it may still be infected. **

--------------------------------------------------------------
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions HERE.

Reply back with the following: C:\ComboFix.txt

Read other 19 answers
RELEVANCY SCORE 108.4

Ok so i've noticed that firefox randomly will open ad pages in new tabs and redirect my google searches.

I have run complete scans with superantisypware, avira, spybot, malwarebytes, iobit security 360 and inbuilt windows malware scanner. Some of which came up with detections which i got rid yet the problem remains. I tried to restore my comp but it failed, obviously one of the malwares clever tricks.

Here is my DDS log. The attach.txt file is attached but i could not get the GMER rootkit scanner to work. It would complete the scan but as soon as i tried to save it it would give a blue screen and restart...not good i would say. So hence i dont have an ark.txt.

Really starting to worry. I read that these things are usually to direct internet traffic to specific sites to increase ad revenue for the malware people. I havn't done any internet banking cos i am not that foolish but is there much of a chance they will get control of my gmail or facebook accounts? How paranoid should i be in terms of infections spreading to other networked computers and external hard drives?


DDS (Ver_09-12-01.01) - NTFSx86
Run by Darren at 16:35:42.58 on Wed 13/01/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3323.2523 [GMT 10.5:30]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system... Read more

A:Due to adware/spyware/malware firefox opens random tabs and google redirects pages

BUMP, please

Read other 12 answers
RELEVANCY SCORE 95.6

Internet Security 2012 appeared while I was streaming a football game on Sunday.
Ran Malawarebtyes and removed some files.

Now getting random tabs opening.

Can't not access windows updates or update windows security essentials..

Computer froze when running DDS

Here is the log from GMER.

A:Browser Opens Random Tabs & Redirects

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-20 19:48:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250310AS rev.3.ADA
Running: fwwj8zmk.exe; Driver: C:\DOCUME~1\Nate\LOCALS~1\Temp\kwldapob.sys
---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB0C59640]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9542000, 0x18FE04, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F5000A
.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F6000A
.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F4000C

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft C... Read more

Read other 3 answers
RELEVANCY SCORE 92.4

Well like it says in the description i have been browsing the web on Firefox and random tabs constantly keep opening with malicious websites.I have ran my avast anti virus a couple of times and it hasn't found anything, i have yet to run Malwarebytes i don't know if that would find anything that avast hasn't. Although i am not much of a computer whiz.Thank you

A:firefox opens random tabs

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appe... Read more

Read other 18 answers
RELEVANCY SCORE 90.4

I have been fighting this thing for weeks now and cannot find it. I have Malwarebytes and iexplore installed from removing System Tool a few moths ago and I am currently running Avira (after ditching AVG when this all happened). To try and solve this I downloaded and ran Hijackthis but it still has not come up with any substantial fix. If you need the log I can attach it easily enough but it has been a dead end to me.

Thank you all for running this site

Andrew
DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 12:08:18.34 on Tue 02/22/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.919 [GMT -6:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Program Fi... Read more

A:Google Redirect & firefox opens new tabs at random

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

Read other 2 answers
RELEVANCY SCORE 90.4

I'm getting random pop-up advertisements for a program called "Registry Defender" which I know for sure is a virus, and several other programs.

I have already scanned my computer with Avast and Malwarebytes and they don't detect any malware. How can I get rid of this virus?

A:Spyware problem: Firefox opens up random tabs

Depending of what your configuration is, the choices may vary, but I would recommend booting up with a LiveCD (i.e. not with your native OS), then scan your hard drive with a few of the online scanners - nowadays most major antivirus vendors offer free online scans. If your LiveCD contains some antivirus software, use that as well.

After that, you could go manually through your Program Files, with the LiveCD nothing will be hidden (or at least you can easily show hidden stuff) and find any file that may have a reference to the "Registry Defender" or any other program that bothers you. Just make sure to erase all instances of them, including from prefetch folders.

If everything fails and you have no earlier restore point to fall back to, there is always an option to re-install the OS, although personally I've never done that in a situation like that - it seems to drastic a move to me.

Read other 6 answers
RELEVANCY SCORE 89.2

Internet explorer won't stop opening tabs unless I end the process.
Also the internet settings for IE keep changing to accept all cookies and I don't use IE ever.
While surfing the internet Firefox opens a new window to random websites or ads and sometimes blank pages with a changing url similar to these two:
(Urls are really long so I'll only post part of it)

Code:
http://77.93.75.150/dot.gif/?ver=120&cmp=profiling4&uid=
Code:
http://82.98.235.113/dot.gif/?ver=120&cmp=profiling4&uid=
I found this within the urls if it helps any.

Code:
www.google.com%2Fsearch%3Fq=rundll32.exe
Also when I shut down my PC an end task window appears labeled SuperMwindow
and when my PC boots up, a window appears saying:
Windows Drive not ready
Exception Processing Message
c00000a3 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c
asking me to continue cancel or try again
I'm new here and I don't know what's going on Please Help

I read the the first sticky and and downloaded Hijackthis
Here's the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:06 PM, on 1/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common F... Read more

A:IE tabs won't stop opening, FireFox opens up random sites

Read other 16 answers
RELEVANCY SCORE 86.8

Hello and thank you for taking the time to help.When IE is opened, MWBAM starts blocking outgoing to malicious sites. These are intercepted every couple of seconds. 208.87.33.151, 208.73.210.29, 66.6.87.100, 208.87.32.69, etc.Simultaneously, Microsoft Development Environment keeps firing error messages or the debugger with some random web-page.html loaded.In prep to submit this I Ran DDS, and produced the text below and the attachment, but ran into trouble with GMER.On opening GMER, it detected root activity - [email protected] when it prompted to scan I clicked 'No' per instructions, un-checked the options per instructions, and ran the scan. Results:Error msgbox: Load driver C:\fwtyapow.sys error 0xc0000035 "Cannot create stable subkey under volatile parent key"Blue screen also citing fwtyapow.sysScanned C:\ with AVG (0 infected) and MWBAM, no help.Thank you in advance for any help.David------------------------------------------------------------------------------------------.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.11Run by Jeff at 17:51:37 on 2011-09-11.============== Running Processes ===============.\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\AVG\AVG10\avgwdsvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Fil... Read more

A:Microsoft Development Debugger opens w/random web pgs loaded, MWBAM blocks outgoing to malicious sites. GMER: [email protected], but sca...

Fixed it. Please ignore.

Read other 2 answers
RELEVANCY SCORE 86.8

Over the weekend, my computer suddenly started exhibiting several symptoms:
Random redirects when I click a Google link
Random tabs opening when I don't click anything
Avast! will display a "Malicious URL blocked" message even if my browser isn't open, saying it's coming from svchost.exe
Avast! will detect a Rootkit. I did the full reboot/scan, but it still detects this. I don't think that it's popped up again since I limited the size of the TEMP folder to 20 MB, though.
I'll get a "Generic Win32 Service" error when I start up, and I will shortly be disconnected from the Internet.
Thank you in advance for any help that you can provide.

==================================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:39:42 PM, on 1/25/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bon... Read more

A:Random google redirects, popup tabs, generic win32 error, rootkit, malicious url

I was unable to post the GMER in the OP because of character limit, and now the forum times out when I try to post the GMER.
Is there anything I can do to remedy this?
 

Read other 2 answers
RELEVANCY SCORE 84.4

First of all, I'd like to apologize. I jumped the gun and ran ComboFix once my computer started exploding, several times until the thing ran properly, after my usual antivirus program failed to reboot properly to remove the trojans it had detected. I've since run everything requested, but did so afterwards. This is also a fairly old machine, but I've had no insurmountable problems with viruses etc, up to this point. I have no idea what triggered it, and I absolutely cannot afford to do without right now, so any assistance would be sincerely welcomed. Oh, and this is a legitimate version of Windows XP Home Edition, and I have access to the serial key but not the CD. I purchased the computer with the operating system pre-installed and never had the CD, and despite how spurious that sounds it has passed windows verification at every step.I'm not sure what additional information you require, please just ask if I'm missing anything.Two successful ComboFix logs are also attached. log.txt comes before COMBOFIX.txt, chronologically. GMER log will be edited in, I have not yet managed to pull a successful run off of it and cannot run it in safe mode. GMER log is now attached.EDIT: To explain further, there now seems to be something wrong with an svchost.exe process. When left on in normal mode, it will gradually consume all memory and not allow me to open anything or even properly shut down, and eventually crash with a typical XP error report box thing. GMER was not... Read more

A:Connection reset on windows update, browser redirects/new tabs, and apparent rootkit infection.

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachme... Read more

Read other 26 answers
RELEVANCY SCORE 84

hii got this unusual problem from last couple of days whenever i open browsereither firefox or ie soon after it open a random tabs by itself.my windows update are not working always shows Error number: 0x80072EFF.i scan with avg,malwarebite,superantspyware but nothing comes up ,but my malwarebite keeps showing a ballon in system tray saying successfully blocked access toa potentially malicious website 91.212.226.67 and it keeps changing the number of the site.i download windows malicious tool and it says alerion c virus but when i scan with avg nothing comes up.iam bit confuse coz of this. iam posting trend micro hijack this log file for you guys to look into and thanks for your kind help in advanceLogfile of Trend Micro HijackThis v2.0.4Scan saved at 10:00:10, on 22/06/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\Identity Protection&#... Read more

A:windows update not working Error number: 0x80072EFF.mozilla and ie opens random tabs.

hi just adding the information to the exisitng topic last nite i ran tdsskiller and it found and infection in driver which is disinfected after reboot .my windows updates are working fine now and iam not getting the pop up ballon saying access denied to malicious wesite but when i scan with superantspyware it shows that hkcmd is infected it cures it but it come back again even malwarebite showsthe thing like shell open command bad note pad.fix it but it appears again.iam trying to post the latest log for you guys to have a look cheers.22:53:13:812 4044 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:4822:53:13:812 4044 ================================================================================22:53:13:812 4044 SystemInfo:22:53:13:812 4044 OS Version: 5.1.2600 ServicePack: 3.022:53:13:812 4044 Product type: Workstation22:53:13:812 4044 ComputerName: ASDF-E26E85805B22:53:13:812 4044 UserName: Administrator22:53:13:812 4044 Windows directory: C:\WINDOWS22:53:13:812 4044 Processor architecture: Intel x8622:53:13:812 4044 Number of processors: 122:53:13:812 4044 Page size: 0x100022:53:13:822 4044 Boot type: Normal boot22:53:13:822 4044 ================================================================================22:53:14:263 4044 Initialize success22:53:14:263 4044 22:53:14:263 4044 Scanning Services ...22:53:14:773 4044 Raw services enum returned 387 services22:53:14:803 4044 22:53:14:803 4044 Scanning Drivers ...22:53:15:865 4044 ACPI (8fd99680a539... Read more

Read other 3 answers
RELEVANCY SCORE 83.6

I've recently had many trojans get downloaded onto my computer when AVG crashed while detecting several threats. I remember my pc being locked out where I could not open any programs or task manager unless I download the fake anti-malware program. I had several types but I could only remember anti-malware doctor being present. I removed most of the stuff with malwarebytes, spybot and SUPERantispyware in safe mode but it doesn't seem to get rid of my firefox browser directing me to a random site periodically. I scan multiple times a day and each time I find a trojan which I thought I had already removed. Also GMER.exe seems to freeze whenever I try to scan and my CPU goes to 100% whenever the program is opened.Any help would be much appreciated,- JennyDDS (Ver_10-03-17.01) - NTFSx86 Run by User at 1:56:35.90 on Tue 09/14/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1202 [GMT 10:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.... Read more

A:Firefox opens/redirects to a random ad website randomly, as well as infections with various trojans

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 13 answers
RELEVANCY SCORE 83.6

http://www.bleepingcomputer.com/forums/topic459101.html
as an add-on, firefox in general runs sluggishly

I skipped step 8 in the preparation guide: http://www.bleepingcomputer.com/forums/topic34773.html since I have a 64 bit computer

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Rajiv Desikan at 23:53:58 on 2012-07-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8106.5432 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program... Read more

A:Firefox google redirects to webhp after a search/opens up random links

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 16 answers
RELEVANCY SCORE 83.6

Firstly, I think I probably got this from some shady porno sites while in private browsing, fwiw

basically, whenever I google stuff using firefox on my laptop (64 bit windows 7, dell xp), oftentimes, when I click on the links, it opens up some random spam website. It takes numerous clicks to actually get the actual link to open. Also, when this doesn't happen, clicking on any google searches redirects the browser to google.com/webhp. I have to exit this tab and open a new tab for google to work after this. Finally, firefox now uses up to 25% of my cpu performance when I check my task manager. So far, these problems only exist on firefox, and IE is fine, but I'd still like to get rid of this possible malware. Thanks!

A:Firefox google redirects to webhp after a search/opens up random links

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

Read other 6 answers
RELEVANCY SCORE 83.2

Hello. I am experiencing the following problems:

1) When i click on links returned by Google searches, I am frequently redirected to web pages which are in no way connected to the link I clicked on and are generally some ad for a product or service,

2) Unwanted new tabs are frequently opening spontaneously (i.e., with no input from me) in Firefox 3.5.9 (which I'm using instead of 3.6.x because it's incredibly slow, crash-prone, and uses stunning amounts of memory) and these tabs generally contain an ad for some product or service, and

3) Microsoft Update will not function.

So that you'll know, I'm running Windows XP Pro and have run avast! Free Antivirus (version 5.0.545), Spybot Search & Destroy (version 1.6.2.46), and Malwarebytes' Anti-Malware (version 1.46), all of which I keep up to date, and none of them have discovered any problems. Also, I was infected this past weekend with whatever virus/malware causes all kinds of popups telling you that every program you attempt to run is infected and turns your desktop green, but was able to use your instructions here together with Malwarebytes' Anti-Malware to apparently get rid of it. That said, it may be helpful to know that before this infection, none of the problems enumerated above were occurring.

Naturally, I would appreciate any assistance that anyone with expertise in resolving these issues may be able to offer. Many thanks in advance...

A:Google Redirects, Unwanted Tabs Opening in Firefox, MS Update Will Not Work...

Is no one going to help me here? This topic has been viewed 29 times and not one person has replied. Am I doing something wrong? If so, please advise. If not, please help.

Thank you.

Read other 2 answers
RELEVANCY SCORE 78

Hello, I've a new problem. Hope you guys can help me like you did before

Logfile of HijackThis v1.99.1
Scan saved at 22:04:48, on 03-24-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\program files\zango\zango.exe
C:\Documents and Settings\Ronnie\Local Settings\Application Data\Google\SearchWithGoogle\SearchWithGoogle.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Prog... Read more

A:IE opens new windows and Firefox opens new tabs

Read other 9 answers
RELEVANCY SCORE 76

My computer is running Windows XP Home Edition Version 2002 and Service Pack 3My browser is Firefox 3.6.9. Sometimes I use Explorer 8.0.6001.18702.No system changes have been made. It is possible that my house sitter during the summer may have visited one or more porno sites.Almost all the redirection takes place from Google, though about half the time I can get to the desired site. I have also been redirected from Yahoo search. I noticed this morning for the first time that even when I typed in a URL, the browser was redirected. I then closed Firefox and opened Explorer, typed in the URL and went there with no problem. However, redirection from Google happens in Explorer also.Often a new tab will open in Firefox spontaneouslyOften the redirected sites open the window to the full screen, sometimes with audio. Sometimes I can't close the tabs on the redirected sites as new small windows open asking me if I really want to close and I can't simply X them out (for another window will open asking again) and fear to click on anything else. I may then wind up closing the browser using Task Manager.Some of the sites I am redirected to are:removedThe following sites came up repeatedly after recirection so I put them in my "hosts" file:127.0.0.1 suitesmart.com127.0.0.1 cdn.optmd.com127.0.0.1 google-analytics.com127.0.0.1 ads.bluelithium.com127.0.0.1 7search.com127.0.0.1 asklots.com127.0.0.1 pixelstatservice.com127.0.0.1 www.registrydefender.com127.0.0.1 redirec... Read more

A:Malware That Redirects from Searches and Spontaneously Opens Tabs - Help!

Please do not post active links to malware or possible malware related sites. I have removed the one(s) you posted so others do not accidentally click on them.Please post the results of your last MBAM scan for review (even if nothing was found).To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Logs are saved to the following locations:-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\LogsPlease follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vis... Read more

Read other 8 answers
RELEVANCY SCORE 76

I don't know what to do I'm out of resources. I tried multiple solutions including running ad-aware in safe mode no dice. I also tried a solution you gave to pabs which included BFU ,Alcra Plus Remover, ATF Cleaner, and AVG spyware no dice as well. This darn thing specially likes to pop up on the initial start up of Firefox and every couple clicks please help. Here is my HJT log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:06:39 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program... Read more

A:Solved: While running firefox I get IE popups, it also opens tabs in my Firefox.

Read other 13 answers
RELEVANCY SCORE 76

I don't know if these are related, which is why I'm posting this in the same thread and I honestly don't know what to do.
 
I have a pretty good feeling this is malicious since the ads starting showing up at the bottom of every webpage and look the same. The ad says "Brought to you by ...".
 
Each day around 7am I get a popup window on my desktop that tells me that I need to update Flash, yet I've already downloaded and installed Flash from the adobe website and verified that it is up to date. So I close the reminder since I don't know if it is a virus or not.
 
I scanned using hijackthis so I could have a log handy if needed. However when I ran it, there was a warning window that said:
 
For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.
 
If that happens, you need to edit the file yourself. To do this, click Start, Run and type:
 
   notepad C:\Windows\System32\drivers\etc\hosts
 
and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.
 
For Vista and above: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'.
 

 

 
Any help would be appreciated. Thanks!
 

A:Firefox has new suspicious ads and opens 3 tabs every time Firefox is opened. Da

Welcome aboard  HJT is not allowed in this forum.  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you alr... Read more

Read other 14 answers
RELEVANCY SCORE 74.4

Hello, I'm a complete computer novice, but I know things are not right. At startup I get two pop-ups stating some .dll files are missing. I've googled these files and only got a couple of hits, it seems they're some kind of virus. My browser also opens up new tabs on it's own, and google search results get redirected. Unfortunately these issues have been going on for a while and I'm just now trying to get it fixed. I hope I'm not beyond help . I also have the HiJack this log available if needed. Please help!

Edit: I do not have access to a Windows boot or start-up disk. I could probably get my hands on one from work if necessary.

DDS log

. DDS (Ver_11-03-05.01) - NTFSx86 Run by Louise at 9:39:26.50 on Sat 03/05/2011 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.316 [GMT -5:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\... Read more

A:.dll files missing, browser opens new tabs, google search redirects.

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

This next program is needed to remove the remaining malware entries I see. However...AVG incorrectly targets ComboFix's embedded files. ComboFix will not run with AVG instal... Read more

Read other 19 answers
RELEVANCY SCORE 73.6

I need help to figure out what on earth is wrong with my computer. When I open Explorer, sometimes there is an additional tab with some sort of advertisement. In addition, the browser will spontaneously close, Google search links lead to sites other than the one I have clicked, and audio from the web comes on even when no browser is open. I am operating on Windows XP and use Internet Explorer 8. Any help would be much appreciated. Below is my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:42 PM, on 8/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TrueSwitchComcast\TrueWizard.exe
C:\Program Files\Java\jre6\b... Read more

Read other answers
RELEVANCY SCORE 73.6

Attached is my HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:35:18 AM, on 11/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDO... Read more

A:Firefox and IE opens up by themselves. Multiple tabs with different ads

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appea... Read more

Read other 17 answers
RELEVANCY SCORE 73.6

This is a weird case, and I'm pretty sure it's not attributed to a virus.Basically, I was playing full screen Starcraft whilst Firefox was running with multiple tabs open in the background. I alt-tabbed from the game to Firefox, and right clicked my taskbar and closed the game. As soon as I did this, a tab opened to Adtechus. (A legitimate AD company from what I can tell). I had a look on the website that was open when I alt tabbed before the new tab to Adtech opened and one of the ads on it had an Adtechus URL. The thing that perplexes me is that, my mouse didn't go near it, and so I couldnt have clicked it.After this, a short while later, I re-opened the game, alt tabbed and before I could close it, another tab opened automatically from a site I was on before with a Facebook box implemented into it, and for some reason the new tab contained the Facebook "like" box seperate from everything else. SEE HERE: http://www.facebook.com/plugins/likebox.ph...mp;header=falseFull website with the box to the left, here: http://www.gonintendo.com/I can recreate this by right clicking the Facebook box on this specific website and choosing "This Frame > Open Frame in New Tab". But the thing is, I never did this in the first place! Plus, the website was already closed 20 seconds previously before this new tab popped up. Then, automatically, another Adtechus tab popped up shortly after!I am quite sure I have not got any viruses as I have a multi lay... Read more

A:Firefox opens tabs randomly... but not in the way you'd think

Close out firefox and see if the issue continues.

Read other 9 answers
RELEVANCY SCORE 73.6

Hello there!

Firefox is opening new tabs, usually on crass and annoying sales sites, relating to search terms I've recently used in Google or the website I've just been looking at. It also sometimes takes me from Google searches to the wrong URL, again usually some site trying to sell me something related to the search. If I close Firefox and reopen it, and do the same search it will usually then take me to the right place.

I have run scans with Malwarebytes, Ad-Aware, Spybot and AVG, all of which came up clean. I have uninstalled and reinstalled Firefox. Google Chrome will not install on my PC, though this may be unrelated. Windows Update will not run on my PC, though again maybe unrelated. I do not use Internet Explorer if I can possibly help it. Any help greatly appreciated! Many thanks, OB.

EDIT: I have just tried Firefox in Safe Mode, disabled all add-ons, and then went to Google and searched "Second Hand Cars". First five or six links I clicked on went to wrong URL. So it's not a FF addon!

Hijack This log for your consideration:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:03:29, on 17/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\M... Read more

A:Firefox goes to wrong URL and opens new tabs without asking

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 5 answers
RELEVANCY SCORE 73.6

hi my firefox seems to open unknown tabs such as loa.teebik and something how would it be possible to fix this
this happens completely randomly and i dont even have any extensions installed on my firefox
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16912  BrowserJavaVersion: 10.45.2
Run by Teemu at 1:08:17 on 2014-03-23
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.358.1033.18.1790.741 [GMT 2:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSy... Read more

A:Firefox opens unknown tabs

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Multiple Antivirus Programs installed!I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products... Read more

Read other 2 answers
RELEVANCY SCORE 73.6

Ive tried everything, run every scanner i could find, there are no processes that shouldnt be there in task manager. Nothing in startup or in services of MSCONFIG. Im stumped. Every couple minutes a new tab will open in firefox(Or if Ff is not open then it will open) With and address that will have a website and then end "normal/yyy102.html"

For example

http://www.bigdiscountbuy.com/normal/yyy102.html

Where "http://www.bigdiscountbuy.com/" will change for other websites

Weird thing is the tab will just be Blank, nothing in there.
I had installed a something which gave m,e some spyware, but this was removed with Ad-aware, spybot, and webroot spysweeper. But this still clings on..

Heres my logfile.

Logfile of HijackThis v1.99.1
Scan saved at 23:26:54, on 18/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sanjay\Desktop\Tempy\HijackThis.exe

R0 - HKCU\Softw... Read more

A:Ad-ware opens tabs in Firefox

I see you have disabled some startuo items with Msconfig. Please open it and select normal startup. I need to see everything that is running on your PC to help you clean it out, you may return it to the way it was when we are finished.

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in ... Read more

Read other 19 answers
RELEVANCY SCORE 73.6

Got something WRONG with my browsers. My computer, Dell 2400 w/Intel 2.4ghz, 1.5ghz RAM, WinXP Home SP3 works excellent and all programs run as they should. The problem is when I enable my LAN and connect to the Internet. When I first open my FireFox 3.6.8 it goes to my Home Page as it should. As long as I'm working on my Home Page everything works well. I can read all the articles on that page (Yahoo.com) and all is well. But, when I open a new tab and try to go to some site on that new tab, some MalWare opens a new FireFox browser and starts opening new tabs at an accelerated speed. It only takes a minute or less and the top of this new and 2nd FireFox is completely loaded with tabs, each displaying a different internet site. Well, all these tabs being opened at once causes my AVG 2011 to go bizerk! AVG uses 100% of my CPU trying to keep up with all the tabs being opened. After several minutes, I try to close that FireFox and FireFox warns me about closing multiple tabs....221 tabs to be exact. I got this MalWare from Google search engine by connecting to a medical site that Google had marked "SAFE". It took only seconds for AVG to open a window showing that it had found a virus "Win32/Cryptor" and had quarantined it in the Virus Vault and then a minute or so later it found another Malware "Win32.Arto.cbb" and quarantined it also. So, I disconnected from the side and in a few seconds, my ZoneAlarm asked for permission to connect a program ... Read more

A:FireFox browser opens 221 new tabs

Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. The malware removal experts are very busy! You should get an answer within the next 48 hours.
 

Read other 1 answers
RELEVANCY SCORE 73.2

About a week ago, just after I downloaded a Miles Davis torrent file (which I doubt was the cause), a fake anti-virus program popped up on my PC, doing fake scans and warning me about all sorts of horrible things on my computer. I think it was called "XP Defender". It was easily removed but afterwards I was left with a more resilient problem: once every couple of hours or so a random website opened in Firefox in a new tab. Some links open blank pages, others open seemingly random commercial pages from various countries. The links are sometimes redirected several times and often but not always they have an icon that resembles the band logo from A Perfect Circle, except it is green and the right half of the circle is further up. I will make a screen shot when it happens again. I ran Avira, AVG and Avast, Spybot and MWB Anti-Spyware but nothing was found. I also uninstalled Firefox and replaced it with Opera but the problem remains.I hope someone can make something out of my Hijackthis log because I'm clueless right now.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:13, on 23-3-2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Sy... Read more

A:Browser opens random new tabs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 12 answers
RELEVANCY SCORE 72.8

Firefox has been opening a new tab with a webpage in it, I used ctrl alt delete to close firefox whenever this happens. This does not occur very often and does not seem to have a set time. svchost.exe under SYSTEM is running with high CPU usage and high Mem Usage around 99% and 280,000 K.

I have used mcafee and spybot search and destroy along with windows malicious software removal tool, all of them have come up clean.

Here is a Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:15 PM, on 6/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program F... Read more

A:Please help firefox opens new tabs and svchost.exe issues

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 72.8

Ever since I did a refresh of Firefox a few weeks ago, it now opens with TWO active tabs running my home page. How can I stop it from opening the second tab which is slowing down completion of opening the first tab?
 

A:Solved: Firefox opens with multiple tabs

check the Internet options and make sure the homepage is not listed twice
 

Read other 2 answers
RELEVANCY SCORE 72.8

I use version 3.5.1 When I open firefox it opens with multiple tabs.I tried to find the answer in the FF helpcentre however it's rather confusing for me. I looked at the answer for this problem "preferences not saved" and followed the steps in order to resolve the issue and have been looking to the prefs.js files in the profile folder but none exist Help indicates that those files may be duplicated or corrupted. Also the help centre indicates that if those files are corrupted the preferences are not being saved.I am sure that is the issue but I cannot resolve it.I reinstalled FF several times but the result is the same. Is here a FF user that is able to help in simple words.
I disabled all addons but no result.
My OS Windows Vista Home premium My Laptop:Toshiba Satellite P 200 dual core T5450 Ram 2GB processor 1,66 Ghz I use FF for many years but eversince the 3.5 version was introduced i have this problem. Thanks in advance
 

A:Firefox opens multiple tabs upon start up

Read other 13 answers
RELEVANCY SCORE 72.8

Hi,

While I think I have temporarily stopped this problem, by blocking redirects in Firefox, I think there is still a malware/trojan on the system, which may cause other problems, so I?d appreciate help from a pro. Many thanks in advance.

Every five of so minutes firefox would open a new Window with 11 tabs 3 or four of them were Index of the folder where firefox is stored, another one is xn-eba.com and the others are page could not be loaded with addresses with lots of odd symbols, but always including the xn- characters. I can just close it but I notice in the Cookies section that a cookie is added each time there is the redirect that I have removed.

I have ran Malwarebytes and spybot search and destroy (which found three problems that I cleaned the first run and none the second) as well as the antivirus (avira). I?ve also cleaned out the temporary files and temporary internet files.

Thanks again,
Chris.

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Berta at 13:11:18 on 2012-05-01
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1022.30 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Archivo... Read more

A:Firefox opens new window with 11 various tabs, including xn-eba.com

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

Read other 3 answers
RELEVANCY SCORE 72.4

Hello everyone,

I am grateful to have found this forum, I saw somewhere else that someone had a similar issue. When I go to a website, and merely click on it somewhere, the browser would open up random tabs of random other websites, usually websites for me to by norton antivirus software, if I went to my banking site it would open tabs that look similar to my banks, but the url is different and so on.

I was wondering if I can please have some help in regards to this? My computer is less than 2 years old, and I really can't afford to buy a new one.

Thank you for your time and consideration in regards to this.
From Lagron

I have attached what I was able to obtain from performing the steps outlined at http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

There was an issue though, when I was performing step that requires the GMER scan, it worked and scanned it without finding anything related to rootkit, but it didn't give me a log file. So I took the steps that were needed as if there was a rootkit found, but in the process of this, I was away from the computer letting it scan, and my computer turned to a dark screen/standby or something like that...minutes later I return sit down and still wait for the scan to complete received a blue screen stating "Driver_Power_State_failure" I took a screenshot of this but think this occurred only because my computer went on standby as it was still scanning, but can upl... Read more

A:Browser Opens Up Random Websites In New Tabs

Read other 16 answers
RELEVANCY SCORE 72.4

Chrome opens random advert tabs.  Tried malwarebytes and a few other programs but they can't seem to find anything that's causing this annoying issue.  Please, any help would be greatly appreciated.

A:Chrome opens random advert tabs

Hello there, 
 
You can start solving this issue by removing suspicious software from your system. This may include toolbars or browser extensions. To remove unwanted programs from Windows please follow the steps in this link:http://windows.microsoft.com/en-gb/windows/uninstall-change-program
 
Furthermore resetting all browsers and disabling their add-ons could help. 
 
I would also recommend installing "Adblock plus" in order to eliminate all the popup's and ads from your browsers. https://adblockplus.org/
 
Hope this helps! 

Read other 2 answers
RELEVANCY SCORE 72.4

Well I just installed windows 8 a while back (legit copy). While browsing the web with IE a new tab opened saying there are harmful processes on my computer. Well I managed to take a couple of screen shots of those webpages. I've tried to keep windows 8 updated but the internet speeds have been really slow here where I am and haven't updated it in a while. I updated windows defender and installed spybot search and destroy and mbam and updated those and ran them in safe mode but no viruses showed up.
 

A:Virus opens new tabs at random times

    Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:... Read more

Read other 1 answers
RELEVANCY SCORE 72.4

Two computers on my network have gotten an adware that effects both Internet explorer and Chrome (have not checked Firefox). I have run numerous scans including: Malwarebytes, Avg, Avast, AdwCleaner, Hitman, SuperAntiSpyware and tdsskiler, all of which have no effect on the virus (Nor do they find it). I also did a system restore to a couple weeks before any noticeable effect of the virus took place, still no luck. 
 
The virus itself randomly opens new tabs with links to download fake copies of media player like flash and says "Updates Recommend." The new tabs appear mostly when clicking on links but occasionally pop up at completely random times.
 
Links to some of the websites it brings me too:
 
http://9v3zz.playnow.codecpacXXXkplastic.eu/?sov=412093510&hid=cieskgmoqgoickc&id=XNSX.1143278450.242716.d9c3c44154.5716.af45d90edd99031f8ce39c9f4200df7c%3A%3Apc
 
http://www.appXXXisys.com/lp/videoperformer/v18/?v=18&cid=4535&clickid=00007584p6389922618
 
*XXX are to stop possible accidental clicks on links that may lead to the virus I have
 
It also originally took me to some website called mediamother.eu
 
Does anyone know anything about this virus and how to remove it; even a name would be very helpful. Help would be much appreciated.

A:Adware opens new tabs at random times

Try turning off all add ons and extensions in those browsers and see if it stops.How to Disable Extensions in Google Chrome - How to Uninstall Extensions in Google ChromeHow to Disable Extensions in Internet Explorer

Read other 12 answers
RELEVANCY SCORE 72

Alright, so I'm generally able to resolve minor virus issues on my own, but this one has me completely stumped.I'm running Windows XP on a 5 year old Dell Inspiron 700m, and use Firefox 3.6.3 as my primary browser.I've been having trouble for the past week or so. Generally I can open Firefox and it will go to my homepage (Google) as it should, although occasionally it will open another page entirely. I can manually enter a web address, and Firefox will take me to it. However, if I use a search engine (tested on Google and Yahoo) clicking on any of the results directs my browser to a variety of different sites. Occasionally these sites will be accompanied by dialogue boxes as well.I'm not sure if these are related, but I am entirely unable to access Gmail. Whether I attempt to go there through typing the address into my nav bar, or through the link on google's homepage, it goes to: hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2 instead. Also, while trying to test whether it was a google-specific or more general problem, I ran into this error while attempting to access Bing.com:ERRORCache Access DeniedWhile trying to retrieve the URL: hxxp://www.bing.com/The following error was encountered: * Cache Access Denied. Sorry, you are not currently allowed to request: hxxp://... Read more

A:Search Redirects, Unwanted Tabs. Potential Rootkit.

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 4 answers
RELEVANCY SCORE 72

When I'm browsing the internet with Firefox, strange sites (like yellowmoxie.com) will open in new tabs randomly. This happens without any input from me at all.

I'm also having problems with Vista failing to boot when I start-up (requiring a few attempts) and Vista crashing usually once a day. I have posted about that in Windows support forum, but the two problems started happening at the same time.

I have tried system restore 3 times, but it hasn't worked to fix any of my problems.

Please help.

------------------------------------------------------------
? OS - Vista SP1
? x86 (32-bit)
? What was original installed OS on system? Vista SP1
? Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? OEM
? Age of system (hardware) 2 years
? Age of OS installation - have you re-installed the OS? 2 years. No.
? CPU - AMD Athlon X2 Dual-Core QL-60 1.90 GHz
? Video Card - ATI Radeon 3100
? MotherBoard - ???
? Power Supply (brand & wattage) - Toshiba, 65 W
Access

-------------------------------------------------------

DDS (Ver_10-12-12.02) - NTFSx86
Run by Kyle at 1511.10 on 08/02/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.1789.860 [GMT -8:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defend... Read more

A:Firefox Opens Strange Sites in New Tabs Without Input

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please download and run the programs in the order below.


TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue

If a suspicious file is detected, the default action will be Skip, click on Continue

If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware ... Read more

Read other 2 answers
RELEVANCY SCORE 72

I launch Firefox, and almost immediately am interrupted by ten or so new tabs unexpectedly opening, with paid-for ad sites like news7daily.tv, and a few raunchy sites. Later I get random redirects, too, after closing all the tabs.

Last week I installed and ran malwarebytes' anti-malware software, because I was seeing similar unwanted behavior (redirects, pop-ups, continually checking "allow third party cookies".) I killed a couple processes (xxx.exe) and deleted a program whose name I have forgotten, but which another discussion forum identified as malicious. I thought it was fixed, but the issues cropped back up after a few days. I did not have Windows firewall on, I discovered today, which is unfortunate, as it might have saved me a lot of trouble.

Thanks in advance for your help!

-Sid

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by Owner at 19:43:47 on 2012-01-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1277.66 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
sv... Read more

A:Ad malware opens dozens of unwanted tabs in Firefox

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 71.2

Hello,
 
I recently removed 2 instances of recurring malware ( I removed it and the following day it was back again, removed it again and it came back again) and an instance of recurring spyware off of my Windows 7 pro 64 bit PC with Spybot before removing an additional  piece of malware with Norton Internet Security. I ran a full scan with McCafee before this but it didn't detect anything (Mcafee did find something with its real time protection everytime I tried to remove and resinstall Firefox) that Spybot hadnt found already, so I decided to run some free scans from other antivirus platforms from the internet. Norton found some things so I switched over to Norton. I also ran Microsoft Safety Scanner and Norton Power Eraser neither of which found anything.
 
I am continuing to get popups and when i click on links in Firefox I continue to get multiple windows and tabs opening. I am running the most current version of Firefox from the Mozilla website. This makes me think that I might still be infected.
 
I'm sorry I did not record the names of the malware that were giving me problems. If they come up again I will post them.

A:Firefox opens multiple windows/tabs after malware removal

 Get the free version of Malwarebytes, get it up to date, then boot to Safe Mode and do a full system scan with it and your antivirus.  This could run for a couple of hours.
 
 As for the multiple tabs, just get the ones you want, then press ALT-t and click Options -> Use current pages.
 
Good luck.

Read other 2 answers
RELEVANCY SCORE 71.2

Hi guys, how are you? My laptop is having an issue in Firefox. While using Google's RSS Reader to read my feeds, I get randomly open new tabs that have various different links but are completely blank or have very weird scroll bars inside.

I ran the following in plain safe mode with newest updates: Spybot (clean), Malware full scan (clean), Norton Internet Security full scan (clean) & TSSDKiller (found one threat, rescan was clean).

Should I follow this thread (www.bleepingcomputer.com/forums/topic462907.html/page__p__2790786__hl__firefox+random+tab__fromsearch__1#entry2790786) or post my own logs? Thanks

A:Firefox 14 opens blank tabs while reading Google RSS feeds

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465907 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 50 answers
RELEVANCY SCORE 71.2

Hello all.I would like some help and/or direction if you please.I am running xp pro sp3Firefox 3.5.8IE 7 (my kids)Security softwareAvast homeZonealarm freeSpybot S&D Malwarebytes2 days ago avast triggered on a threat so I quarantined and ran avast 4.8 home edition. Then I ran malwarebytes, spybot S&D and innoculated, CCleaner and rescanned with avast. Malwarebytes identified threats and I deleted as did Spybot (these were just cookies). Avast came up clean. All programs are running the latest updates. Unfortunately I think something was missed. Here's the problem, I will google a topic and click on the link and sometimes get to the link and other times go to a random site e.g.airsplat.com. If I use the back button I am unable to unless I use the drop down next to the back button when I get randomly redirected. Additionally before I was infected I had an add-on in Firefox for WOT results on google. That is now disabled because it was blocking every link I clicked on. Sometime when i click on a result it will begin to load and Avast will interrupt as if the site is malicious e.g. I was looking for info on the guardian 2010 malware for an infected laptop. On this PC I googled the malware, tried to go to bleeping computer and was blocked as it was "malicious". I backed up tried again and was able to visit the site. Here is a copy of my HiJackthis log I appreciate any help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:27:45 PM, on 2/18/... Read more

A:Browser randomly redirects to random sites: sometimes avast blocks

Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download OTS by OldTimer and unzip it to your Desktop..Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Double-click on OTS to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).At the top, tick on Scan All Users sectionAt File Age set it to 90 DaysIn the Processes, Modules, Services, Drivers and Registry section, please set on Safe List.In the Files Created Within and Files Modified Within section, set it to File AgeAt the bottom, tick on all Safe List and Use Company Name WhiteList optionUnder Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:Reg - Disabled MS Config ItemsReg - Drivers32Reg - ExtReg - IE Explorer BarReg - NetSvcsReg - Safeboot MinimalReg - Safeboot NetworkFile - Lop CheckFile - Purity Sca... Read more

Read other 7 answers
RELEVANCY SCORE 70.4

I recently downloaded a Firefox/WMP plug-in, and it seems it came with some nice extras, too.

Random tabs will open in both FF and IE.

Google searches are either redirected to a specific IP (i have it written down), or or this answers.com address.

random AV alerts about a file/url loading malicious url (evoplus seems most common). they seems to slow down when Task manager and Explorer are open.

Windows Firewall somehow magically got turn off and cant be turned on. I downloaded another one to take its place.

I did a disk cleanup twice since, and each time there were gigs (8-11 ish)of temporary files to delete.

Kaspersky cant find it, Windows Defender cant find it, I cant either.

DDS log is below. no GMER since this is 64-bit Windows:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by John at 14:54:47 on 2011-11-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.6097 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Anti-Virus *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Anti-Virus *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
FW: ZoneAlarm Firewall *Enabled* {D17... Read more

A:Random Tabs, Redirects, More Hilarity...

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 10 answers
RELEVANCY SCORE 70.4

All of a sudden I can no longer open or close new tabs using the middle mouse click (clicking the scroll wheel) it doesn work in ie or in firefox. Also seems like it doesn't work on the desktop or any other application. I have'nt installed new updates or new programs, I don't have any "mouse software" like intellipoint. This affects both my wireless keyboard with built in trackball and a serperate wireless scrollmouse. The only think I can think of is that a few days ago I changed the the speed of my cursor.. of course this shouldn't have affected anything else.... but it is really annoying as I mostly use my computer for web browsing and always open links in new tabs... Please help!

A:Middle mouse click no longer opens or closes new tabs in ie or firefox

What make AND model of mouse do you have?

Read other 2 answers
RELEVANCY SCORE 70.4

This started about a week ago. I get popups like this: http://i.imgur.com/woPGCeq.png (screenshot) and webpages all stick double-underlined links into their text like this: http://i.imgur.com/w0zDkVW.png (screenshot).
 
I ran Malwarebytes, it removed a bunch of stuff, but apparently not what is causing these symptoms. Here's my log:
 Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.14.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476MacFall :: MACFALL-PC [administrator]12/14/2013 12:58:10 PMmbam-log-2013-12-14 (12-58-10).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 222271Time elapsed: 9 minute(s), 46 second(s)Memory Processes Detected: 1C:\ProgramData\QuickSet\SK.Enabler\SK.Enabler.exe (PUP.Optional.MultiPlug.A) -&gt; 696 -&gt; No action taken.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 5HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1495795506 (PUP.Optional.MultiPlug.A) -&gt; Quarantined and deleted successfully.HKCU\SOFTWARE\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -&gt; Quarantined and deleted successfully.HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -&gt; Quarantined and deleted successfully.HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -&gt; Quarantined and dele... Read more

A:Firefox opens tabs to sites like "findsection.net". Also, popups. Logs included

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.AdwCleaner created by Xplode.Junkware Removal Tool created by thisisu.
1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.Important: Do not reboot your computer until you complete the next step.
2. Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of... Read more

Read other 5 answers