Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Webpages open randomly in various browsers

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Webpages open randomly in various browsers

Unread postby jcharlto16 » November 19th, 2010, 1:13 am

Update on problems:

After the OTM run, Windows did not shut down properly, so I had to do a hard reboot. After getting back into Windows, I left the PC alone for several hours. When I came back, it seems like something had consumed all the resources. Avira had stopped working, with the error message that a file was missing. Icons on the Quick tool bar went back to the default Windows icon (i.e. all the icons looked the same). Window panels wouldn't display properly. I again restarted Windows and worked with it more extensively. I had no problems. However, I assume, if I leave the PC alone again, the resources will be gone when I get back.

Not sure if the resources issue is malware or a bad install of Avira. They started after I got rid of AVG and installed Avira. I suspect, I'll have to uninstall Avira, shutdown ZoneAlarm and reinstall Avira. By the way, do you have any recomendations for anti-virus software. I had no problems with AVG until I upgraded to the latest version, so I switched when my malware problems started popping up. I suspect the original malware was a result of AVG not working properly.

Jeff


All processes killed
========== FILES ==========
C:\sr\cache folder moved successfully.
C:\sr folder moved successfully.
C:\Documents and Settings\Jeff\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\Jeff\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\pack folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\mkt\us folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\mkt\res folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\mkt\hi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\mkt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData folder moved successfully.
C:\Documents and Settings\Jeff\Application Data\uTorrent folder moved successfully.
C:\Program Files\AVG\AVG9 folder moved successfully.
C:\Program Files\AVG\AVG8 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\Program Files\uTorrent folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue\OUT folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue\IN\10110 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue\IN folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\cfgall folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg8 folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jeff
->Temp folder emptied: 987315 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45840061 bytes
->Google Chrome cache emptied: 110288554 bytes
->Flash cache emptied: 4412 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17379 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 131111 bytes

Total Files Cleaned = 150.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 11182010_055411

Files moved on Reboot...
C:\Documents and Settings\Jeff\Local Settings\Temp\~DF3660.tmp moved successfully.
File C:\WINDOWS\temp\ZLT055c2.TMP not found!

Registry entries deleted on Reboot...
jcharlto16
Active Member
 
Posts: 14
Joined: November 11th, 2010, 10:15 pm
Advertisement
Register to Remove

Re: Webpages open randomly in various browsers

Unread postby jcharlto16 » November 19th, 2010, 1:16 am

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:13:29 PM, on 18/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Handspring\AlarmApp.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Alarm Manager.LNK = C:\Program Files\Handspring\AlarmApp.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 6042 bytes
jcharlto16
Active Member
 
Posts: 14
Joined: November 11th, 2010, 10:15 pm

Re: Webpages open randomly in various browsers

Unread postby muppy03 » November 19th, 2010, 9:03 am

I again restarted Windows and worked with it more extensively. I had no problems. However, I assume, if I leave the PC alone again, the resources will be gone when I get back.

Lets not assume, see how it goes for a day and let me know. Your logs are looking good.

By the way, do you have any recomendations for anti-virus software.

I use Avira and have had no issues.

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)

Once selected close all windows except HJT an click on Fix Checked

Let me know if any problems re-occur before we clean up.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Webpages open randomly in various browsers

Unread postby jcharlto16 » November 20th, 2010, 10:07 am

The only problem that's occurring now is the lack of resources after leaving the PC on overnight. It happened again this morning. I don't see any other problems. After a fresh reboot, the system works fine. It just dies after being left alone for long periods of time.
jcharlto16
Active Member
 
Posts: 14
Joined: November 11th, 2010, 10:15 pm

Re: Webpages open randomly in various browsers

Unread postby muppy03 » November 21st, 2010, 4:21 am

jcharlto16 wrote:The only problem that's occurring now is the lack of resources after leaving the PC on overnight. It happened again this morning. I don't see any other problems. After a fresh reboot, the system works fine. It just dies after being left alone for long periods of time.






Hmm, save energy and turn it off overnight ;)

Malware wise things are looking good so if you are not having any further problems, I would suggest you proceed as follows.

MBAM is a are great tool for you to keep and use on a regular basis.

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Image

The above procedure will implement some cleanup procedures as well as reset System Restore points

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

  • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.


Remember to update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check


Please reply if you have any problems or questions
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Webpages open randomly in various browsers

Unread postby jcharlto16 » November 21st, 2010, 10:07 am

muppy,

Outside of the resource issue, the PC is running well. Definitely better performance than before the malware took over. Thanks very much for your help. I really appreciate the time and effort you put into cleaning my PC out. You're doing great work for the PC community.

Jeff
jcharlto16
Active Member
 
Posts: 14
Joined: November 11th, 2010, 10:15 pm

Re: Webpages open randomly in various browsers

Unread postby muppy03 » November 22nd, 2010, 5:25 am

I am glad I was of some assistance. :)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Webpages open randomly in various browsers

Unread postby muppy03 » November 24th, 2010, 4:34 pm

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 364 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware