Author Topic: [Inactive] Multiple webpages opening while browsing  (Read 3742 times)

0 Members and 1 Guest are viewing this topic.

Offline mlnd18

  • Bronze Member
  • Posts: 10
[Inactive] Multiple webpages opening while browsing
« on: December 20, 2009, 04:52:52 pm »
Hi everytime i open a website, it could be any website, multiple copies of another site open. All the webpages have the crazy website name 'http:///#j-Q0j'EHJv/m~iE'; nothing loads but the webpages with the address still keep on opening!!!:(.

It stops after loading 4-5 copies of the webpage but as soon as i click on something its the same story again. I have now tried all the popular anti virus and spyware SW: AVG, Adware, Spybot, Malwarebytes, SuperAntispyware and more but the problem is still there.

I am really in need of help from someone, any ideas please. Would greatly appreciate your help. BTW the problem is the same even if i use firefox, chrome or IE and my laptop is running Vista. Many thanks.

I have posted the Hijack Log  below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:21, on 20/12/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdra64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Hewlett-Packard\SysConDlg\HpSysConDlgSrv.exe
C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Net iD\iid.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Windows\System32\qtplugin.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Citrix\MetaFrame Password Manager\Helper\IE\ssobho.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://internal.ericsson.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://internal.ericsson.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www-proxy.ericsson.se:3132/accelerated_pac_base.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.corpuk.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LogonTrk] "C:\Program Files\Hewlett-Packard\MWP\LogonTrk\LogonTrk.exe"
O4 - HKLM\..\Run: [HpSysConDlg] C:\Program Files\Common Files\Hewlett-Packard\SysConDlg\HpSysConDlgSrv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKLM\..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Net iD] "C:\Program Files\Net iD\iid.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [RegistryMonitor1] C:\Windows\system32\qtplugin.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [userinit] C:\Users\EMILPAT\AppData\Roaming\sdra64.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\EMILPAT\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [RegistryMonitor1] "C:\Windows\System32\qtplugin.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RegistryMonitor1] "C:\Windows\TEMP\mxis.tmp\svchost.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RegistryMonitor1] "C:\Windows\TEMP\mxis.tmp\svchost.exe" (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Citrix Password Manager Background Process.lnk = C:\Program Files\Citrix\MetaFrame Password Manager\ssoShell.exe
O4 - Global Startup: Citrix XenApp.lnk = ?
O4 - Global Startup: Ericsson Corporate Templates check.lnk = ?
O4 - Global Startup: ItSupportCheck.exe.lnk = ?
O4 - Global Startup: Outlook for Roaming Users.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=9QV8S2Z8&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=9QV8S2Z8&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=9QV8S2Z8&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=9QV8S2Z8&id=menu_ie_exclude
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=9QV8S2Z8&id=menu_ie_report
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: www.adlibris.com
O15 - Trusted Zone: http://www.ahlsell.com
O15 - Trusted Zone: http://e-travelmanagement2.amadeus.com
O15 - Trusted Zone: *.atea.com
O15 - Trusted Zone: *.bokus.com
O15 - Trusted Zone: www.computershare.co.uk
O15 - Trusted Zone: *.concursolutions.com
O15 - Trusted Zone: http://e1prmweb5.euro.dell.com
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: *.dustin.se
O15 - Trusted Zone: *.elfa.se
O15 - Trusted Zone: *.ericsson.com
O15 - Trusted Zone: *.ericsson.net
O15 - Trusted Zone: *.ericsson.se
O15 - Trusted Zone: http://gartner18.gartnerweb.com
O15 - Trusted Zone: *.hp.com
O15 - Trusted Zone: *.connect.hubspan.net
O15 - Trusted Zone: *.ibx.se
O15 - Trusted Zone: *.ibxeurope.com
O15 - Trusted Zone: *.ibxnordic.net
O15 - Trusted Zone: *.logitall.com
O15 - Trusted Zone: http://www.lundqvist.se
O15 - Trusted Zone: *.lyreco.com
O15 - Trusted Zone: http://www.printon.com
O15 - Trusted Zone: *.research-int.se
O15 - Trusted Zone: *.order.rs-components.com
O15 - Trusted Zone: *.u-order.rs-components.com
O15 - Trusted Zone: http://order.rs-components.com
O15 - Trusted Zone: *.rs-components.com
O15 - Trusted Zone: *.salesforce.com
O15 - Trusted Zone: http://www.roundtrip.shi.com
O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: *.skillwsa.com
O15 - Trusted Zone: *.solar.dk
O15 - Trusted Zone: *.taleo.net
O15 - Trusted Zone: *.trust.telia.com
O15 - Trusted Zone: http://www.yourmerchandise.com
O15 - Trusted IP range: http://127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eemea.ericsson.se
O17 - HKLM\Software\..\Telephony: DomainName = eemea.ericsson.se
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eemea.ericsson.se
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eemea.ericsson.se
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CentennialClientAgent - Unknown owner - C:\CENTENN.IAL\AUDIT\cagent32.exe
O23 - Service: CentennialIPTransferAgent - Unknown owner - C:\CENTENN.IAL\AUDIT\xferwan.exe
O23 - Service: Citrix Password Manager Sagent (Citrix_Password_Manager_Sagent) - Citrix Systems, Inc. - C:\Program Files\Citrix\MetaFrame Password Manager\Sagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Update Service (gupdate1ca60d49ddefb30) (gupdate1ca60d49ddefb30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Pointsec - Unknown owner - C:\Windows\system32\Prot_srv.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\Windows\system32\pstartSr.exe
O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\HPOV\radexecd.exe
O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\HPOV\radsched.exe
O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\HPOV\Radstgms.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 15218 bytes


Thanks again.
« Last Edit: December 24, 2009, 08:07:49 pm by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25336
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Multiple webpages opening while browsing
« Reply #1 on: December 24, 2009, 08:08:35 pm »
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

Now onto trying to fix your computer.


Before going any further, I need to ask, those scans that you have run, did they or do they find anything?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mlnd18

  • Bronze Member
  • Posts: 10
Re: [In Progress] Multiple webpages opening while browsing
« Reply #2 on: January 01, 2010, 01:27:57 pm »
Thanks Hoov.

I havent got any encryption on my laptop. as for the scans that i did, it did find a few adware and spyware, which i promptly deleted using the SW although it did not solve the issue. Recently I have started getting these redirections to random websites when i click on any website on google search.

I ran a virus and spyware check on my laptop just today but its not found anything!

Do let me know if you need any information from my side.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25336
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Multiple webpages opening while browsing
« Reply #3 on: January 01, 2010, 07:46:18 pm »
* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mlnd18

  • Bronze Member
  • Posts: 10
Re: [In Progress] Multiple webpages opening while browsing
« Reply #4 on: January 08, 2010, 05:41:09 am »
Hi Hoov,

As you instructed, I ran the combofix program on my computer. I have Symentics Antivirus/Antispyware SW on my computer but could not seem to turn it OFF, though i disabled it from the startup menu list. No other antivirus/antispyware/malware SW were running.

I ran the combofix after that (was given the warning that Symentics is running but still ran it through); have attached the C:/combofix.txt file with this reply.

Please let me know if anything else is required.

Thanks a lot.


Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25336
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Multiple webpages opening while browsing
« Reply #5 on: January 08, 2010, 12:15:51 pm »
From now on please paste your logs in your post unless asked to attach them. This is for my protection as well as the protection of anyone that uses your posts for research on their own problem.

Did combofix resolve or change your problem at all?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mlnd18

  • Bronze Member
  • Posts: 10
Re: [In Progress] Multiple webpages opening while browsing
« Reply #6 on: January 09, 2010, 11:34:19 am »
Hi Hoov, sorry about the attachment, will keep that in mind and paste logs in the post in the future.

The problem is still there...i am getting redirected to hxxp://c.ppcxml.net/? most times when i click on google search results.

The webaddress redirect is as follows:
hxxp://c.ppcxml.net/?d=hhhhBQxhZwN3YwRmZP42BP9aol5jnUN/MTS0LG05AmEkFR5aG1AArKMBZTZkHH9FWGWPJUE2IR4kGUAVJPHlEwH0HRAuEQSLnmIeZKWvAUV3pKqgDaH4I1uCDGtlAmyTJxcPEQSdLIqPoUEjJIIhJxEUE1OuqIARrTx3omWQGmxkIIqXEQARI1LmnwxmFUyXqatmqTcIMRylZ3cELxkgqH1ioScWJIAkM1AHFQyAIH16EHumHJV4BTqyGTulHQWaWGWTBHElIzWzoxMyBJgDIRZmMypmER5Qq3MYIHAMJQIkIGuipwyaDvHlEzAQoSRkM2I3EQqnEJW4JUSTFJuhGUAiq2EZJzqgG0APM3VjpSScoHD1GTEKFzyjFJt1HzknARymHQukoSZmG0MlIwMdHScGqT1eLKyhBRIyEyywHJ50rxgDZRkFD0gDAGA0ZwABoHcAI2yPIwAuAKyjZ0WOIHkaZGV0WGWPEFHlDaqGHGAnAmEnoRWBAJAvMJDmJUOhZGSuZyZkqGZlAyuLHaAGL0IGMxZ5L3I4A0IbpRkInQISp2uiryShrGWlo1IaWGWTq3y0ZJqDA2EDD0H3F0ITIx9EFQIJIGqWEaWXrRWyn2uPATt5FmqbAaEMrHI1qxHlpyD4pSAEnKIZGQAyBQASnIAwISOTozWvZySOp29WBTgcJJEEMwO3MyyEnxc5pHj1IGAfnUAgE0qlBRW2GauPF0L3oHkPF25wrUAMBTqDrRWvMwx2IJ9mZHqDLvHlEwSTo0cxHQOxZTydnTAknxSCZ1RyZxV3HzSwqGu0WGWTDwI6q1EZo0LjDJLjM1H4nIWlD0MlZSD5EyqBpzSGnUx5AGOIpKIynTuPZKOHF1xyZxMxARqlMKEPEmIZEGAmITWWrT1Iqx9PJSyHGzZ3GJIaqRcaEaZjEIckARqcIGWQEmObrSOAJJ9ArzWXpySMAKblp1cJGxEkqJpjIJSApFHlEwt1FUE2A0kvnSW2IQSerUuQIIEZp2u5DaqiZyOLqyOLqyIeESMhBFHlExS6p0ymZlHlEzgaMUELImyiHGIwM1EXnGq0oxW2q0IiqJkiGxWXI09IIGMeJzqgEHL0JzAWn1HmD0cfowWfqUNmWGWTLxuuGzI0oH1DJTMcG0EMLKyLI29Wq3O1D3W5A2ugrKEiG0SIrGMLoIAdpJyLBKR5DJyyo0kMGTS2D0AXFRVyZxWCZmZ5qaORMKqWq1IjIaugnGWCHx5Po0byZxWHWGWTExtkHJqVrJxjp0SXFPHlDwSyozcXM2q3FQW5E2SPI0IfMT9WGSE1GQSUqHbkWGWPrHDknSSBGKOwDIblpmMuWGWTpIAFnJqAA3cQGzqWGmAFGIOdnSqjERS5H3AwnSEUqKEiWGWPn05YLlHlDau2n2ECZ2AlMaWJJaERq0qPBQuSEJkLDIcCqSc0Ex5ZJSczHJMaEKqjZJWDn3IOH050HUyMDz9jrJ03EwO0DyO5pKOhHzg6ryEnoaD5o2IGIxSgF1u0MaqFBRunEGSPEx9iozgAn2V4DaOzD2uCnRydGTu5ZTRyZxM0Z1qbIRWhJwOPBTkGMxSTZaLjGHWjqRqRAz5vHH5MpyyQGKu0MSEWoTAWrJSaE0ydqaWwIyETEISynHAMJxWZA21yo0cuGKuCEmy2EzAFLIM6EmqeHQSIFH1XL3IKAmDyZxWLoJ1yDH1TL21vJT1HnUWbnJWDHHuYMUbjMyHyZxMZFzgHI3R3IKqRBGt0Z3yDHx8yZxWhAzWEJJcKDJL5HGVmZ2WaAmWXHSR4LJW0rvHlEyyfH0gnL3pyZxMyFSNmM1udoxWAEayRZxqxDH1XJRuyZmEaJHkmEmy1MwOiL1E6oIOHqRSKLaS3oKSMWGARsQV3BQu8ZGNjZQVksQD0ZQO8LzWwVUOypzyiMPOmqKOypz5uqUIlLJjtMUWuoJS8ZwN2ZmL0sQxkZKjlAQV0ZGt4sQEvAQuvMTRksQH4AGH1MQN2sQO8MTL5ZQLjZGy8ATH1AwtkZmq8pKIuoTy0rJyfoUImnJ9hpl5wo20=372c64462045


Still need some assistance.

Thanks

- Edited links to break them - Hoov
« Last Edit: January 09, 2010, 01:01:48 pm by Hoov »

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25336
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Multiple webpages opening while browsing
« Reply #7 on: January 09, 2010, 01:03:07 pm »
No worries.

I need you to start Firefox in safe mode (Firefox safe mode) and see if the same thing happens.

1.  Close down Firefox completely: At the top of the Firefox window, click the File menu, and select the Exit menu item.

2.  In Windows, click Start, open the All Programs list, and navigate to the Mozilla Firefox folder. In the Mozilla Firefox folder, select Mozilla Firefox (Safe Mode).

3.  Firefox should start up with a Firefox Safe Mode dialog.

4. Click Continue In Safe Mode. This starts Firefox in its Safe Mode. While you are in Safe Mode, your extensions and themes will be disabled, and any toolbar customizations will be reverted back to their defaults. These changes are not permanent - when you leave Safe Mode and start Firefox up normally, your extensions, themes, and settings will return to the state they were in before you entered Safe Mode.

Let me know if you are getting redirected.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mlnd18

  • Bronze Member
  • Posts: 10
Re: [In Progress] Multiple webpages opening while browsing
« Reply #8 on: January 12, 2010, 01:22:29 pm »
Hiya yeah i tried with firefox in safe mode, there is no difference, i am still getting redirected to random sites from internet search.

it seems that the problem hasnt been fixed:(

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25336
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Multiple webpages opening while browsing
« Reply #9 on: January 12, 2010, 03:06:53 pm »
Please run Spybot and update it. Run a full scan and the immunize function. Then try the search in your browser again and let me know.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mlnd18

  • Bronze Member
  • Posts: 10
Re: [In Progress] Multiple webpages opening while browsing
« Reply #10 on: January 12, 2010, 05:02:04 pm »
I ran the Spybot program and it found the following infections

1) AdRevolver
2) Adviva
3) BurstMedia
4) CasaleMedia
5) DoubleClick
6) FastClick
7) HitBox
8) MediaPlex
9) StatCounter
10) TradeDoubler
11) WebTrends Live
12) Win32.Agent.pz
13) Zedo

I removed these infections and completed the immunization functionality.

Started the firefox in safe mode but after about 5 minutes of browsing a random website opened by itself.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25336
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Multiple webpages opening while browsing
« Reply #11 on: January 12, 2010, 06:54:40 pm »
Is this just in chrome? And was it the same kind of webpage as before?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mlnd18

  • Bronze Member
  • Posts: 10
Re: [In Progress] Multiple webpages opening while browsing
« Reply #12 on: January 13, 2010, 05:21:21 am »
No it wasnt just for Chrome, i can see the redirections on firefox and IE as well.

In the last two days, the redirection has been to different websites on Chrome, IE, and firefox but in the end after a few redirections it always ends up on the webpage link i posted couple of days back (hxxp://c.ppcxml.net/?d.........)

Once this webpage loads and i go back to google/yahoo search and click on any link, it directs me to the right webpage

Eg. If i click on bbc website from google search, it will take me to a random website a few time so everytime I click 'back' button and then click on bbc again. eventually it directs me to this 'hxxp://c.ppcxml.net/?d.....' webpage, i click 'back' button again and then when i click BBC link, it takes me to the BBC website


Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25336
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Multiple webpages opening while browsing
« Reply #13 on: January 13, 2010, 02:14:54 pm »
Please run ccleaner to remove temporary files, including the internet temporary files and cookies, then please run Malwarebytes' Anti-Malware , update it, run a full scan and post the log.

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.[/COLOR]
In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.[/COLOR]
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mlnd18

  • Bronze Member
  • Posts: 10
Re: [In Progress] Multiple webpages opening while browsing
« Reply #14 on: January 13, 2010, 03:59:12 pm »
I ran the CCleaner as per your instructions and then ran the Malwarebytes (latest update), it did not find any infections. Log attached below:

Malwarebytes' Anti-Malware 1.44
Database version: 3556
Windows 6.0.6000
Internet Explorer 7.0.6000.16945

13/01/2010 21:56:56
mbam-log-2010-01-13 (21-56-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 288316
Time elapsed: 1 hour(s), 24 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The redirections still exist!:(