0

Within the last 10 pages on this forum there are several threads from people with similar problems, and as far as i can tell none of them have been resolved, so that is why i felt like i could make another one.

The issue with them (and me) is this: Windows XP randomly opens new browser windows. Sometimes it opens one, sometimes it opens 30. For example:

I turn my computer on, and let it sit at desktop. I do nothing, but randomly a firefox browser window will open. It won't go to a webpage, it just opens. This will continue to happen. Sometimes if i walk away from my computer i will come back to 30+ browser windows open which destroys my computer resources.

It is not a firefox issue though, i think whatever is causing it just opens up whatever you have set as your preferred browser (if i uninstall firefox i get similar issues with internet explorer).

But before anyone suggests running spyware, adware, or virus scans, consider this: I have reformatted 3 times (full reformats, not quick), and the problem still persists. I have tried two different windowsXP CDs to intsall the new OS after a format, and the problem persists.

Scenario: I reformat my entire hard drive. I install a fresh copy of windows XP. The entire time i am disconnected from the internet. As soon as the install completes, and i log into windows for the first time on a fresh install, the issue starts happening immediately. It *cannot* be a virus/spyware if this is the case, unless it is a BIOS issue (which, realistically, isnt the case either). So what is the issue? This makes no sense.

To point out one thing that no one else has yet: When you do a reformat/fresh install, and before you set up your internet connection, windows normally will give you a network setup wizard box to help guide you through setting up your network. But what happens on a fresh install? Instead of spamming firefox/IE browser windows, this issue actually spams the network setup wizard over and over, opening up multiple instances of it.

I reformatted and began installing windows XP off a clean CD. I walked away and let the install finish on its own. I came back after it had finished and it was sitting at desktop (like normal) except that i had about 20 network setup wizard dialogue boxes opened on my screen.

Does anybody have any clue what this issue may be? I feel its the same exact issue many others here are having and have yet to resolve. Avast!, AVG spyware, spybot, etc. yield no results and this issue *even happens when in safe mode*.

So these lead me to believe its not a virus/spyware issue but may be some type of software conflict between drivers, or a more extreme answer is that it is some freak hardware issue. Just FYI, im on a laptop as well.

Any ideas? I have absolutely no recourse to take here because if formatting the drive does not resolve the issue then the issue itself cannot be as simple as spyware/trojan.

2
Contributors
5
Replies
6
Views
10 Years
Discussion Span
Last Post by crunchie
0

I followed the stickied thread instruction about running AVG in safe mode and generating a report, but when i did that it found only a few tracking adware that it removed. The problem with browser spam still exists even in safe mode.

If anyone has any suggestions, i will post my HJT logfile below if you have time to look at it:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:44 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Launchy\Launchy.exe
C:\HJT\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 3256 bytes

0

i also ran combofix from my desktop which was suggested by crunchie in another thread from someone having the same problem (but he never replied). I dont know if the results are skewed because firefox keeps opening up during the scan ( i close it each time). Heres the log:

"Brandon" - 2007-07-24 17:25:15 [GMT -4:00] - ComboFix 07-07-24 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))


2007-07-24 17:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 16:40 <DIR> d-------- C:\HJT
2007-07-24 15:36 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-24 15:23 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-24 15:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-24 15:18 <DIR> d-------- C:\VundoFix Backups
2007-07-24 14:51 <DIR> d-------- C:\DOCUME~1\Brandon\APPLIC~1\.purple
2007-07-24 14:50 <DIR> d-------- C:\Program Files\Pidgin
2007-07-24 14:50 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-07-24 14:37 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-07-24 14:37 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-07-24 14:37 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-07-24 14:37 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-07-24 14:36 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-07-24 14:36 65,536 --a------ C:\WINDOWS\system32\Audio3D.dll
2007-07-24 14:36 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-07-24 14:36 65,024 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-07-24 14:36 610,988 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-07-24 14:36 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-07-24 14:36 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-07-24 14:36 5,867,008 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2007-07-24 14:36 391,424 --a------ C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2007-07-24 14:36 208,896 --------- C:\WINDOWS\alcupd.exe
2007-07-24 14:36 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-07-24 14:36 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-07-24 14:36 155,648 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-07-24 14:36 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-07-24 14:36 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-07-24 14:36 139,264 --------- C:\WINDOWS\alcrmv.exe
2007-07-24 14:36 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-07-24 14:36 <DIR> d-------- C:\Program Files\AvRack
2007-07-24 14:35 294,912 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-07-24 14:35 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-07-24 14:35 <DIR> d-------- C:\Program Files\ATI Technologies
2007-07-24 14:34 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-07-24 14:16 <DIR> d-------- C:\DOCUME~1\Brandon\.housecall6.6
2007-07-24 14:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-07-24 14:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-24 14:00 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-24 13:58 <DIR> d---s---- C:\DOCUME~1\Brandon\UserData
2007-07-24 13:57 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-24 13:56 <DIR> d-------- C:\DOCUME~1\Brandon\APPLIC~1\Talkback
2007-07-24 12:24 <DIR> d-------- C:\DOCUME~1\Brandon\APPLIC~1\Launchy
2007-07-24 12:23 1,636,376 --a------ C:\DOCUME~1\Brandon\ycomp_setup.exe
2007-07-24 12:23 1,572,864 --ah----- C:\DOCUME~1\Brandon\NTUSER.DAT
2007-07-24 12:23 <DIR> d-------- C:\DOCUME~1\Brandon\_avast4_
2007-07-24 11:40 <DIR> d--hs---- C:\RECYCLER
2007-07-24 11:35 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-07-24 08:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-24 06:01 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-07-24 06:00 1,310,720 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-07-24 06:00 1,310,720 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-07-24 06:00 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-24 05:56 917,504 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-07-24 05:55 1,636,376 --a------ C:\DOCUME~1\DEFAUL~1\ycomp_setup.exe
2007-07-24 05:54 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\_avast4_
2007-07-24 05:53 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-07-24 05:50 <DIR> d-------- C:\WINDOWS\Registration
2007-07-24 01:45 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-07-24 00:06 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-07-24 00:05 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-24 00:05 <DIR> d-------- C:\WINDOWS\daemon
2007-07-24 00:05 <DIR> d-------- C:\Program Files\VideoLAN
2007-07-24 00:05 <DIR> d-------- C:\Program Files\IrfanView
2007-07-24 00:05 <DIR> d-------- C:\Program Files\Foxit
2007-07-24 00:05 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2007-07-24 00:05 <DIR> d-------- C:\Program Files\CDBurnerXP Pro 3
2007-07-24 00:05 <DIR> d-------- C:\Program Files\Azureus
2007-07-24 00:04 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-24 00:04 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-24 00:04 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-24 00:04 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-24 00:04 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-07-24 00:04 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-24 00:04 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-07-24 00:04 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-24 00:04 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-24 00:04 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-24 00:04 <DIR> d-------- C:\Program Files\Launchy
2007-07-24 00:04 <DIR> d-------- C:\Program Files\CCleaner
2007-07-24 00:04 <DIR> d-------- C:\Program Files\Alwil Software
2007-07-24 00:03 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-07-24 00:03 0 -rahs---- C:\MSDOS.SYS
2007-07-24 00:03 0 -rahs---- C:\IO.SYS
2007-07-24 00:03 0 --a------ C:\CONFIG.SYS
2007-07-24 00:03 0 --a------ C:\AUTOEXEC.BAT
2007-07-24 00:02 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-07-24 00:02 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-07-24 00:02 <DIR> d-------- C:\Temp_Folder
2007-07-24 00:01 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-07-24 00:01 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-07-24 00:01 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-07-24 00:01 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-07-24 00:01 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-07-24 00:01 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-07-24 00:01 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-07-24 00:01 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-07-24 00:01 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-24 00:01 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-24 00:01 382,464 --a------ C:\WINDOWS\system32\qmgr.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 19:03:50 -------- d-----w C:\DOCUME~1\Brandon\APPLIC~1\.purple
2007-05-27 01:57:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
2007-05-27 01:56:48 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-07-24 00:04:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoStartMenuMFUprogramsList"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoStartMenuMFUprogramsList"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
R0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys
R3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\ALCXSENS.SYS
R3 hidusb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
S3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
S3 Slntamr;Smart Link 56K Modem Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys
S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys
S3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts upnphost SSDPSRV


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 17:26:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-24 17:27:01

--- E O F ---

0

I see nothing in those logs that might be a cause for this.
I have also never heard of a correctly reformatted pc doing what yours is doing.

0

Well as dumb as this sounds, i actually found the problem.

I finally decided to do the ultimate virus scan and install ubuntu into my unpartitioned disk space and see if the same problem still occurs (browser windows opening on their own), and to my surprise, it did.

So in ubuntu i was able to monitor key presses and turns out the special key built into my laptop that opens up an internet browser window was basically pressing itself randomly (even though i have never used this key before). This key is easily disabled in ubuntu so now even if it presses itself, nothing happens and i never know about it.

In case anyone is wondering, the make/model of my laptop mobo/keyboard combo is MiTac 8355. Ive noticed several threads spread out over these forums about people on laptops specifically having browser windows open on their own, and the answer may be that your special function button (next to your power button) is basically pressing itself randomly (assuming it wasnt a virus/spyware).

So the next step is to find a windows keyboard remapping program that lets you re-program your keyboard and you should be able to just turn that button off so the problem never happens again.

So, in conclusion, if youve got a laptop, and your email client or web browser keeps opening on its own, and your positive it cant be a virus, then youve got a hardware problem with your buttons and you should either contact your manufacturer and see what you can do about it, or disable the button in software.


Thanks for the help anyway :)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.