Default Browser Launching Unexpectedly and Repeatedly

Disruptive symptom is that the default browser launches by itself dozens of times with no explanation. Can't id a keystroke or event that acts as a trigger. Chrome is the default browser. Victim machine is a Lenovo 64bit Win 7 and is part of a small eight workstation, one server domain. The attached logs are for the Workstation. I will post again a new thread for the Server.

Steps taken thus far:

Uninstalled and re-installed Chrome.

Removed hard drive from victim machine and mounted it on a clean laptop via an external USB/SATA cable kit. With Symantec AV 2012, ran a deep scan and it came up clean.

Put drive back into computer but decided to take no chances and wiped and restored to factory from Lenovo factory restore partition on same physical drive, then re-installed the application set (MS Office 2003 and Lytec 2007) and re-joined the domain.

Purchased, downloaded and installed Kaspersky Endpoint for Windows 8.x) onto the server (not the affected workstation) and ran a full scan, server was reported as clean.

Two days later the browser problem re-emerged on the affected machine, same problem as before with the default browser spawning multiple times on its own.

Downloaded the Kaspersky rescue disk 10 to a clean USB drive and booted from Rescue disk, updated virus defs and ran a deep scan on all mounted drives. Came up clean.

Did the same for the server and it came up clean.

Ran Major Geeks Win 7 Malware removal thread (139681) all step on affected workstation.

 

Attaching missing log file for TDS Killer for affected workstation

 

Ran the same MajorGeeks thread (139681) process on the Server thinking that the roaming profile on the server might be infected. I am attaching those log files for the Server here. For some reason the MGTools, MGLogs.zip file is not being created in the C:\ root. The program seems to run but there is no log file output.

 

Hello JHMarshIII,

http://img205.imageshack.us/img205/1894/otl.gif Please download OTL by OldTimer.

• Save it to your desktop.
• Right mouse click on the OTL icon on your desktop and select Run as Administrator
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  activex
  netsvcs
  /md5start
  afd.sys
  i8042prt.sys
  netbt.sys
  nsiproxy.sys
  svchost.exe
  tcpip.sys
  tdx.sys
  /md5stop
  %windir%\$ntuninstallkb*. /120
  %windir%\Tasks\*.*
  %windir%\system32\drivers\*.sys /lockedfiles
  %systemdrive%\mgtools\*.*
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

 

Done for workstation.

 

And done on Server.

 

Do this on the Workstation

http://img205.imageshack.us/img205/1894/otl.gif Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

[COLOR="DarkRed"]:processes[/COLOR]
killallprocesses
[COLOR="DarkRed"]:otl[/COLOR]
[2012/09/03 18:42:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/03 18:33:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/09/03 09:42:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/18 12:30:12 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
SRV - [2011/09/10 05:54:14 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
[COLOR="DarkRed"]:reg[/COLOR]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"Google Update"=-
[COLOR="DarkRed"]:commands[/COLOR]
[resethosts]

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

 

Ran process as instructed, but OTL was unable to create the log file. Messages are:

Error creating log file (at end of OTL custom fix)
Rebooted
OTL runs again on start up.
Error creating log file (reappears)
Notepad opens
Error: "Path to the network not found" displays
Desktop is loaded.

 

Hi,

Can you retry the same OTL fix from within Safe Mode? Let me know if there are issues even in this mode.