Internet explorer problem

Status
Not open for further replies.

wmsdrs

Beta member
Messages
4
I cant have 2 browsers open at same time. If I click on a link the first browser will close and the new one will open. here is the hijackthis log.

thanks

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\utilman.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SDWin32 Class - {59E078F8-915D-407C-BCAD-0757FC0D8B9A} - C:\WINDOWS\System32\kvnph.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [cvxksugiqpkiy] C:\WINDOWS\System32\tpnekob.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1102094014529
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.phikappapsi.com/Remote/msrdp.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
 
wmsdrs,
Welcome to Tech-Forums, I will be reviewing your HJT log. We need to do a couple of things first.


You are currently using HijackThis from a temporary directory, this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues.
Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

STEPS For Creating Folder

  1. 1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.

    2. Download HijackThis to the new folder:

    3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.

    4. Close ALL windows except HJT

    5. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

    6. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')
Please make sure you post the entire log including the top portion:

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

Next

We are going to need to remove a few things, but first I would like you do to the following: The reason I am asking for these first initial steps is that it can clear up some items in the first part of the fix if needed.

I have outlined some preliminary steps that we need to address. You may want to print out these intructions for reference. This process will take a few steps so please be patient and follow the provided directions.

[1.]
First Download CWShredder
And save it to your desktop.
Close all open browser windows and any other open windows.

Install CWShredder, then:

Open CWS and click Check for Updates
Then click "FIX"

[2.]
Please run at least one of these online scans, allow it to delete anything it finds:
You may have to select the auto-fix option prior to scanning, it should be a selection box on the screen. If you are a dial-up user just do one, this can take some time.
If you are a broadband user, I would suggest at least 2 of the 3. One extra scan is most often times enough.
Please make a note of anything that wasn't or couldn't be fixed.
Reboot your machine when finished.

[3.]
You may have run these programs already, make sure they are up to date and run per provided instructions.
Current Versions are:
Spybot S&D Ver: 1.3 Download Here
Ad-Aware SE Build 1.05 Download Here

Download and install both Spybot S&D and Ad-Aware SE.

Instructions:

Spybot S&D:
Go to your Start Menu >> Programs >> Spybot S&D >> then choose Spybot S&D.

*Close ALL windows except Spybot S&D
*Click the button to "Search for Updates" and download and install the Updates.
*Close Spybot then launch it again
*Click the button "Check for Problems"
*When Spybot is done scanning, it will be showing "RED" (RED) entries, "BLACK" entries and "GREEN" (GREEN) entries in the window
*Put a check mark beside the RED (RED) entries ONLY.
*Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.


Ad-Aware SE FULL SCAN:
Go to your Start Menu >> Programs >> Lavasoft Ad-Aware SE >> then choose Ad-Aware SE Personal.

When the main window opens look in the bottom right corner and click on Check For Updates Now then click Connect and download the latest reference files.

From main window:
*Click Start then under Select a scan Mode check Perform Full System Scan.
*Next deselect Search for negligible risk entries.
*To scan just click the Next button.

When the scan has finished mark everything for removal and get rid of it.
(Right-click the window and choose select all from the drop down menu and click Next)
The program will ask if you want to fix/delete selected items, choose yes/fix.

[4.]
Enable show hidden files and folders:

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

[5.]
Update your current Virus Scan Definitions:

[6.]
Reboot into Safe Mode and Scan with Spybot S&D and Ad-Aware SE
Then Scan with your Anti-Virus Program

[7.]
Delete your temp files:

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty Your Recycle Bin.

[8.]
Reboot normally and post a new HJT log by using Post Reply:


Thanks,
rstones12
 
Remove entries at your own risk


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
Possibly nasty This page could possibly be nasty. If you do not know the entry 'about :blank', delete it.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
Possibly nasty This page could possibly be nasty. If you do not know the entry 'about :blank', delete it.

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about :blank If you do not know the entry 'about :blank', delete it.

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
Unnecessarily Entries found in this registry zone are potentially nasty. This application ([549B5CA7-4A86-11D7-A4DF-000874180BB3] - Result: 549B5CA7-4A86-11D7-A4DF-000874180BB3) has been checked. Hit rate: 99 % Must be fixed!
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: SDWin32 Class - {59E078F8-915D-407C-BCAD-0757FC0D8B9A} - C:\WINDOWS\System32\kvnph.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) Must be fixed!
Unnecessary (deactivated) entry that can be fixed.

O4 - HKLM\..\Run: [cvxksugiqpkiy] C:\WINDOWS\System32\tpnekob.exe
Unknown
Hit rate: -1 % (result) Unknown application.

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe This is a unknown process.


O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.phikappapsi.com/Remote/msrdp.cab Check if you know this site and fix it if you do not.
 
Status
Not open for further replies.
Back
Top Bottom