|
WE HAVE MOVED. Please see our NEW Computer Forums |
11-9-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !! See you there, Larry Internet explorer problemGo to the Tech-Forums Discussion Home PagePosted by: wmsdrs I cant have 2 browsers open at same time. If I click on a link the first browser will close and the new one will open. here is the hijackthis log. thanks Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Dell Wireless\PRISMCFG.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\r_server.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe C:\WINDOWS\system32\utilman.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://www.begin2search.com/sidesearch.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: SDWin32 Class - {59E078F8-915D-407C-BCAD-0757FC0D8B9A} - C:\WINDOWS\System32\kvnph.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [cvxksugiqpkiy] C:\WINDOWS\System32\tpnekob.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102094014529[/url] O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - [url]https://mail.phikappapsi.com/Remote/msrdp.cab[/url] O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing) Posted by: rstones12 wmsdrs, Welcome to Tech-Forums, I will be reviewing your HJT log. We need to do a couple of things first. You are currently using HijackThis from a temporary directory, this can cause problems. HijackThis creates backups, these are needed in case of any recovery issues. Please create a directory on your [b]C:\[/b] drive called [b]C:\HJT[/b], download and unzip HijackThis into that directory. Run the program from that directory from now on. [b][color=green][size=3]STEPS For Creating Folder[/size][/color][/b] [list=1] [b]1.[/b] Please go to My Computer, open your [b]C:\[/b] drive, Select: New >> Folder and name the folder [b]HJT[/b]. [b]2.[/b] Download HijackThis to the new folder: [b]3.[/b] Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder. [b]4.[/b] Close ALL windows except HJT [b]5.[/b] SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy') [b]6.[/b] POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste') [/list] [color=red]Please make sure you post the entire log including the top portion:[/color] [b]DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER[/b] Next We are going to need to remove a few things, but first I would like you do to the following: The reason I am asking for these first initial steps is that it can clear up some items in the first part of the fix if needed. I have outlined some preliminary steps that we need to address. [b]You may want to print out these intructions for reference.[/b] This process will take a few steps so please be patient and follow the provided directions. [b][1.][/b] First Download [url=http://cwshredder.net/bin/CWShredder.exe][color=blue]CWShredder[/color][/url] And save it to your desktop. Close all open browser windows and any other open windows. Install CWShredder, then: Open CWS and click [b]Check for Updates[/b] Then click [b]"FIX"[/b] [b][2.][/b] Please run at least one of these online scans, allow it to delete anything it finds: You may have to select the auto-fix option prior to scanning, it should be a selection box on the screen. If you are a dial-up user just do one, this can take some time. If you are a broadband user, I would suggest at least 2 of the 3. One extra scan is most often times enough. [list] [url=http://housecall.trendmicro.com/housecall/start_corp.asp][color=blue]TrendMicro HouseCall[/color][/url] [url=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][color=blue]Panda ActiveScan[/color][/url] [url=http://www3.ca.com/virusinfo/virusscan.aspx][color=blue]eTrust AntiVirus Web Scanner[/color][/url] [/list]Please make a note of anything that wasn't or couldn't be fixed. Reboot your machine when finished. [b][3.][/b] You [b]may have[/b] run these programs already, make sure they are up to date and run per provided instructions. Current Versions are: [b]Spybot S&D Ver: 1.3[/b] [url=http://www.safer-networking.org/en/download/index.html][color=blue]Download Here[/color][/url] [b]Ad-Aware SE Build 1.05[/b] [url=http://www.majorgeeks.com/download506.html][color=blue]Download Here[/color][/url] Download and install both Spybot S&D and Ad-Aware SE. Instructions: [b]Spybot S&D:[/b] Go to your Start Menu >> Programs >> Spybot S&D >> then choose Spybot S&D. [b]*[/b]Close [b]ALL [/b]windows except Spybot S&D [b]*[/b]Click the button to [b]"Search for Updates"[/b] and download and install the Updates. [b]*[/b]Close Spybot then launch it again [b]*[/b]Click the button [b]"Check for Problems" [/b] [b]*[/b]When Spybot is done scanning, it will be showing "RED" (RED) entries, "BLACK" entries and "GREEN" (GREEN) entries in the window [b]*[/b]Put a check mark beside the RED [color=red](RED) entries ONLY.[/color] [b]*[/b]Choose "Fix Selected Problems" and allow Spybot to fix the RED [color=red](RED)[/color] entries. [b]Ad-Aware SE FULL SCAN:[/b] Go to your Start Menu >> Programs >> Lavasoft Ad-Aware SE >> then choose Ad-Aware SE Personal. When the main window opens look in the bottom right corner and click on [b]Check For Updates Now[/b] then click Connect and download the latest reference files. From main window: [b]*[/b]Click Start then under Select a scan Mode check [b]Perform Full System Scan.[/b] [b]*[/b]Next [color=red]deselect [/color]Search for negligible risk entries. [b]*[/b]To scan just click the [b]Next[/b] button. When the scan has finished [b]mark everything for removal [/b]and get rid of it. [i](Right-click the window and choose [b]select all[/b] from the drop down menu and click Next)[/i] The program will ask if you want to fix/delete selected items, choose yes/fix. [b][4.][/b] Enable show hidden files and folders: * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. [b][5.][/b] [b]Update[/b] your current Virus Scan Definitions: [b][6.][/b] Reboot into Safe Mode and [b]Scan[/b] with Spybot S&D and Ad-Aware SE Then Scan with your Anti-Virus Program [b][7.][/b] Delete your temp files: Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Empty Your Recycle Bin. [b][8.][/b] Reboot normally and post a new HJT log by using [b]Post Reply[/b]: Thanks, rstones12 Posted by: Warez Monster Remove entries at your own risk R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank Possibly nasty This page could possibly be nasty. If you do not know the entry 'about :blank', delete it. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank Possibly nasty This page could possibly be nasty. If you do not know the entry 'about :blank', delete it. R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about :blank If you do not know the entry 'about :blank', delete it. O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) Unnecessarily Entries found in this registry zone are potentially nasty. This application ([549B5CA7-4A86-11D7-A4DF-000874180BB3] - Result: 549B5CA7-4A86-11D7-A4DF-000874180BB3) has been checked. Hit rate: 99 % Must be fixed! Unnecessary (deactivated) entry that can be fixed. O2 - BHO: SDWin32 Class - {59E078F8-915D-407C-BCAD-0757FC0D8B9A} - C:\WINDOWS\System32\kvnph.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) Must be fixed! Unnecessary (deactivated) entry that can be fixed. O4 - HKLM\..\Run: [cvxksugiqpkiy] C:\WINDOWS\System32\tpnekob.exe Unknown Hit rate: -1 % (result) Unknown application. O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe This is a unknown process. O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - [url]https://mail.phikappapsi.com/Remote/msrdp.cab[/url] Check if you know this site and fix it if you do not. Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site |