Can someone please check my logs?

[satoodles]

View attachment 36104

View attachment 36105

View attachment 36106Please take a look at the attached logs and tell me why my computer is running so slow and running 2 instances of IE every time I open the Internet. Thanks!

 

[rf6647]

Welcome to TS.

You're way out in front running IE8 and extra goodies.

HJT entries for R0/R1 are duplicated.

Not bad - just makes me curious

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

Use the HJT Tutorial to manage the extra goodies thrown at the browser. You may discover the answer.

 

[satoodles]

HJT entries for R0/R1 are duplicated. <--- I really don't know what this means! Could you clarify a bit please? Thanks!

 

[rf6647]

Many threads here recommend reset for IE.

HJT tool makes changes that are reversible. This may be an approach that finds the cause of you problem.

Pertaining to your problem, my curiosity is captured in the quote.


R0/R1 duplication referred to destinations. For troubleshooting, simplify conditions - get rid of distractions.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = pppp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = pppp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = pppp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =pppp://go.microsoft.com/fwlink/?LinkId=69157


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = pppp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = pppp://go.microsoft.com/fwlink/?LinkId=54896

 

[satoodles]

Sooo...without sounding too stupid, what am I supposed to do? hahaha

 

[rf6647]

Problem: multiple windows for IE. I interpretted your problem to be 2 windows for IE after making just a single request to open IE.

"Cloaker" appears to be legit from the OEM.

Reset IE (link from recent post by kimsland)
http://support.microsoft.com/kb/923737/en-us

From a malware perspective, the R0/R1 entries are ignored by me. The IE reset should clean these out (and probably other entries related to browser). HJT logs normally have fewer R0/R1 entries. HOWEVER, since responding to this thread, I encountered another HJT log with a similar pattern. Different but not a problem. To me this suggests something in common, but not IE8.

If problem persists, re-run HJT. Repost results.

Are you asking about using HJT? Analyze, generate a log, fix checked entries, etc.

'Fix checked entries' should remove them from the HJT log by making changes to the browser. The advance screens for HJT can restore any/all of these.

The events logs may give a clue what is happening.

Try different ways of opening the browser. It will steer the focus toward the OS or in the other direction for the mechanism calling for IE8.

I tend to be a 'generalist' - I will work with the user to find the root of the problem. Spiritwind & Tw0rld and other notables have been more focussed. They seem to be backed up with knowledge & resources that get to the problem quicker.

Since malware does not appear to be causing this, re-posting in another forum (Windows OS) with a new title descriptive of the problem may bring in different views.