There are a number of malware and virii programs that will cause the 'IE6 will not open anything in a new window, even if right-clicked.' problem you describe.

Among them a program called Pop_Up_Killer.

A few BHO programs, (browser helper objects), can cause the same or similar symptoms, you need one of the experts here to go through that HJT log, as even a glance shows me you're rather infested. ^^;

This looks like a virus:
C:\WINDOWS\system32\qlkmdo.exe

This is spyware/adware:
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll

And yet more spyware:
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\system32\winb2s32.dll

And there's much more. Crunchie or DMR will be able to help you out, and hopefully you're problems will go with that full load of spyware and such. :)

Thanks cruchie, you picked a great weekend to go on vacation... :rolleyes: :mrgreen:

OK, this is going to take a bit, but:

1. Have HJT fix the following:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/googlesidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: (no name) - {AB7B8CE0-FC1B-FE0C-1CE1-8F2414EB8A24} - C:\WINDOWS\System32\kaekdosn.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\system32\winb2s32.dll
O4 - HKLM\..\Run: [qnrnpfqs] C:\WINDOWS\ycvuwacq.exe
O4 - HKLM\..\Run: [rozhdnumneta] C:\WINDOWS\system32\qlkmdo.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\

If the IP addresses in the following entry are not the IP addresses of the DNS servers that your ISP gave you, have HJT fix this as well:

O17 - HKLM\System\CCS\Services\Tcpip\..\{B890F822-3EA8-4C00-8A7E-F12A821005A9}: NameServer = 205.152.37.23 205.152.132.23


2. - Reboot into safe mode and, for every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Delete the entire content of your C:\Windows\Temp folder.

If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed.

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files". Once done, search for and delete all of the .dll and .exe files in the HJT entries I listed above.

- Empty your Recycle Bin.
- Reboot normally.

- Run HJT again and post a fresh log.

Temporarily disable Tea-Timer.

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/googlesidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\system32\winb2s32.dll
O2 - BHO: (no name) - {AB7B8CE0-FC1B-FE0C-1CE1-8F2414EB8A24} - C:\WINDOWS\System32\kaekdosn.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\system32\winb2s32.dll

O4 - HKLM\..\Run: [qnrnpfqs] C:\WINDOWS\ycvuwacq.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [rozhdnumneta] C:\WINDOWS\system32\qlkmdo.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\

Reboot into safe mode following the instructions here & navigate to & delete the following if found:

C:\WINDOWS\ycvuwacq.exe-file
C:\WINDOWS\system32\qlkmdo.exe-file
C:\WINDOWS\ALCXMNTR.EXE-file

Reboot normally after doing the above then post a fresh log please.

O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.websearch.com
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.websearch.com

These entries seem like spyware i went to the link and the page looks like a normal hijack your homepage type of site

Fix those 01 entries as suggested by mikeandike22 then, download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program.

download the VX cleaner plug in for Adaware. Install it, then open Adaware & go to *add-ons* & run the plug-in. If anything is found, select *clean system* & when done, reboot & run Adaware & let it finish the clean-up. Reboot again.

http://www.lavasoftusa.com/software/plugins/vx2cleaner.shtml

What's up DMR?? :). I'm still here.

Hello.
Little bit of usless info:
I got laptop from a friend who complaina bout IE that it open only 1 freaking window. I found this topic but I can see no one slove the mystery yet. It took me few hours on reading some forums and doing silly stuff by scanning with ad-aware... Once I give up on searching answare on internet I start messing with her laptop. I guess it took me another hour or so but I think i got it fixed. :cool:

I can see from thefemmsfixit log file that he have same little bug :twisted: that sitting there and eating every windows.

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll

Here what you need to do.
In IE, Click Tools, Manage add-ons...
New windows will open and you will see
"Yahoo! Companion BHO" -- ycomp5_3_12_0.dll
Disable this plugin.

I belive it will fix your problem.

PS I am kinda noob in that stuff. :eek:
PSS let me know if it will fix your pc and what steps you did. I need that for personal exp.

You can get it here:

http://www.tucows.com/preview/213160.html

Many thanks for all the assistance!!! Can only get here on Saturdays..you all know how it is....lol

Have fixed everything IkeandMike and Crunchie suggested. Helped tremendously. Also, the suggestion to disable the Yahoo BHO did solve the single window problem in IE.

Big ups, guys.

Still outstanding issue w/ typing an address into address bar. Site typed does not open. Doesn't appear that anything is happening.

Is there an IE trace facility?

Still trying to get Sygate downloaded...their site seems to be having some sort of stalling problem...Or, could be me.

I am not really sure but I think some toolbars that downloads into your IE could mess it up. (As well most of the free software that install them as well)
You can try run some AD-Aware software to see.
You need keep on your computer Winsock repair tool. http://cexx.org/lspfix.htm
You can try use it to fix your IE problem (most of them connectivity problems.)

I am not really sure but I think some toolbars that downloads into your IE could mess it up. (As well most of the free software that install them as well)

Quite true; you might want to uninstall any IE add-ons such as the Yahoo and AIM toolbars just to eliminate any variables.You need keep on your computer Winsock repair tool. http://cexx.org/lspfix.htm . You can try use it to fix your IE problem (most of them connectivity problems.)
Be careful with Winsock utilities though: theycan repair a corrupted Winsock layer, but they can also break that layer if used improperly.
Also, while spyware/trojans/hijackers and the like can definitely alter or cripple your web browsing, relatively few of them actually do so by grafting themselves into your Winsock implementation.

Given that, tools such as LSPFix should only be used when you know for certain that a corrupt Winsock stack is part of your problem; Winsock utilities will be of no help whatsoever for the numerous other problems caused by malicious programs.

By the way- Hijack this does detect irregularities in the Winsock/LSP stack; it will report them with an "010" code in its log.