1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: IE Hijack. Cannot access webmail (gmail, yahoo mail, etc.)

Discussion in 'Virus & Other Malware Removal' started by ABuzz4Me, Jul 16, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. ABuzz4Me

    ABuzz4Me Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    8
    I have an issue where I am able to access Goggle, but when I click GMail, I get 'page cannot be found'. I get the same type of thing when trying to access Yahoo mail and others. When I try to update AVG VScan, it cannot contact the server.

    The Trend Micro HiJack This log is below:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:23:15 PM, on 7/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 6050 bytes



    I appreciate any help that you can provide!
    Thanks
     
  2. ABuzz4Me

    ABuzz4Me Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    8
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  4. ABuzz4Me

    ABuzz4Me Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    8
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/09/2007 at 06:49 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 00:40:47

    Memory items scanned : 283
    Memory threats detected : 0
    Registry items scanned : 4763
    Registry threats detected : 0
    File items scanned : 20882
    File threats detected : 0





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:57:08 PM, on 8/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 5994 bytes
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Be aware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
     
  6. ABuzz4Me

    ABuzz4Me Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    8
    Still no dice!!
     

    Attached Files:

  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  8. ABuzz4Me

    ABuzz4Me Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    8
    That did not seem to help.

    However, I did notice that if I boot into safe mode with network, I can access sites like Gmail, Hotmail, Yahoo Mail and the AVG Updates Servers.

    Ideas???
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Remove one of the anti-virus programs. That could be causing the problem.
     
  10. ABuzz4Me

    ABuzz4Me Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    8
    I removed one of the AV programs and then re-scanned. I found 9 threats.... All of those were cleaned. THe PC is starting to behave a bit more normal, but when the Guest account logs in, I get a ton (~20) of RUNDLL Boxes popup that state Error Loading file. Attached is one of them. I also installed FireFox. I plan to switch to it, from IE.






    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:02:35 PM, on 8/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [__c00695DC] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00695DC.dat",B
    O4 - HKCU\..\Run: [__c00B139A] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00B139A.dat",B
    O4 - HKCU\..\Run: [__c00ADA62] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00ADA62.dat",B
    O4 - HKCU\..\Run: [__c00257DE] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00257DE.dat",B
    O4 - HKCU\..\Run: [__c004817C] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c004817C.dat",B
    O4 - HKCU\..\Run: [__c00C672C] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00C672C.dat",B
    O4 - HKCU\..\Run: [__c00FE864] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00FE864.dat",B
    O4 - HKCU\..\Run: [__c005470C] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c005470C.dat",B
    O4 - HKCU\..\Run: [__c003E33D] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c003E33D.dat",B
    O4 - HKCU\..\Run: [__c00FEA61] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00FEA61.dat",B
    O4 - HKCU\..\Run: [__c00DC57] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00DC57.dat",B
    O4 - HKCU\..\Run: [__c0081B14] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c0081B14.dat",B
    O4 - HKCU\..\Run: [__c007AF29] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c007AF29.dat",B
    O4 - HKCU\..\Run: [__c00CBADA] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00CBADA.dat",B
    O4 - HKCU\..\Run: [__c00B0E41] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00B0E41.dat",B
    O4 - HKCU\..\Run: [__c008D060] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c008D060.dat",B
    O4 - HKCU\..\Run: [__c006C460] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c006C460.dat",B
    O4 - HKCU\..\Run: [__c007CFB9] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c007CFB9.dat",B
    O4 - HKCU\..\Run: [__c006C49F] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c006C49F.dat",B
    O4 - HKCU\..\Run: [__c003A248] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c003A248.dat",B
    O4 - HKCU\..\Run: [__c005A91D] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c005A91D.dat",B
    O4 - HKCU\..\Run: [__c00FF244] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00FF244.dat",B
    O4 - HKCU\..\Run: [__c00BD99B] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00BD99B.dat",B
    O4 - HKCU\..\Run: [__c00ABBC4] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00ABBC4.dat",B
    O4 - HKCU\..\Run: [__c008F399] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c008F399.dat",B
    O4 - HKCU\..\Run: [__c008EB61] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c008EB61.dat",B
    O4 - HKCU\..\Run: [__c0016763] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c0016763.dat",B
    O4 - HKCU\..\Run: [__c00A8C75] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00A8C75.dat",B
    O4 - HKCU\..\Run: [__c0076010] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c0076010.dat",B
    O4 - HKCU\..\Run: [__c004CA93] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c004CA93.dat",B
    O4 - HKCU\..\Run: [__c0042052] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c0042052.dat",B
    O4 - HKCU\..\Run: [__c005390B] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c005390B.dat",B
    O4 - HKCU\..\Run: [__c0034933] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c0034933.dat",B
    O4 - HKCU\..\Run: [DellSupport-] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [Windows installer] C:\winstall.exe (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [grapnt5] (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00695DC] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00695DC.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00B139A] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00B139A.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00ADA62] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00ADA62.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00257DE] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00257DE.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c004817C] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c004817C.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00C672C] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00C672C.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00FE864] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00FE864.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c005470C] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c005470C.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c003E33D] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c003E33D.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00FEA61] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00FEA61.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00DC57] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00DC57.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c0081B14] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c0081B14.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c007AF29] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c007AF29.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00CBADA] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00CBADA.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00B0E41] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00B0E41.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c008D060] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c008D060.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c006C460] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c006C460.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c007CFB9] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c007CFB9.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c006C49F] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c006C49F.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c003A248] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c003A248.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c005A91D] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c005A91D.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00FF244] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00FF244.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00BD99B] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00BD99B.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00ABBC4] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00ABBC4.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c008F399] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c008F399.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c008EB61] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c008EB61.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c0016763] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c0016763.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c00A8C75] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c00A8C75.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c0076010] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c0076010.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c004CA93] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c004CA93.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c0042052] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c0042052.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c005390B] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c005390B.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [__c0034933] rundll32.exe "C:\DOCUME~1\Guest\LOCALS~1\Temp\__c0034933.dat",B (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [DellSupport-] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
    O4 - HKUS\S-1-5-21-2285543765-2010066030-953139200-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.macromedia.com
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O24 - Desktop Component 0: (no name) - http://i131.photobucket.com/albums/p312/vqhm/photo-0044.jpg

    --
    End of file - 13208 bytes
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    :eek: What guest are you letting use your computer??? I would put a stop to that!

    Log on as administrator or an account that has admin rights and empty the contents of the folder: C:\DOCUMENTS AND SETTINGS\Guest\LOCAL SETTINGS\Temp


    Note: By default that is a hidden folder.
    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".

    Then log on as guest and post a new HJT log.
     
  12. ABuzz4Me

    ABuzz4Me Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    8
    I understand that GUEST access is a bad idea, however, at this time I have no other option.

    Anyway, I removed all the Registry entires that were calling the .dat files and now the system appears stable.

    Thanks!!! You guys are life savers.
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Good! I'm glad that helped. I would suggest keeping an eye on that folder as well as the C:\DOCUMENTS AND SETTINGS\Guest\LOCAL SETTINGS\temporary internet files\Content.IE5 !! Just log on as an account with admin rights and remove everything under Content.IE5. ;)
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Hijack Cannot
  1. genubi
    Replies:
    0
    Views:
    300
  2. bj nick
    Replies:
    0
    Views:
    665
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/596630

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice