I have some new bit of scumware on my computer. When I log into my hotmail account I am re-directed to some search page. I have updated and run both adaware and spybot and they are not removing whatever it is. Anyone ever see this before and if so what did you do about it? Thanks

Download Hijackthis and post ur log?

Yes, I've seen it before, and I removed the crap to fix it.

Now, care to tell us which search page you're getting redirected to?

Already have it. Give me a couple of minutes and I'll post it.

Ok here it is

Logfile of HijackThis v1.98.2
Scan saved at 1:13:12 PM, on 10/17/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\dlltmp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\SD\Desktop\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {84C565A0-19CA-42E9-BAD6-894059905887} - C:\WINDOWS\System32\bogc.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [knxnsl] C:\WINDOWS\whamhks.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE
O4 - Global Startup: winlgn.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5547D333-7EDB-44EF-B3F4-A1748348505A}: NameServer = 207.40.103.4 207.40.103.5
O18 - Filter: text/html - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dll
O18 - Filter: text/plain - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dll

O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)

That doesnt look to good. You can try removing that. (even though the file already seems to be missing...)

Well, if you already ran Spybot and Adaware, they try CWShredder. Its removes the Cool Web Search which is a very bad IE trojan. Most spyware removes dont remove all files of CWS, but this app certainly does. Erm, yeah, I recommend dumping IE and getting FireFox. Its the best browser you can get.

When you click to view your hotmail through MSN it auto opens IE though even through FF is my defualy brwoser.

The search page I am being re-directed to just says Search For and the url in the address bar is about:blank. It also gives me a couple of pop-ups about spyware and resets my homepage.

Bishtawiman, I had hijackthis fix the item you noted. I'm still being re-directed and when I run hijackthis again the item is right back.

Running processes:
C:\Program Files\QuickTime\qttask.exe
C:\dlltmp.exePerform the three-fingered-salute (Ctrl-Alt-Del), select the "Processes" tab, end these processes and then delete the files themselves.



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {84C565A0-19CA-42E9-BAD6-894059905887} - C:\WINDOWS\System32\bogc.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [knxnsl] C:\WINDOWS\whamhks.exe
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe
O4 - Global Startup: winlgn.exe
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5547D333-7EDB-44EF-B3F4-A1748348505A}: NameServer = 207.40.103.4 207.40.103.5
O18 - Filter: text/html - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dll
O18 - Filter: text/plain - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dllTick all these items in HijackThis, close all explorer/intenet explorer/other program windows, and hit the 'Fix Selected' button.

EDIT: removed safe item I left in the list to remove! Sorry!

Thanks Smurfette I'll give it a try.

When you click to view your hotmail through MSN it auto opens IE though even through FF is my defualy brwoser.


Yeah you can get a plugin for msn plus which makes it open in your true default browser.

Its called stuffNG plugin available from www.mess.be

Yeah you can get a plugin for msn plus which makes it open in your true default browser.

Its called stuffNG plugin available from www.mess.be (http://www.mess.be)

Sorry, no matches were found for stuffNG
:huh:

Seems to be working better now. I can at least get in a check mail. Thanks everyone. This really is the best spot on the net to get computer help.

oops StuffPlug-NG


http://www.stuffplug.com/?act=download&subact=view&ID=6

Hello!

I just checked your log and it sure are full of nasties!. Delete(fix) the following items:

Delete all the R1 and R0 items also delete the R3 item. Delete the following:

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} -
C:\WINDOWS\System32\mscb.dll (file missing)

O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE


O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe

O9 - Extra button: Your PC is infected with Spyware - click here to fix
your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} -
https://www.spydeleter.com/order2.php?KBID=1063 (file missing)

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

Make sure that all browser and explorer windows are closed before deleting!. Also if some entries refuse to get deleted and comes back try to remove it in safe mode by booting and pushing F8.

Thanks Joakim I'll pull that up again tomorrow and do that, just a little too tired tonight.

Thanks everyone for all your help. I was getting into hotmail just fine. Having trouble tonight but I suspect that might be a problem with hotmail and not my computer. Not real sure though.

I made all the corrections suggested on here and did another scan with hijackthis. Here's the log, is there anything else I should fix? Thanks everyone.

Logfile of HijackThis v1.98.2
Scan saved at 9:58:32 PM, on 10/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\SD\Desktop\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcpages.com/svc/index.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [knxnsl] C:\WINDOWS\whamhks.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5547D333-7EDB-44EF-B3F4-A1748348505A}: NameServer = 207.40.103.4 207.40.103.5
O18 - Filter: text/html - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dll
O18 - Filter: text/plain - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dll

When you click to view your hotmail through MSN it auto opens IE though even through FF is my defualy brwoser.
You need the StuffPlugin (for msn plus)


edit: cold north, remove:
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)

again as it seems to have not moved or come back.

It does not seem to want to remove. I have also noticed that I can no longer get into hotmail. I get to the site fine, log in and when I hit enter it real quickly goes to the "page not found" page. Anyone have any ideas what happened?

Something I think is wrong. Cannot enter hotmail at all. I can get to the site and log in just fine, but it just quickly brings up page not found. MSN messenger no longer works either. Anyone have any ideas?

Guys I can't get into hotmail at all. Anyone have any idea whats happening and what I can do about it?

You have a hijacker that uses a hidden file which does not show up in hijackthis.
Symantec has a tool to remove it.

Download and run the Backkdoor.Agent.B Removal Tool (http://securityresponse.symantec.com/avcenter/venc/data/backdoor.agent.b.removal.tool.html)
Notice that the instructions say to disconnect from the internet when running the tool.
Also shut down your anti-virus program as it may interfere with the fix.



After the removal tool is done, get rid of the line: O9 - Extra button: Your PC is infected with Spyware.

copy the contents of the quote box to notepad.



REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB74C951-ACA1-4e33-A94C-A9261EB2CCB7}]
"Exec"="https://www.spydeleter.com/order2.php?KBID=1004"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB74C951-ACA1-4e33-A94C-A9261EB2CCB7}]

Save it to the desktop as regpatch.reg ( save as all file types)

Double click the icon, and answer yes when asked if you want to merge this registry file.

Reboot, rescan with Hijack this, and post a fresh log.

I did everything you suggested Jg427. Still can't get into hotmail. I log in and it immediatly goes to the page not found or rather I should say goes to the "The page cannot be displayed" page. Here is the new hijackthis log. Any ideas? Thanks everyone.

Logfile of HijackThis v1.98.2
Scan saved at 8:42:22 PM, on 10/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MightyFax\MFNTCTL.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\SD\Desktop\Programs\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcpages.com/svc/index.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [knxnsl] C:\WINDOWS\whamhks.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O18 - Filter: text/html - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dll
O18 - Filter: text/plain - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dll

Something I forgot to mention the backdoor agent B removal tool did not find anything.

We still have some clean up to do.

Some files and folders may be hidden , change these settings to show them:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and uncheck "hide extensions for known file types" , click "Apply to all folders"
Click "Apply" then "OK"

Copy the contents of the Quote Box to Notepad.

Name the file as fix.reg
Save as Type: All Files
Save on the desktop

Wait until after hijackthis fix to merge



REGEDIT4

[-HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]

[-HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]

[-HKEY_CLASSES_ROOT\CLSID\{46CE9356-7075-4D9E-855C-2AA2F1DB0429}]




Scan with hijackthis and place a checkmark at the following:

O4 - HKLM\..\Run: [knxnsl] C:\WINDOWS\whamhks.exe

O18 - Filter: text/html - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dll
O18 - Filter: text/plain - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dll

Close all browsers and open windows, click "fix checked".


Reboot to safemode
Restart the computer,as soon as the BIOS has finished loading, begin tapping the F8 key .
Continue to do so until the Windows Advanced Options menu appears.
Using the arrow keys, scroll to and select Safemode, then press Enter.

Delete the following files marked in bold
Note that they may be missing, already removed by a previous scan.

C:\WINDOWS\whamhks.exe
C:\WINDOWS\System32\bogc.dll

Double click the fix.reg file you saved to the desktop.
Allow it to merge to the registry.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr.
Let it scan your system for files to remove.
Make sure these 3 are checked and then press *ok* to remove:
Temporary Files
Temporary Internet Files
Recycle Bin

Reboot to normal mode

Scan with hijackthis and post a fresh log.

ok, give me a few mnutes and I'll try it.

Think I'm gonna have to wait till tomorrow to try it. It's late and I'm just too tired. Thanks for everyone's help. I'll be sure to let you know how it turned out tomorrow.

Well I made the latest corrections that were suggested and still cannot get on hotmail. Anyone have any ideas about what might have happened? Here's the hijackthis log since I made last corrections.

Logfile of HijackThis v1.98.2
Scan saved at 4:48:18 PM, on 10/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MightyFax\MFNTCTL.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\123 Free Solitaire\123FreeSolitaire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\SD\Desktop\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcpages.com/svc/index.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5547D333-7EDB-44EF-B3F4-A1748348505A}: NameServer = 207.40.103.4 207.40.103.5

Hi coldnorth, I do not see any remaining malware on your system.
Sorry this has not helped your hotmail problem, but at this time it does not appear to be spyware related.

Still, you might try a scan with Adaware SE.
Download the latest version of Ad-Aware SE from here (http://www.lavasoft.de/support/download/).
Close all open browsers and windows.
Open Ad-Aware and from the main screen Click on "Check for Updates Now".
Click on the "Scan Now" button on the left.
Under "Select Scan Mode,select "Perform full system scan".
Click on "Next" in the bottom right corner to start the scan.
Run the Ad-Aware scan and allow it to remove everything it finds.

I did run a google search (http://www.google.com/search?q=hotmail+page+not+found+problem&hl=en&lr=&start=0&sa=N) and page after page came back without a clear answer to your problem.

I suggest trying a different browser to access hotmail.
http://www.mozilla.org/products/firefox/

I must add that until you install critical updates for xp and IE, you will continue to have problems with malware attacking your system.
Updating may even help your hotmail problems.

Consider installing the following free programs to help protect your system.


SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.

SpywareGuard (http://www.javacoolsoftware.com/spywareguard.html) - An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!

IE-SPYAD (https://netfiles.uiuc.edu/ehowes/www/resource.htm)is a Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer.

Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Thanks Jg427. I have tried both spybot and adaware. I suspect that I may be having a browser problem. I may try to re-install it a little later. One more question if I could. When I re-install this, since I am just re-writing the same browser over and not upgrading will I loose all my bookmarked sites? Thanks everyone who offered help. This really is the best place on the net when you have a computer problem.

You can make a backup of your favorites in case you need to replace them.

Open IE, click file then choose import/export
When the wizard opens click next then choose export favorites
highlight your main favorites folder click next
choose a location for the file or leave it at the default location
click next and your done

Import them later if you need to using the same wizard

I did read that some users with hotmail problems were able to access it with firefox. Give it a try, I did and never went back to IE (except for windows update) Firefox will also import your favorites and stored cookies from IE.

Hello!

Exactly how do you access Hotmail??

Have you tried to gain access trough Windows messenger??

I always access that way and have not visited Hotmails startpage for ever!

Do you have problems accessing both ways??

If only trough Messenger then when you get the not found message just try to use the reload button in IE and see if Hotmail Inbox loads!. That has happened to me several times.

If you cant even get to http://www.hotmail.com (http://www.hotmail.com/) then something more serious is wrong!.

Have you checked that IE has SSL (Secure Socket layer)enabled? If not enable it!. And see if it works!

Also try to access Hotmail trough Outlook Express and see if that works or first you can try and see if you can logg in to Hotmail from Windows Explorer not IE. Just type in http://www.hotmail.com in the adress bar in Windows Explorer and it might work!.

O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{5547D333-7EDB-44EF-B3F4-A1748348505A}: NameServer = 207.40.103.4 207.40.103.5
One or both of these items may be the cause.

It won't hurt to fix the 016, but it's not on my list of known malicious active-x

That dosen't mean it's ok, just not enough information on it.

You can check 016 entries by installing spywareblaster.
Open spywareblaster, enable all protections.
Click the button for internet explorer protections.
Right click the list and choose find.
Paste in the clsid of the 016 {99CDFD87-F97A-42E1-9C13-D18220D90AD1}
This one is not found but many are listed

I would NOT fix the 017 line, they are almost never a problem.
This one appears to be the ISP:

Server Used: [ whois.arin.net ]

207.40.103.4 = [ ns.coiinc.com ]

OrgName: Sprint
OrgID: SPRN
Address: 12502 Sunrise Valley Dr.
City: Reston
StateProv: VA
PostalCode: 20196
Country: US
NetRange: 207.40.0.0 - 207.43.255.255
CIDR: 207.40.0.0/14
NetName: SPRINTLINK-BLKR
NetHandle: NET-207-40-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1-AUTH.SPRINTLINK.NET
NameServer: NS2-AUTH.SPRINTLINK.NET
NameServer: NS3-AUTH.SPRINTLINK.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1996-01-24
Updated: 1996-09-10
TechHandle: SPRINT-NOC-ARIN
TechName: Sprintlink (Sprint)
TechPhone: 1-800-232-6895
TechEmail: [email protected]

http://www.samspade.org/t/lookat?a=207.40.103.4+

Thanks everyone, I am really grateful for all the help you have given me.

Joakim, I tried through MSN messenger and could not even log on. I really suspect that it is the browser and tomorrow I'll try reloading and update windows. I may try a new browser as well. What's everyones favorite besides IE?

Do you use any type of proxies as hotmail may reject them depending. Also if I remember right ZA fkedup my hotmail connection somehow in corrupting my cmd.exe tables I think although I never did fix it untill I reformatted unfortunatly...

Thanks everyone, I am really grateful for all the help you have given me.

Joakim, I tried through MSN messenger and could not even log on. I really suspect that it is the browser and tomorrow I'll try reloading and update windows. I may try a new browser as well. What's everyones favorite besides IE?
Hello!

But have you tried to access it trough the Explorer and not IE?.

In the address field that shows which directory you currently are in Explorer for instance c:\\Programfiles etc when browsing your HD you can also surf the web try typing http://www.hotmail.com in the address field that shows the directory and see if it works!. Sometimes there is no address field showing because it is not enabled if so do this:

In Windows Explorer choose View>Status field(or something similar I dont have an English XP) and it should appear.

I just tried it Joakim, no luck that way either. I instantly get the "This page cannot be displayed". Thanks for the suggestion though.

try going to C:\WINDOWS\system32\drivers\etc\
then open the hosts file in that folder with notepad.

look for any entries that relate to hotmail.com.



the best browser is firefox, btw.

Do you use any type of proxies as hotmail may reject them depending. Also if I remember right ZA fkedup my hotmail connection somehow in corrupting my cmd.exe tables I think although I never did fix it untill I reformatted unfortunatly...
:huh: :huh:

Nope, I don't use any proxies.

rossco, I don't find anything in there that appears to be related to hotmail.

I don't particularly like hotmail but I do use messenger on occassion and that is really the only reason I'd like to get it going again. That and the fact that I would just really like to know why it is suddenly doing this.

By the way, anyone have a firefox download link?

Firefox (http://www.mozilla.org/products/firefox/)

Thanks rossco

Downloaded Firefox. Can't get anywhere with it. No matter where I try to go it says connection refused. I wonder if this has anything to do with the problems I have been having?

Downloaded Firefox. Can't get anywhere with it. No matter where I try to go it says connection refused. I wonder if this has anything to do with the problems I have been having?
Hello!

Do you mean that you cant get anywhere on any site with Firefox??

That sure is an interesting problem you have there!.

Maybe your hosts file are fucked up!.

Try to get to Hotmail directly by using its Ip address and see if you can get there that way. Here is the link:

http://207.68.172.239

Also make sure that you check your DNS settings so that they match those given to you by your ISP. Some HiJackers change the DNS information.

Yep, can't get anywhere with Firefox. Removed it and reinstalled and have the same problem. I can get to hotmail just fine(on IE). Only when I put in password and try to enter my e-mail it instantly goes to The page cannot be displayed. I suspect that the problem is with my computer, possibly the browser. I have received a lot of spyware lately and wonder if in getting rid of it something was deleted that should not have been.

So another question. Can I re-install windows XP by just writing over the windows files? I don't want to re-format and loose everything I have on here.

Yes when you install either don't format when it asks too or do a "repair install"

Yep, can't get anywhere with Firefox. Removed it and reinstalled and have the same problem. I can get to hotmail just fine(on IE). Only when I put in password and try to enter my e-mail it instantly goes to The page cannot be displayed. I suspect that the problem is with my computer, possibly the browser. I have received a lot of spyware lately and wonder if in getting rid of it something was deleted that should not have been.

So another question. Can I re-install windows XP by just writing over the windows files? I don't want to re-format and loose everything I have on here.Hello!

Dont give up just yeat!

There is still a few things to try out first!

It is still strange that FireFox wont work at all for you!

Maybe it is worth a shot and try to use Opera instead which I use as an alternative browser and it is very good!.

Now to the Hotmail problem. You say you can atleast visit Hotmail that is a good thing!.

First clear out all browser history and your cookies and see if that helps any!.

Next step!

There is a secret log in option to get in to Hotmail and that is this address:

www.hotmail.com/cgi-bin/start (http://www.hotmail.com/cgi-bin/start)

When you click that link you will get a password screen asking for your network username and password just type in your e-mail address and your Hotmail password and see if that lets you in!. If you can get in this way that is great!!

However that dont solve the issue!

Try this in Internet Options:

Go to Tools >>Internet options >> security and klick custom level and make sure that the security level setting is set to normal then click the reset button to reset the normal settings and then in the option list make sure that "Allow meta refresh" is enabled. Now close IE and then try again and see if you can log in again(but dont forget to empty cookies and history in the previous step)!.

Another thing you can try is to reset/clear the SSL permits/certificates

In Internet options go to the Content tab(not exactly sure what it is called in english Windows XP) and then under the Security Certificates click the reset/clear SSl permits button and see if that helps any incase the former option above did not help!.

This may be a stupid question but in windows XP are the cookies kept as a dat file under documents and settings? Like I said stupid question but I'm new to XP, I miss win 98 and even 95.

Well, nothing seems to work. Anyone have any other ideas?

yeah, use http://myway.com/ instead :-)

Can you access other secure pages?

Vargas I do use myway. The only reason I have a hotmail account at all is for msn messenger, which a few friends insist on using.

Smurfette, I can't access any of the secure pages at hotmail, but hotmail and messenger are the only sites I am having trouble with, myway and yahoo mail are both fine. I realy don't understand this.

well guys I give up. Thanks for all your help. I think when I deleted some of the spyware I deleted something I shouldn't have. Maybe I'll reinstall windows. Thanks again

one little post script to this problem. I installled yahoo messenger tonight and get the same problem with it that I do with msn messenger, though unlike hotmail I can still get into yahoo mail. This seems odd and I bet it is related to the msn problem.