Page 1 of 6 1234 ... LastLast
Results 1 to 10 of 55

Thread: Being Redirected at Hotmail

  1. #1
    I have some new bit of scumware on my computer. When I log into my hotmail account I am re-directed to some search page. I have updated and run both adaware and spybot and they are not removing whatever it is. Anyone ever see this before and if so what did you do about it? Thanks

  2. Software & Hardware   -   #2
    Goes Rawr!
    Join Date
    Nov 2003
    Posts
    316
    Download Hijackthis and post ur log?

  3. Software & Hardware   -   #3
    Poster
    Join Date
    Oct 2003
    Location
    fucking smurfland y'idjit
    Posts
    756
    Yes, I've seen it before, and I removed the crap to fix it.

    Now, care to tell us which search page you're getting redirected to?
    if your font size is this small i'll add you to my ignore list because you're wasting my time, OK?

  4. Software & Hardware   -   #4
    Already have it. Give me a couple of minutes and I'll post it.

  5. Software & Hardware   -   #5
    Ok here it is

    Logfile of HijackThis v1.98.2
    Scan saved at 1:13:12 PM, on 10/17/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Norton Internet Security Professional\NISUM.EXE
    C:\dlltmp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\SD\Desktop\Programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {84C565A0-19CA-42E9-BAD6-894059905887} - C:\WINDOWS\System32\bogc.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [knxnsl] C:\WINDOWS\whamhks.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
    O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe
    O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE
    O4 - Global Startup: winlgn.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5547D333-7EDB-44EF-B3F4-A1748348505A}: NameServer = 207.40.103.4 207.40.103.5
    O18 - Filter: text/html - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dll
    O18 - Filter: text/plain - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dll

  6. Software & Hardware   -   #6
    erRor67's Avatar Lord Of Everything
    Join Date
    Mar 2003
    Location
    Everywhere
    Posts
    798
    O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)
    That doesnt look to good. You can try removing that. (even though the file already seems to be missing...)

    Well, if you already ran Spybot and Adaware, they try CWShredder. Its removes the Cool Web Search which is a very bad IE trojan. Most spyware removes dont remove all files of CWS, but this app certainly does. Erm, yeah, I recommend dumping IE and getting FireFox. Its the best browser you can get.
    blah blah blah... whatever...



  7. Software & Hardware   -   #7
    When you click to view your hotmail through MSN it auto opens IE though even through FF is my defualy brwoser.


  8. Software & Hardware   -   #8
    The search page I am being re-directed to just says Search For and the url in the address bar is about:blank. It also gives me a couple of pop-ups about spyware and resets my homepage.

    Bishtawiman, I had hijackthis fix the item you noted. I'm still being re-directed and when I run hijackthis again the item is right back.

  9. Software & Hardware   -   #9
    Poster
    Join Date
    Oct 2003
    Location
    fucking smurfland y'idjit
    Posts
    756
    Quote Originally Posted by coldnorth
    Running processes:
    C:\Program Files\QuickTime\qttask.exe
    C:\dlltmp.exe
    Perform the three-fingered-salute (Ctrl-Alt-Del), select the "Processes" tab, end these processes and then delete the files themselves.

    Quote Originally Posted by coldnorth
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://any-find.com/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {84C565A0-19CA-42E9-BAD6-894059905887} - C:\WINDOWS\System32\bogc.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [knxnsl] C:\WINDOWS\whamhks.exe
    O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
    O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe
    O4 - Global Startup: winlgn.exe
    O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5547D333-7EDB-44EF-B3F4-A1748348505A}: NameServer = 207.40.103.4 207.40.103.5
    O18 - Filter: text/html - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dll
    O18 - Filter: text/plain - {46CE9356-7075-4D9E-855C-2AA2F1DB0429} - C:\WINDOWS\System32\bogc.dll
    Tick all these items in HijackThis, close all explorer/intenet explorer/other program windows, and hit the 'Fix Selected' button.

    EDIT: removed safe item I left in the list to remove! Sorry!
    if your font size is this small i'll add you to my ignore list because you're wasting my time, OK?

  10. Software & Hardware   -   #10
    Thanks Smurfette I'll give it a try.

Page 1 of 6 1234 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •