Which spyware and adware block acces to hotmail site?
Because i cannot go ead my mail on hotmail, each time the page change for not found site...(404). I make a hijackThis log, but found nothing that can do that.
Please answer fast.
Printable View
Which spyware and adware block acces to hotmail site?
Because i cannot go ead my mail on hotmail, each time the page change for not found site...(404). I make a hijackThis log, but found nothing that can do that.
Please answer fast.
This is a copy of the log file made bu hijackthis :
Logfile of HijackThis v1.97.7
Scan saved at 18:03:11, on 2004-10-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\Asus\Asus Hotkey\Hotkey.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\KaZaA Lite\Kazaa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\...My Documents\My Received Files\HijackThis(1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.umontreal.ca:8080
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: ASUS Hotkey.lnk = C:\Program Files\Asus\Asus Hotkey\Hotkey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093620201601
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...867.5147106481
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
Well,
I cannot think of any. Not really spyware or adware, as it would advertise their presence.
Have you tried a different browser? Also:
Obtain, update and run in safe mode:
1. SpyBot Search & Destroy
2. AdAware SE
3. SwatIt (takes a long time)
Then update your AV and run that in safe mode. The 404 message is NOT typical of a hijack, could it be a friend playing a joke?
Cheers
Sometimes you can get a problem with the firewall stopping your out bound to the net.
As you have XP SP2, with a F/W, is there a second F/W ?
Conflicts..........
Just disable your SP2 F/W, try and access hotmail.
Whatever the result. RE-ENABLE the F/W
but what are the logic with firewall blocking access only at this site?
I can navigate anywhere else!
But i will try anyways, thx
Nobody said there had to be logic..............
My system : I have to disable F/W to access my mail [Virgin]
and again whenever I get a 'webpage not available' message, I disable, and retry the link, 9 out of 10 it connects ?
My F/W = Symantec Norton NetSec 2004.
Both Symantec AND Virgin are 'aware' of the fault............
check your hosts file, make sure the site is not being blocked from there -- i know at work we would sometimes block certain sites using that method
Sorry guys, but they are what you suggest give nothing!
but, just a liitle more detail, i can get acces to the page that list the email, but i cannot go read a message or delete it! I don't know if that help but it is just special.
Sorry EvilNight, can I clear this up in my own mind:
1. You can get to the HotMail site?
2. You can enter your login and password?
3. It shows you a list of your mail?
4. When you try to open one it gives you a 404 message? (page not found)?
Sounds almost like one of those secure site/stack corruption problems.
Just to eliminate a hotmail problem, are the number of messages in the list increasing?
Cheers
GO here and paste your hijackthis log
http://hijackthis.de/index.php?langselect=english
but for you i already did that following are the entries that i found bad
1. C:\WINDOWS\ATK0100\Hcontrol.exe (unknown process running) check it!!
2 . 7.exe <== what process is that
3. C:\WINDOWS\ATK0100\ATKOSD.exe <== what process is that
4. C:\Program Files\KaZaA Lite\Kazaa.exe <== according to hijackthis this is a nasty process
5. O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe <== akamai advare.
6. O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab
okay here are some other things, hijackthis found no antivirus in the log analysis but it seems you use a pc-cillin 2000. you should think of upgrading
check your host file. search for hotmail entry see that it doesn't have 127.0.0.1 but this shouldnt be the case as you get 404 not found see what ip is there.
go to http://housecall.antivirus.com get your computer for any virus,trojan etc..
trojan i think there is a possiblity because 7.exe could be subseven but i am "NOT SURE" just for a quick check go to command mode (cmd.exe.) and type "netstat -an" see if there is a port number
2773, 54283, 7215, 1243,6776, 27374... SHOW UP LISTING OR EVEN ESTABLISHED THEN THE POSSIBLITY OF SUBSEVEN COULD BE HIGHER ANYWAY IF YOU ANTI VIRUS IS UPDATED THIS SHOULDNT BE A PROBLEM IF YOU HAVE AUTO-PROTECT ON.
but these are default ports they can be easly conf.
ANYWAY FOR NOW GET YOU PC CHECKED FOR BOTH SPYWARE / ADWARE AND VIRUSES.