hotmail problems

[staniclayton]

i dont seem to enter my e,mail address, is says page unavailable,but i signed up in another name and it let me  on the page?is this a trojan as ive had problems with my browser being hijacked and you sorted it out for me ,i ran hijack this and this is the resulting log is ther aything there that shouldnt be,thanks againLogfile of HijackThis v1.99.1
Scan saved at 19:01:50, on 24/02/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {1C2E2A69-E4F8-B309-A6BC-70A9AC10DBFD} - (no file)
O2 - BHO: (no name) - {1EB77D8F-DC5A-7E55-59FC-844CAE64FC70} - (no file)
O2 - BHO: (no name) - {241F4AD4-BEDA-EE12-A99D-3A6CB9B33A5F} - (no file)
O2 - BHO: (no name) - {27C69AB9-7058-A173-08CD-4881744A47E8} - (no file)
O2 - BHO: (no name) - {31C94FA3-13E4-1D4B-B350-6A09F9B4EDDA} - (no file)
O2 - BHO: (no name) - {70B6D242-A76A-A3E8-4E2F-D03FF4541BA9} - (no file)
O2 - BHO: (no name) - {786B4BBD-2875-0E73-6FA4-33EBB3208A2D} - (no file)
O2 - BHO: (no name) - {7D52FC72-76A8-77EF-270D-8A1A8EA30F96} - (no file)
O2 - BHO: (no name) - {A19A66EB-CF29-CC81-77FC-5375D97AE8AD} - (no file)
O2 - BHO: (no name) - {A8D30C47-4510-9BB5-0432-574064529B27} - (no file)
O2 - BHO: (no name) - {A9E6449F-9343-AB84-AD4D-BB624005A22A} - (no file)
O2 - BHO: (no name) - {D249D817-722E-0E58-A372-0C213DCEDBA7} - (no file)
O2 - BHO: (no name) - {D3E658EA-D131-DCCF-DC18-81C5D9AD1C73} - (no file)
O2 - BHO: (no name) - {D82288C4-27D9-EACA-FB1E-9D7DB067AC72} - (no file)
O2 - BHO: (no name) - {E299E38F-A5EB-7A8D-9ABD-20615EA0FEC2} - (no file)
O2 - BHO: (no name) - {E3BCE414-E67C-A5E2-B041-270AA8258696} - (no file)
O2 - BHO: (no name) - {E8D62ACA-CF32-E7DB-57E6-D6B08BECF4C9} - (no file)
O2 - BHO: (no name) - {EAF521EB-5513-475B-B2B3-4D4B1195A1B0} - (no file)
O2 - BHO: (no name) - {F477C3A3-BBD5-3B78-AB78-7F0E35C51A6A} - (no file)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF486D73-CCDB-4B64-8C20-24A1CA111FD0}: NameServer = 194.72.9.34 194.72.0.114
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe

or is ther anoyher problem  thanks agian

[DavidR]

Your OS is way out of date and vulnerable to exploit, as a result of the outdated OS your IE will also be out of date as IE6 SP2 requires you have XP SP2.

I would remove/fix all the 02 - BHO entries.

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
I suggest you disable the windows mesenger service, you don't really need it and it generates pop-up style ads and deceptive warnings about your system is infected, etc.

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Do you really need MSN Messenger to run in the background ?

Other than that I don't see anything obvious.

[staniclayton]

how do i update my os ,do i need my xp disk?and the 04 entry your on about how do i disable the messanger service running in the back ? thanks for the help ,much appreciated.ive just ticked all the 02  boxes and pressed fix but they came back up on the next scan how do you remove them with hijack this!

[CharleyO]

***

Use Windows Update service to update your OS. This should be either on your desktop or under Program in the START menu. You should not need your XP disk.

But, if you have an illegal copy of XP, you will not be able to update which means you will continue to have problems.

See my post at the link below on how to stop Windows Messenger from running.

http://forum.avast.com/index.php?topic=18803.msg159132#msg159132

I think your main problem is here ......

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank

Remove this plus all David mentioned above.

Also, removal instructions here for farther help on this problem ......

http://www.replacementremotes.com/adware.htm

... although, if you can not remove it by the first few steps listed, you might need to be willing and comfortable with regedit in order to do this.

I hope this helps you.   


***

[doc_esb]

ive just ticked all the 02  boxes and pressed fix but they came back up on the next scan how do you remove them with hijack this!

It might be that you just need to reboot in order for the changes to take effect.  If that doesn't work, you might try running HijackThis from SafeMode and checking the 02s.
Make sure ALL windows are closed except HijackThis before you hit the "Fix checked" button,
Then reboot to Normal Mode and see if they still come up on a fresh scan.

Another easy way to install Service Pack 2 for XP is with the free CD that you can get from Microsoft.  Just slip it in and run it and you are good to go.  It only took about 4 days for me to get mine in the mail once I ordered it.  See this page first though.


doc_esb