Hotmail password...not Outlook related.

[lisa6297]

For the last couple of days have not been able to log into Hotmail. I have gone through the process of resetting password as it keeps saying this is the problem and essentially msn has locked me out because I have tried too often.

I have restored to an earlier time to no avail.

So can't use messenger or my usual email account...getting very distressed!

It says my password is not being recognised...and this was fine two days ago...what can i do?

[greyknight17]

Welcome to TSF.

Did you check for spyware or viruses?

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go here to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds.

Download and install Spybot S&D. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

Download CWShredder and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro. Just follow the instructions on the site to run the online scan. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. The result.txt file will open up in Notepad. Copy the whole result.txt log and post it in the forum. We do not need the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

[lisa6297]

but the Trend online scan wouldn't work for some reason.

Managed eventually (not a techie) to get to the hijacklog thingy and here is the result text.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 16:33:45, on 06/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure

Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Spyware\Ad-Monitor.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Anti-Virus\FSGUI\fsguiexe.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://www.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.freeserve.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Microsoft Internet Explorer provided by Freeserve
R3 - Default URLSearchHook is missing
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program

Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common

Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure

Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure

Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure

Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\F-Secure

Anti-Virus\Anti-Spyware\Ad-Monitor.exe"
O4 - HKCU\..\RunServices: [logon.exe] C:\WINDOWS\System32\logon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} -

(no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: ppctlcab -

http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: RaptisoftGameLoader -

http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight

Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) -

http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}

(PPSDKActiveXScanner.MainScreen) -

http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://by15fd.bay15.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2...rendmicro.com/

housecall/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller

Class) -

http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://zone.msn.com/binFramework/v10...o.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo

Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX

Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7} (Bootstrapper Class)

- http://activex.microsoft.com/objects/ocget.dll
O17 -

HKLM\System\CCS\Services\Tcpip\..\{8AADA1F0-5A14-4168-AE2A-FC9523256F57

}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) -

Unknown owner -

C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. -

C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure

Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure

Corporation - C:\Program Files\F-Secure

Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation

- C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE


End of KRC HijackThis Analyzer Log.
====================================================================


Please help x

It still won't let me into my hotmail account, or messenger. I icon on my desktop for messenger changed so I uninstalled it completely, went to msn homepage and tried to download....it came up that I didn't have enough space on my driver!!! Getting more confused by the second!

[greyknight17]

Make sure that Word Wrap is not turned on in Notepad next time. It makes the log very hard for us to read.

Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R3 - Default URLSearchHook is missing

Not sure if it could be a setting in your browser that's causing the Hotmail problem, but let's have these logs also:

Let's use a program to scan for any trojans that may exist. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies.

Download StartDreck http://www.greyknight17.com/spy/StartDreck.zip

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.

[lisa6297]

Hope have copied this to you ok this time!

19:56:01 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
19:56:01 [Init] Started 06-03-05 19:56:01 GMT Standard Time (UTC: 0), Internet Time @872.23
19:56:01 [Init] Loading TDS-3 Systems ...
19:56:01 [Init] Token successfully adjusted.
19:56:01 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
19:56:02 [Init] • Plugins : OK. Loaded 13
19:56:02 [Init] • Exec Protection : Not Installed
19:56:02 [Init] WARNING: Your Radius.TD3 database needs to be updated!
19:56:02 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
19:56:02 [Init] Licensed users can use the Update facility from the TDS menu
19:56:02 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
19:56:08 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
19:56:08 [Init] • Systems Initialised [48508 references - 24053 primaries/12272 traces/12183 variants/other]
19:56:08 [Init] Radius Systems loaded. <Databases updated 06-03-2005>
19:56:08 [Init] TDS-3 Ready. <Lisa@81.79.158.195, 127.0.0.1 - United Kingdom>
19:56:08 [Tip Of The Day] To see everyone who is connected to your computer using a TCP connection, click on System Analysis | Netstat, then click on the Remote Connections tab.
19:56:08 [TDS] Good evening Lisa.
19:56:13 [Mutex Memory Scan] Started...
19:56:15 [Mutex Memory Scan] Finished (no trojan mutexes found).
19:56:15 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
19:56:51 [CRC32] Started - verifying 29 files ...
19:56:55 [CRC32] Test finished.
19:59:09 [Memory Scan] Memory scan started, please wait a moment ...
19:59:10 [Memory Scan] Memory scan complete.
19:59:10 [Mutex Memory Scan] Started...
19:59:11 [Mutex Memory Scan] Finished (no trojan mutexes found).
19:59:11 [Trace Scan] Started...
19:59:17 [Trace Scan] Finished.
19:59:17 [ServiceScan] Scanning for services and drivers ...
19:59:20 [ServiceScan] Scanned 288 services and drivers.
19:59:20 [File Scan] Scanning in A:\ ...
19:59:21 [File Scan] Scanned 0 files: 0 alarms in 1.078125 seconds (Avg 1. files/sec)
19:59:21 [File Scan] Scanning in C:\ ...
20:28:49 [File Scan] Scanned 27951 files: 3 alarms in 1767.484 seconds (Avg 16.81 files/sec)
20:28:49 [File Scan] Scanning in D:\ ...
20:28:49 [File Scan] Scanned 0 files: 3 alarms in 0 seconds (Avg -1.#IND files/sec)
20:28:49 [Scan] Finished.
20:30:53 [SS3] Sub ScriptCmd1_Click has not been assigned by any script

The above was the scan ... and now the alarms bit

Scan Control Dumped @ 20:32:42 06-03-05
Suspicious Filename: Dual extensions
File: c:\documents and settings\lisa\my documents\my received files\webroot spysweeper 3.2.0.146.exe

Positive identification: Riskware.ProcessRestart
File: c:\program files\f-secure anti-virus\backweb\4476822\6.3.2.62-4476822l\program\restart.exe

Positive identification (DLL): Adware.PopCap (dll)
File: c:\windows\downloaded program files\popcaploader.dll


dreck.. am going to put this in next post cos it is huge!

not sure if i have the technology to do as an attachment...but will try!

Dreck thingy

[CTSNKY]

Sorry to tell you, that there's nothing in either of these logs to be worried about either.

Try running an IE Repair:

http://support.microsoft.com/default...b;en-us;318378