Hotmail problem

  goll_y 21:25 22 May 2004
Locked

Could my hotmail have been hijacked?

I use MSN messenger, Microsoft Money and Hotmail for which I use the same login. I can now not sign into any of these accounts as it comes up invalid password. I've not changed the account details or anything.

  goll_y 21:42 22 May 2004

Could it be linked to the fact that I've got 2 items on Adaware that keep returning every time I check it -

Type - Regdata
Data - 'about:blank'
Rootkey - HKEY_CURRENT_USER
Object - Software\Microsoft\Internet Explorer\Main
Value - Start Page
Data - 'about:blank'

(It seems that MSN keeps hijacking my supposedly blank home page)

Type - File
Data - mark [email protected]reau(1).txt
Object - C:\Documents and Settings\Mark Golledge\cookies

They keep returning even though I remove them from Adaware

  bvw in bristol 21:56 22 May 2004

I've had the same all day, changed my password in the end.

Go to MSN and attempt to log-in (you won't be able to)...then answer your secret question and then enter a new password.

It's just worked for me.

  VoG II 21:59 22 May 2004

You can check the service status if you click here

  goll_y 22:08 22 May 2004

Nope it won't accept any of it. Still unavailable. Is it related to what is on Adaware?

  VoG II 22:20 22 May 2004

You need to run Hijack This from click here

Instructions for use click here
Then post the log here (difficult: formatting and word count limit) or an expert forum click here

  Old Shep 22:22 22 May 2004

I have the same problem won't recognise my password so created another account. I have Adaware so it could be that.

  goll_y 22:47 22 May 2004

Logfile of HijackThis v1.97.7
Scan saved at 22:46:19, on 22/05/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Program Files\HijackThis.exe

  goll_y 22:48 22 May 2004

oops

Running processes:
C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Caere\OmniPagePro90\opware32.exe

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\devldr32.exe

C:\PROGRA~1\WINZIP\wzqkpick.exe

C:\Program Files\HijackThis.exe

  goll_y 22:50 22 May 2004

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=click here;ftp=click here

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-gb\msntb.dll

O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

  goll_y 22:51 22 May 2004

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)

O14 - IERESET.INF: START_PAGE_URL=click here

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - click here

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - click here

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - click here

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - click here

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - click here

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here

O17 - HKLM\System\CCS\Services\Tcpip\..\{02D78AF1-C136-4AA3-9153-8D3D17935139}: NameServer = 195.92.195.94 195.92.195.95

O17 - HKLM\System\CS2\Services\Tcpip\..\{02D78AF1-C136-4AA3-9153-8D3D17935139}: NameServer = 195.92.195.94 195.92.195.95

O17 - HKLM\System\CS3\Services\Tcpip\..\{02D78AF1-C136-4AA3-9153-8D3D17935139}: NameServer = 195.92.195.95 195.92.195.94

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Turn a photo into 16-bit pixel art

iMac Pro release date, UK price & specs

Comment suivre le parcours du père Noël ?