Hotmail lo-in problem, hijack this log

marcasitevah

Sunday, I had a problem and found your guide to removing the HSA incredibly helpful.

Yesterday, I noticed that I could not log-in to my hotmail accounts. When I type in my E-mail address and password and click log-in, it acts like it will take me to my inbox, but nothing happens. I hit refresh and it does no good. I can go to view source and then get to my E-mail account by copying the address. However, this process is rather annoying. I have run two virus scan software programs, and adaware. Nothing shows up with them. I have also looked through my host file and found nothing strange in it.

Below is my Hijack This log:
Logfile of HijackThis v1.98.2
Scan saved at 9:07:45 AM, on 8/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Spyware\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livejournal.com/users/marcasitevah/friends
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4388/mcfscan.cab


Help?

SpywareShooter

Welcome to Short Media.

The only thing I see that is bad in there are these entries:


O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com


Have HijackThis fix those. Maybe one of the mods can find something that I overlooked.

marcasitevah

I tried that and still no luck. Thanks for your help though.

primesuspect

Perhaps try a different browser to see if the problem rests with IE.

Try deleting all your cookies and resetting IE defaults (Tools --> Internet Options --> Programs --> Reset all web settings)

marcasitevah

I cleared out all of my cookies, rest the IE defaults, and it won't work IE.

However, it works with Netscape. Is there anything I can do to make it work with IE?

primesuspect

Try reinstalling IE. Are you using Windows XP? If so, update to Service Pack 2.

Trogan

I had a similar problem with Hotmail were I couldn't log in and all I would get is a Blank Screen. However, one day I sent a message to hotmail with the problem and within a few days it was working.

Trying sending a message to them.

Dexter

We did have another user report this problem. I wonder of some versions aren't blocking the sites by adding it to the Restricted sites list?

Before you re-install Intetnet Explorer, please check one thing. In Internet Explorer, click Tools -> Internet Options. Choose the Security tab. Click on Restricted Sites, then Sites. Look to see if Hotmail, Passport or MSN are in that list. If they are, remove them.

Please let us know if that helps.

Dexter...

marcasitevah

There are no sites listed in the restricted sites section. I have been trying to install the XP Service Pack 2, but everytime I go, they say that there is too high of a demand and I cannot install it yet. I will try uninstalling IE and then reinstalling it.

marcasitevah

I cannot reinstall Internet Explorer because it says that I have a newer version of explorer than the one I downloaded from Microsoft (http://www.microsoft.com/downloads/details.aspx?FamilyID=1e1550cb-5e5d-48f5-b02b-20b602228de6&DisplayLang=en). I can not find a place to uninstall the program, either.

I will try notifying hotmail in the meantime.

primesuspect

Installing Windows XP Service Pack 2 will effectively reinstall IE, since IE is updated as part of the service pack. I would do that next.

marcasitevah

Should I just order the disk from Microsoft since I have not yet had an opportunity to download the service pack?

Dexter

marcasitevah wrote:

There are no sites listed in the restricted sites section. I have been trying to install the XP Service Pack 2, but everytime I go, they say that there is too high of a demand and I cannot install it yet. I will try uninstalling IE and then reinstalling it.

Download Service Pack 2 from here at Short-Media:

http://www.short-media.com/download.php?dc=51

Dexter...

Dexter

One more thing to check as well. Although your main HJT log does not show any HOSTS entries, can you please check your HOSTS file for me?

In HJT, click on the CONFIG button, then the MISC TOOLS button, then the OPEN HOSTS FILE MANAGER button. Then click the button that says OPEN IN NOTEPAD. Copy the data from that text file and paste it here.

Dexter...

marcasitevah

I got the service pack 2 (finally) and it fixed the problem. Thank you all so much for your help. You are all the best, and I appreciate all that you do here.

primesuspect

Glad to hear it!

You may want to check out this article, as it will help you understand why you may have gotten infected and how to prevent things like this from happening again.

If you want to thank us for help you, you can do two things:

1) Stick around. This is a great site with great people.

2) Learn about Folding, it's a good cause, and we would love to have you join our team and our family.