Re:Get Hotmail instead of windows login

Microsoft Windows 8.1 standard (full pro...
December 30, 2014 at 12:13:34
Specs: windows 8.1, intel i5
Hello all, did something to change my sign in on my New Laptop.

Used to sign in normally, with my password into windows. Have two accounts, mine and the Wife's hers is normal.

In the tiles part, I filled in the Microsoft tile, my Hotmail account, and now it asks me for my Hotmail sign in details when I log into my windows.

How do I go back to windows sign in please

Further information.
Called Microsoft/Hotmail support, they took control of my machine, said it was because of Spam emails that have affected both my Ntlworld email and Hotmail and they want me to pay them around £130 a year, or 57 for 3 months, not got that kind of money.

Any funny emails go into my spam, got mcaffee Lifesafe anti-virus. Ran Malwarebytes, found 1 problem.

Please can someone help.

Thanks, Gep


See More: Re:Get Hotmail instead of windows login

Report •

#1
December 30, 2014 at 12:46:13
Pending Johnw dropping in here - and he's one of several of the resident pest removers here... a few things to do in the meantime...

Download and run in this order:

Rerun malwarebytes - you already know where to find that.

Run adwcleaner:

http://www.bleepingcomputer.com/dow...

ccleaner: ensure you go for the "free" version..

http://filehippo.com/download_cclea...

Run JRT (Junkware Removal Tool). It will install itself to the desktop and create an icon JRT. That is where you run it - and it will produce a dos style window. Follow the on-screen prompts.

http://www.bleepingcomputer.com/dow...

Kaspersky Rescue disk: download the ISO and burn to a DVD. Boot the system with that DVD. It will install a Linux variant to accommodate the actual pest scanner; then go on-line to update itself; then will scan the system fully - if you opt to (do so). It will take a wee while so time for tea/coffee and cake/cookie... It will eradicate anything nasty it finds; and I seem to recall will also generate a report on its findings (which others may like to see).

http://www.kaspersky.com/virus-scanner

http://support.kaspersky.co.uk/4162

There are other pest removal utilities too on the adwcleaner page that may be of value - but see what the above do first?

Keep any logs that may be generated as they may be of use later...?


Report •

#2
December 30, 2014 at 14:19:47
" Ran Malwarebytes, found 1 problem"
Copy & Paste the contents of that log & any other logs, in your reply, please.

If you misplace your log, here are ways to find.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
http://i.imgur.com/ZZ1trsv.gif
http://i.imgur.com/LL0K3qs.gif
Or,
(Export log to save as txt)
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
http://i.imgur.com/LNl3Sgw.gif
http://i.imgur.com/xGJgawB.gif


Report •

#3
December 30, 2014 at 14:20:27
Hello trvir, have got ccleaner, ran it all. Adware results-# AdwCleaner v4.106 - Report created 30/12/2014 at 22:04:52
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Graham - PEATES
# Running from : C:\Users\Graham\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17416
*************************
AdwCleaner[R0].txt - [945 octets] - [30/12/2014 21:42:19]
AdwCleaner[R1].txt - [1524 octets] - [30/12/2014 22:03:45]
AdwCleaner[S0].txt - [974 octets] - [30/12/2014 22:02:30]
AdwCleaner[S1].txt - [1451 octets] - [30/12/2014 22:04:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1511 octets] ##########

JRT Scan
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Graham on 30/12/2014 at 22:10:30.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARINSTALLER_EN32_S-2CF276C2.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-B25C45A8.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-992C17DF.pf
~~~ Folders

~~~ Event Viewer Logs were cleared

Did not download and run Kaspersky Rescue disk
alittle worried about doing that, lol.

Thanks, Gep


Report •

Related Solutions

#4
December 30, 2014 at 14:24:20
We are on the right track gep.

Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#5
December 30, 2014 at 14:31:25
Opp's, missed your JRT log.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

message edited by Johnw


Report •

#6
December 30, 2014 at 14:42:42
Hello Johnw, tried to save as a Protection log as a Text file, give me the option, but no file to save. double clicked on the one that was there, then three showed. Tried to highlight one, would not highlight or do anything. So, could not save a text file.

What next??

Thanks, gep


Report •

#7
December 30, 2014 at 14:46:21
"What next??"
Run Farbar please.

Report •

#8
December 30, 2014 at 15:00:03
Hello Johnw no1 file location http://www12.zippyshare.com/v/97783...
No 2 file location http://www24.zippyshare.com/v/49265...

Hope these are ok?

Have reposted this from above.
tried to save as a Protection log as a Text file, give me the option, but no file to save. double clicked on the one that was there, then three showed. Tried to highlight one, would not highlight or do anything. So, could not save a text file.

Thanks, Gep


Report •

#9
December 30, 2014 at 15:08:57
"Hope these are ok?"
Perfect, shall work on those now.

"Have reposted this from above"
Skip that for now.


Report •

#10
December 30, 2014 at 15:20:43
Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
195 AlternateDataStreams: C:\Users\Graham\OneDrive:ms-properties
196 AlternateDataStreams: C:\Users\Graham\OneDrive (2):ms-properties
197 AlternateDataStreams: C:\Users\Pollyanna\OneDrive:ms-properties
108 SearchScopes: HKLM -> {4A912A23-4678-4A81-A359-A534229B82AB} URL = http://www.amazon.co.uk/s/ref=azs_o...
109 SearchScopes: HKLM-x32 -> {4A912A23-4678-4A81-A359-A534229B82AB} URL = http://www.amazon.co.uk/s/ref=azs_o...
110 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
111 SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
112 SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
113 SearchScopes: HKU\S-1-5-21-568704525-757881285-3721914199-1001 -> {4A912A23-4678-4A81-A359-A534229B82AB} URL = http://www.amazon.co.uk/s/ref=azs_o...
1169 C:\Users\Graham\AppData\Local\Temp\Quarantine.exe
1170 C:\Users\Graham\AppData\Local\Temp\sqlite3.dll
1171 C:\Users\Pollyanna\AppData\Local\Temp\oct39DD.tmp.exe

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

message edited by Johnw


Report •

#11
December 30, 2014 at 15:22:20
Hello JohnW, have got to go to bed now, will come back to this tomorrow.

Thanks again, gep


Report •

#12
December 30, 2014 at 15:37:30
"will come back to this tomorrow"
Ok, gep.
I'm here.
http://www.timeanddate.com/worldclo...

If we do not catch up straight away, after doing post #10 & posting the log, run Malwarebytes again & post the new log.

Then check to see if you have the original problem & let me know.


Report •

#13
December 31, 2014 at 05:17:23
Hello JohnW, copied and pasted into notepad, saved with others on my desktop with the saved name fixlist.txt.
Ran FRST64

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64)
Version: 28-12-2014
Ran by Graham at 2014-12-31 13:08:26 Run:1
Running from C:\Users\Graham\Desktop
Loaded Profile: Graham (Available profiles: Graham & Pollyanna)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************closeprocesses:
emptytemp:
195 AlternateDataStreams: C:\Users\Graham\OneDrive:ms-properties
196 AlternateDataStreams: C:\Users\Graham\OneDrive (2):ms-properties
197 AlternateDataStreams: C:\Users\Pollyanna\OneDrive:ms-properties
108 SearchScopes: HKLM -> {4A912A23-4678-4A81-A359-A534229B82AB} URL = http://www.amazon.co.uk/s/ref=azs_o...
109 SearchScopes: HKLM-x32 -> {4A912A23-4678-4A81-A359-A534229B82AB} URL = http://www.amazon.co.uk/s/ref=azs_o...
110 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
111 SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
112 SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
113 SearchScopes: HKU\S-1-5-21-568704525-757881285-3721914199-1001 -> {4A912A23-4678-4A81-A359-A534229B82AB} URL = http://www.amazon.co.uk/s/ref=azs_o...
1169 C:\Users\Graham\AppData\Local\Temp\Quarantine.exe
1170 C:\Users\Graham\AppData\Local\Temp\sqlite3.dll
1171 C:\Users\Pollyanna\AppData\Local\Temp\oct39DD.tmp.exe
*****************
Processes closed successfully.
"195 C:\Users\Graham\OneDrive" => "195 :ms-properties" ADS not found.
"196 C:\Users\Graham\OneDrive (2)" => "196 :ms-properties" ADS not found.
"197 C:\Users\Pollyanna\OneDrive" => "197 :ms-properties" ADS not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\108 {4A912A23-4678-4A81-A359-A534229B82AB} => Key not found.
HKCR\CLSID\108 {4A912A23-4678-4A81-A359-A534229B82AB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\109 {4A912A23-4678-4A81-A359-A534229B82AB} => Key not found.
HKCR\Wow6432Node\CLSID\109 {4A912A23-4678-4A81-A359-A534229B82AB} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-568704525-757881285-3721914199-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\113 {4A912A23-4678-4A81-A359-A534229B82AB} => Key not found.
HKCR\CLSID\113 {4A912A23-4678-4A81-A359-A534229B82AB} => Key not found.
1169 C:\Users\Graham\AppData\Local\Temp\Quarantine.exe => Error: No automatic fix found for this entry.
1170 C:\Users\Graham\AppData\Local\Temp\sqlite3.dll => Error: No automatic fix found for this entry.
1171 C:\Users\Pollyanna\AppData\Local\Temp\oct39DD.tmp.exe => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 280 MB temporary data.

The system needed a reboot.

==== End of Fixlog 13:09:00 ====Results below.

My Brother lives down the coast in Adelaide, just been to the UK, went home on the 22 Dec

Thanks, GEP

message edited by gep


Report •

#14
December 31, 2014 at 09:00:48
Run this new script for fixlist please gep & then Malwarebytes.
]
Going to bed now.

closeprocesses:
AlternateDataStreams: C:\Users\Graham\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Graham\OneDrive (2):ms-properties
AlternateDataStreams: C:\Users\Pollyanna\OneDrive:ms-properties
SearchScopes: HKLM -> {4A912A23-4678-4A81-A359-A534229B82AB} URL = http://www.amazon.co.uk/s/ref=azs_o...
SearchScopes: HKLM-x32 -> {4A912A23-4678-4A81-A359-A534229B82AB} URL = http://www.amazon.co.uk/s/ref=azs_o...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-568704525-757881285-3721914199-1001 -> {4A912A23-4678-4A81-A359-A534229B82AB} URL = http://www.amazon.co.uk/s/ref=azs_o...
C:\Users\Graham\AppData\Local\Temp\Quarantine.exe
C:\Users\Graham\AppData\Local\Temp\sqlite3.dll
C:\Users\Pollyanna\AppData\Local\Temp\oct39DD.tmp.exe


Report •

#15
December 31, 2014 at 12:21:22
Hello John, I posed on zippyshare. http://www49.zippyshare.com/v/32960...


Malwarebytes result.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 31/12/2014
Scan Time: 15:33:32
Logfile: saved.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.31.03
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Graham

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373537
Time Elapsed: 21 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.MindSpark.A, C:\$Recycle.Bin\S-1-5-21-568704525-757881285-3721914199-1005\$RX3B5QZ.exe, Quarantined, [4e110c5d502cd363ab81c671fa0bb24e],

Physical Sectors: 0
(No malicious items detected)


Thanks, gep


Report •

#16
December 31, 2014 at 15:40:24
"Hello John, I posed on zippyshare"

Need to do it the same as before gep, but with the new script.

Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
AlternateDataStreams: C:\Users\Graham\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Graham\OneDrive (2):ms-properties
AlternateDataStreams: C:\Users\Pollyanna\OneDrive:ms-properties
SearchScopes: HKLM -> {4A912A23-4678-4A81-A359-A534229B82AB} URL = http://www.amazon.co.uk/s/ref=azs_o...
SearchScopes: HKLM-x32 -> {4A912A23-4678-4A81-A359-A534229B82AB} URL = http://www.amazon.co.uk/s/ref=azs_o...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-568704525-757881285-3721914199-1001 -> {4A912A23-4678-4A81-A359-A534229B82AB} URL = http://www.amazon.co.uk/s/ref=azs_o...
C:\Users\Graham\AppData\Local\Temp\Quarantine.exe
C:\Users\Graham\AppData\Local\Temp\sqlite3.dll
C:\Users\Pollyanna\AppData\Local\Temp\oct39DD.tmp.exe

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#17
January 2, 2015 at 11:26:30
Hello JohnW, on zippyshare http://www46.zippyshare.com/v/40291...

How was the malwarebytes results??

Also, I log onto my new Laptop using my Microsoft login. I get on using a CODE, but cannot get on using my Hotmail.com email address. Each time I try, my password for the account does not work, and when I try to send an email to get a code, it goes to a email address ja___@Hotmail.com mine should be gep______@ not Hotmail my private email address. I cannot download APPS etc, as I need my password on my laptop as it does not ask for my code number. Hackers address is ja???@Hotmail.com

Thanks, Happy New Year, Gep

message edited by gep


Report •

#18
January 2, 2015 at 21:18:56
"Hello JohnW, on zippyshare http://www46.zippyshare.com/v/40291.."
Reread my post #16 & do it that way please.

Report •

#19
January 3, 2015 at 13:35:24
Hello John, just deleted my windows account having set up a new administrator one fully down to the last saved email. fav, contact etc. Now open with my usual password, instead of Hotmail.

Took me a couple of hours to do it all, but has saved a load of hassle.

Very grateful for your great help, thanks loads, Gep


Report •

#20
January 4, 2015 at 16:00:09
"Very grateful for your great help, thanks loads, Gep"
YW Gep.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

I use Softpedia & FreewareFiles.com, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#21
January 5, 2015 at 08:23:15
Hello JohnW, good advice, thanks, Gep

Report •

Ask Question