Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Distressed...winlogonhook Won't Let Go!


  • Please log in to reply
9 replies to this topic

#1 Guest_wlhsufferer_*

Guest_wlhsufferer_*

  • Guests
  • OFFLINE
  •  

Posted 01 July 2006 - 12:40 AM

Hello everyone, first time poster here.

I've tried what many closed forums have suggested. I've DLed most spyware programs, but every reboot, the same thing happens. The Winlogonhook trojan is sitll there. Nothing's working, yet. I was hoping someone could take a look at my particular logs for some sort of guidance. I apologize that the folder names will be in Spanish, I can translate, if need be.

-ian


Hijack this log -

Logfile of HijackThis v1.99.1
Scan saved at 1:35:43, on 01-07-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Archivos de programa\Archivos comunes\AOL\1147637453\ee\AOLSoftware.exe
C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\PowerISO\PWRISOVM.EXE
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Google\Google Talk\googletalk.exe
C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HostManager] C:\Archivos de programa\Archivos comunes\AOL\1147637453\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Archivos de programa\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IPHSend] C:\Archivos de programa\Archivos comunes\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Búsqueda en Google - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traducir palabra inglesa - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe


Spysweeper log -
********
1:09: | Start of Session, Sábado, 01 de Julio de 2006 |
1:09: Spy Sweeper started
1:09: Sweep initiated using definitions version 711
1:09: Starting Memory Sweep
1:11: Memory Sweep Complete, Elapsed Time: 00:02:45
1:11: Starting Registry Sweep
1:12: Found Trojan Horse: trojan agent winlogonhook
1:12: HKLM\software\microsoft\mssmgr\ (6 subtraces) (ID = 937101)
1:12: Starting Cookie Sweep
1:12: Registry Sweep Complete, Elapsed Time:00:00:00
1:12: Cookie Sweep Complete, Elapsed Time: 00:00:08
1:12: Starting File Sweep
1:24: File Sweep Complete, Elapsed Time: 00:12:41
1:24: Full Sweep has completed. Elapsed time 00:15:41
1:24: Traces Found: 7
1:27: Removal process initiated
1:27: Quarantining All Traces: trojan agent winlogonhook
1:27: Removal process completed. Elapsed time 00:00:00
1:28: Deletion from quarantine initiated
1:28: Processing: trojan agent winlogonhook
1:28: Deletion from quarantine completed. Elapsed time 00:00:00
1:28: The Spy Communication shield has blocked access to: smart-security.biz
1:28: The Spy Communication shield has blocked access to: smart-security.biz
1:28: The Spy Communication shield has blocked access to: here4search.biz
1:28: The Spy Communication shield has blocked access to: here4search.biz

Eweido log -

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:07:51 01-07-2006

+ Scan result:



:mozilla.18:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.19:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.20:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.21:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.22:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.23:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.24:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.


::Report end


Thanks in advance. This is really frustrating me.

Edited by wlhsufferer, 01 July 2006 - 01:10 AM.


BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London

Posted 01 July 2006 - 05:28 AM

Hey wlhsufferer, welcome to BleepingComputer,
Looks like we just need to force this file off your computer.

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll

* Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

* Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:

C:\WINDOWS\SYSTEM32\winmfu32.dll

Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now.
When asked if you want to reboot now, say Yes.

Please post back with a new Hijackthis log.
David

#3 Guest_wlhsufferer_*

Guest_wlhsufferer_*

  • Guests
  • OFFLINE
  •  

Posted 01 July 2006 - 11:09 AM

David, thank you for your assistance.

I did as told, and you'll see the HiJackThis log came up clean. When I ran Spysweeper, though, it came up with the same winlogonhook registry changes, which I'd deleted. Persistent little bugger. What would you suggest?

Aside: Good luck in the football match. Funny that you should probably root for France to win tonight's match.

Thanks,
-ian

Update: After the SpySweep I did below, I rebooted once more, but into safe mode. I ran everything again, which came out clean, then rebooted, and ran everything again in Windows. There seem to be no traces left. Endless thanks for the help - eliminating the .dll on reboot was the major factor blocking a cleanup.

Aside: More penalties in the Eng-Por match, it looks like.


HiJackThis
------------
Logfile of HijackThis v1.99.1
Scan saved at 11:39:04, on 01-07-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Archivos de programa\Archivos comunes\AOL\1147637453\ee\AOLSoftware.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ARCHIV~1\MOZILL~1\FIREFOX.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HostManager] C:\Archivos de programa\Archivos comunes\AOL\1147637453\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Archivos de programa\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IPHSend] C:\Archivos de programa\Archivos comunes\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Búsqueda en Google - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traducir palabra inglesa - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\Archivos de programa\Google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151732847984
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe



Spysweeper
--------------
********
11:41: | Start of Session, Sábado, 01 de Julio de 2006 |
11:41: Spy Sweeper started
11:41: Sweep initiated using definitions version 711
11:41: Starting Memory Sweep
11:44: Memory Sweep Complete, Elapsed Time: 00:02:49
11:44: Starting Registry Sweep
11:44: Found Trojan Horse: trojan agent winlogonhook
11:44: HKLM\software\microsoft\mssmgr\ (6 subtraces) (ID = 937101)
11:44: Registry Sweep Complete, Elapsed Time:00:00:08
11:44: Starting Cookie Sweep
11:44: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:44: Starting File Sweep
11:57: File Sweep Complete, Elapsed Time: 00:13:04
11:57: Full Sweep has completed. Elapsed time 00:16:04
11:57: Traces Found: 7
12:00: Quarantining All Traces: trojan agent winlogonhook
12:00: Deletion from quarantine initiated
12:00: Processing: trojan agent winlogonhook
12:00: Deletion from quarantine completed. Elapsed time 00:00:00
********

Ewido
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:19:39 01-07-2006

+ Scan result:



:mozilla.292:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.293:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.294:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.295:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.296:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.297:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.136:C:\Documents and Settings\Naty\Datos de programa\Mozilla\Firefox\Profiles\0z53ruc4.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.


::Report end

Edited by wlhsufferer, 01 July 2006 - 12:27 PM.


#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:59 AM

Posted 01 July 2006 - 01:13 PM

Hey wlhsufferer,

Just saw England fail at penalties yet again, Ricardo was excellent though it has to be said (through gritted teeth). As a Tottenham fan they should have taken Defoe, and put Carrick and Lennon on from the start - take off Rooney and Lampard! My estimation in hargreves went up though big time - he's great! Sorry, back onto the computer stuff :thumbsup::

I see a clean log now, the delete on reboot did it. You have run both spySweeper and Ewido which are producing clean logs so I don't think there is any need in running any more scans. Give me the all clear that you are happy with the computer's performance and I can give you my all clean spiel.

David

#5 Guest_wlhsufferer_*

Guest_wlhsufferer_*

  • Guests
  • OFFLINE
  •  

Posted 01 July 2006 - 01:35 PM

David,

Football: You're probably right. Lennon shot some energy into the game a bit too late. Hargreaves played the game of his life. But yeah, you can't compete when a goalie goes 3 for 4 on penalty blocks. I particularly don't like Crouch...the way he plays, his skill level, his presence on the pitch...everything. The loss must sting, though...Becks might have one more WC shot in 2010, and thankfully it won't be Eriksson controlling the game - his system ruined Lazio before this.

Computer Security: All clear on the system. I don't think any other tutorial on winlogonhook suggested changing that config setting on HiJackThis.

Thanks again, :thumbsup:
-ian

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London

Posted 01 July 2006 - 03:04 PM

Ian,

Football: Tell me about it - Crouch never looks dangerous on the ball - more like a lumbering oaf. We need more players like Lennon who actually look like they will do something that might lead to a goal, eg Christiano Ronaldo for example - everytime he had the ball near the box I was gripping my glass I nearly cracked it! Well another year, another failed attempt by England!

Computer Security: Glad I could help! :thumbsup:
The latest log is looking clean!
Follow this list and your potential for being infected again will reduce dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> * Computer Safety On line - Anti-Virus[
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

If you have any addition questions just ask...
David

#7 Guest_wlhsufferer_*

Guest_wlhsufferer_*

  • Guests
  • OFFLINE
  •  

Posted 01 July 2006 - 05:14 PM

David,

I guess I do have one lingering question. I went to check my ICF settings, just to make sure nothing had changed, and the I get an error message that says Some unidentified problem prevents my opening of said ICF. :thumbsup: Did I miss something on a sweep, or is there something I have to fix?

-Ian

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:59 AM

Posted 02 July 2006 - 03:30 AM

Download sharedaccess.reg (only for systems running Windows XP Service Pack 2) and save to Desktop:
http://windowsxp.mvps.org/reg/sharedaccess.reg

Then double-click the file to merge the contents to the registry. The Services entry will be created. Restart Windows (mandatory step, otherwise the following NETSH command will display an error message).

After restarting Windows, run this from Command Prompt (cmd.exe):

NETSH FIREWALL RESET

Launch firewall applet from Control Panel, and then configure your Windows Firewall settings.

If nothing helps, as a last-resort solution (before reinstalling Windows XP Service Pack 2), give these two commands a try. Click Start, Run and type:

"rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf"

Restart Windows, and then run this command (from Command Prompt):

"NETSH FIREWALL RESET"

Attempt to start Firewall applet. Start the Windows Firewall service if prompted.

Let me know how it goes,
David

#9 Guest_wlhsufferer_*

Guest_wlhsufferer_*

  • Guests
  • OFFLINE
  •  

Posted 03 July 2006 - 03:44 AM

David,

I tried the first process with sharedaccess.reg and it worked perfectly. I checked the settings, and Remote Assistance was checked, so I turned that off.

ALL CLEAR...finally.

I can't thank you enough. :thumbsup:

-Ian


P.S. Football -- Brazil knocked out leaves no South American teams in the WC: something that hasn't happened since '82. I am now cheering for France because 1) I don't like Germany as a team (Ballack and Lehmann are good, yes), 2) Italy has stumbled through the Cup until now, and was given at least two wins as gifts, 3) Portugal...well, it's Portugal.

At least the French proved that '98 wasn't necessarily a fluke, or rigged. :flowers:

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London

Posted 03 July 2006 - 12:38 PM

Hey wlhsufferer! :thumbsup:

Glad to hear the computer is running better and that you got the passwords sorted out. I don't want to talk about football anymore - I've permanately erased this year's Word Cup from my memory! I also dislike Germany as a team - I want France to win, a) because I like French people and speak French quite well, :flowers: I like Fabien Barthez! (not in that way!), c) I don't want any other team to win, d) they play some of the best football in the world!

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users