CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 949
Comments: 28
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

[DONE]winlogon

 
Post new topic   Reply to topic       All -> FavForums -> Startup Programs [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
simsjustin

Cadet
Cadet


Joined: Feb 16, 2005
Posts: 5
Location: USA
PostPosted: Thu Feb 17, 2005 1:40 am    Post subject: winlogon
Reply with quote

hijackthis wants to fix "Global Startup-winlogon" but it cant because it is always running and i cant close this using the task mgr. It calls it a critical process, also i cant delete it using search. please help because im sure this is what is hijacking my browsers.
Back to top
View users profile Send private message
Robin

Site Admin
Phishing Squad Team Lead

Joined: Oct 15, 2003
Posts: 8930

1st Responder Mentors a-squared Anti-Malware Administrators Forums Admin MIRT Moderators MVP Phishing Squad Security Experts Team CC Committee Team F@H

PostPosted: Thu Feb 17, 2005 6:01 pm    Post subject:
Reply with quote

Please wait for one of the 1st Responders or Security Experts to assist you with your log. Just because something is listed by hijackthis, that doesn't mean it requires fixing.
Back to top
View users profile Send private message
simsjustin

Cadet
Cadet


Joined: Feb 16, 2005
Posts: 5
Location: USA
PostPosted: Thu Feb 17, 2005 11:47 pm    Post subject:
Reply with quote

here is my hijakthis logfile
Back to top
View users profile Send private message
simsjustin

Cadet
Cadet


Joined: Feb 16, 2005
Posts: 5
Location: USA
PostPosted: Thu Feb 17, 2005 11:47 pm    Post subject:
Reply with quote

Logfile of HijackThis v1.99.0
Scan saved at 5:45:37 PM, on 2/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\aaksrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Advanced Anti Keylogger\aak.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\April\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=9
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\W8C6S4~1.DLL (file missing)
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\yi70x1o31hy3jvthd.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [AAK] C:\Program Files\Advanced Anti Keylogger\aak.exe /silent
O4 - Global Startup: SpySubtract.lnk
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O20 - AppInit_DLLs: w8c6s4xcm66s.dll, system32\aakah.dll
O23 - Service: aaksrv - Spydex, Inc. - C:\WINDOWS\System32\aaksrv.exe
Back to top
View users profile Send private message
Robin

Site Admin
Phishing Squad Team Lead

Joined: Oct 15, 2003
Posts: 8930

1st Responder Mentors a-squared Anti-Malware Administrators Forums Admin MIRT Moderators MVP Phishing Squad Security Experts Team CC Committee Team F@H

PostPosted: Fri Feb 18, 2005 4:24 am    Post subject:
Reply with quote

Your log wont be answered in this forum. Since you have already got one posted in the Hijackthis forum, please wait for one of our staff to assist you there.
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> Startup Programs All times are GMT
Page 1 of 1

 
Quick Reply:
Username: 

Quote the last message
Attach signature (signatures can be changed in profile)
 
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001 phpBB Group
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
164ppm 0.284s (0.052s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer