winhound problems

Hi guys,

I have winhound in my registry. I've followed all the spyware removal steps a few times now and removed all other instances of it. Unfortunately everything I've tried to remove this one folder fails. It's in HKLM/software, and always says it's in use. Do you know of anyway to unlock it so i can get rid of it once and for all?

 

Hello and welcome to Major Geeks.

If you have completed all the steps in our READ ME FIRST. Please post teh logs request by the tutorial.

Which are the BitDefender, Panda ActiveScan and HijackThis logs.

 

Ok, bit defender and Panda didn't find anything when I ran them. That's why I don't have the log files for them. If you need me to run them again I will and add the files. I included the hijackthis file.

 

That log looks like it is from Safe Mode. If so, I need one from Normal Mode. If it is from Normal Mode, then you have no Firewall, and your AV software is not running.

 

It was in normal mode. I'm not sure why it says I have no antivirus or firewall. System mechanic says they're both fine. i'm running the scans again and i'll do another HJT. Hopefully it will turn out better this time. Sorry about all the trouble.

 

Ok here are my logs. for some reason HJT is still missing some of my processes. I'm not really sure why that's happening. The other 2 scans found stuff this time, so hopefully they will help. I followed the rules for creating the files, I hope they're right.

 

Delete this file: c:\windows\system32\logs1.ini

Remove the following from the Internet Explorer Trusted Zone:
O15 - Trusted Zone: *.msn.ca
O15 - Trusted Zone: *.msn.com

You should never have anything in the IE Trusted Zone.

Your HijackThis log is not showing anything. By that no viruses, no firewall, shows that KAV is to load at system start and as a service, but it does not appear to be running.

Disable both System Mechanic and CounterSpy. Shut them both down and exit them completely. Then give me a fresh HijackThis.

 

Ok I deleted the file, and cleared the trusted zone. Neither system mechanic or counterspy are running. I redid the HJT log. It still is missing a few of my processes, particularly my antivirus. I did ctrl-alt-delete after and there it shows everything running. Not really sure what's going on. Here's the log.

 

OK, since HijackThis isn't returning any information of real use.

Do the following:
Running WinPfind by OldTimer
Using GetRunKey

Post WinPFind.txt and runkey.txt when finished.

 

Ok, here are the two new logs. Hopefully they came up with something.

 

Your logs are not showing Winhound. What program is showing it, and can you post a log from it?

 

here is my most recent log from counterspy. i ran it this afternoon. it shows winhound.

 

Download and Install:
- Registrar Lite

Run Registrar Lite navigate to the following Registry Key; take ownership of the key by clicking on the key, go to Security -> Take Ownership. Now delete the key

HKEY_LOCAL_MACHINE\SOFTWARE\WinHound.com

REBOOT

Does CounterSpy still find WinHound in the registry?

 

ok i ran registrar lite. it's says that i need the pro edition to take ownership. i tried downloading that but you have to pay for it, so i still couldn't delete the entry. is there any other program that does that?

 

That feature should be available in the lite edition. Just try deleting the registry key without taking ownership.

 

I tried deleting it without taking ownership, and tried changing permissions. It told me that access was denied.

 

Boot to Safe Mode and try deleting the Key using REGEDIT.

 

I've tried deleting it in safe mode. I've also had counterspy try and delete it at start up before anything is loaded. I always get the same message that the file is currently in use.

 

Follow the directions for Smitfraud, SpySheriff, SpyAxe & PSGuard Removal.

Post smitfiles.txt when finished.

 

Shadow Puter dude, you're my hero

thank you so much. the winhound is finally out of my registry. my computer doesn't seem to be as slow anymore. I noticed on the file that there were a couple of entries causing my internet explorer to load on start up. I didn't even realise that was happening, so I deleted them. Everything else seems to be good. Here's the smit file. I'm running Panda right now, so I will post it's findings as well.

 

here is my panda scan as well. it says that i still have adware on here, but it's a big improvment from before.

 

Delete the following file: c:\windows\system32\stub2.ini

Lets flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.

 

I tried running through the steps to protect myself from malware. i have zonealarm installed, and managed to install firefox. I have discovered a new problem though. after deleting the registry keys that were causing ie to run on startup, it's started crashing everytime i load it. i can't get firefox to recognise a connection at all, along with any program that has an updater. i'm not sure if this is a whole new virus. all my scans said i was clean.

 

The Winsock may be broken; which, is not unusually side effect of Malware.

Download and run Winsock XP Fix.