winlogonhook is the bane of my existence

here's the deal: I've followed the Winlogonhook Removal Procedure, read and performed multiple malware removal "Read Me's" and scanned my infected office PC with Ewido Security Suite (have had that for almost a year now), Ad-Aware (had that for a while too), Spybot (also had that prior to this virus fiasco), TrojanHunter and online scanners like Panda and Trend Housecall. I've gone in and out of regedit looking for rogue entries, booted and rebooted in Safe Mode, Normal Mode, you name it. I've read other posts on this topic (here and in other forums) and tried applying it to my situation [e.g. tried to "fix/delete" 'O20 - Winlogon Notify: winjrd32 - winjrd32.dll (file missing)' in the HT log below but it keeps reappearing]. I think I've tried everything a layperson can do to kill this thing on my own. But always, in the end, Spy Sweeper finds this "winlogonhook" and says it's a trojan horse.

Attached is my most recent HT log (not done in Safe Mode - wasn't sure if it should be in Normal or Safe) and my Spy Sweeper logfile from the past few scans (which were done yesterday and today between scans with other software like ewido and trojanhunter etc). can someone please help? I need a little one-on-one attention with this.

Oh and you also might want to know that this nasty 'winlogonhook' seems to be a direct after-effect / side-effect of a recent run-in I had with SpywareQuake, SpywareStrike, and WinFixer which I think/thought I had successfully removed a few days ago (though maybe not completely?). thanks in advance.

 

yes. I believe it was Spy Sweeper. but that was a few days ago. should I do it again?

yes. because I was having problems with an 'ActiveX controls' box that kept popping up at random times, and something I read somewhere said that configuring my IE proxy that way (in IE preferences) might help. I never use Internet Explorer.

 

oops.. here's the rest

paid subscriber

not sure. it was recently. I think it might've been when I was tackling those other malware issues - when I was doing one of those Read Me / Removal procedures, but I can't be sure of the exact date.

I did the READ & RUN ME (I've done so many damn Read & Run Me's it's ridiculous). see attached Ewido log. thanks for your help so far.

 

yeah but I already did it at least once, and it obviously didn't help.

I'm not getting the ActiveX warnings anymore, and I have it configured to not use the proxy server settings when accessing *.microsoft.com and *.webroot.com so I can get updates.

 

I did do it. I just didn't do it today and I didn't do it right before posting my HJT log. so I might've overlooked some stuff when starting this thread. sorry. look. I've been scouring so many of these forums and running so many different scans etc while also just trying to stay on top of my workload here and understand what is up with this 'trojan agent.' it's also not that easy to keep all this protocol for the different forums straight, and your READ & RUN isn't exactly the most articulate / easy to follow. all I know is that each of these removal processes hasn't worked so far. if you really want me to drop everything and run your READ & RUN ME right now, I will. so. doing it all again now.. thanks

 

ok. amazing. I did it again, and this time no 'winlogonhook' showed up both times. but my question to you now is: do I need to do anything to prevent it from coming back before I shutdown/restart my computer? for instance - should I disable (then enable) system restore or anything like that? I mean. I just don't trust that it's really gone, so I'm probably going to run at least a couple more scans (Ewido scan and maybe another Spy Sweeper) to make sure, but first I want to make sure there isn't some special protocol I should follow first.

and what about all this different malware-removal related software I have on my computer now - should I keep all of it? what should I have running on a regular basis? also, I'm suddenly (as of the last 3 hours) getting a 'windows security alert' that keeps saying I might not have antivirus software installed (?!) which seems ridiculous to me, since I haven't removed any programs, only added the recommended scanners and kept what I had before (because it was basic stuff like ewido, spybot and ad-aware). can you offer a quick word of advice on that or should I just go back to the forum(s) and look for clues?

THANKS

THANK YOU

 

wait. delete Ewido? really? some tech guy gave me that last year and said "it's one of the best" and that I should have it. I paid for it. no? and should I be worried if this 'windows security alert' is suddenly telling me I don't seem to have antivirus software?

 

sorry. sorry. for some reason i'm not seeing your whole post and missing stuff at the bottom upon first read.. i see that part about the antivirus software now.

 

no i bought it too

 

can't I just disable one of them (like Spy Sweeper) so it's not running all the time but I still have it in case I need it?

also, just to confirm: I don't need to do anything with 'System Restore' before rebooting and attaching that HJT log you requested?

 

ok. cool. I deleted the HJT entries you mentioned. so now I'm going to close out of everything. disable System Restore. reboot. re-enable System Restore. run HJT. attach that log. then finally go home for the night (and eventually download one of those free antivirus applications tomorrow). thanks again for all your help with this.

 

see attached HJT log after "fix" and reboot.

 

ok. but I'm not sure I even have Symantec. all I can find is Symantic Live Update but I'm not sure what it's updating (?) - if anything - or is that the name of their antivirus software? (sorry. this computer wasn't mine a year ago, so I can't vouch for its software history, and I'm not sure what kind of antivirus software it has on it right now)