I'm another winlogonhook victim please help me =( - Mischel Internet Security Forum

Jobs | About | Blog | Contact

Download TrojanHunter Now
Free 30-day trial!

Latest TrojanHunter Version:
TrojanHunter 5.0

Order Now
License file delivered within minutes.

Welcome, Guest. Please Login or Register.

May 16^th, 2008, 2:11am

   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   I'm another winlogonhook victim please help me =(

« Previous topic | Next topic »

Pages: 1 2

Notify of replies

Send Topic

Author

Topic: I'm another winlogonhook victim please help me =( (Read 512 times)

INEEDMAJORHELP
Newbie

Posts: 11

I'm another winlogonhook victim please help me =(
« on: Jan 5^th, 2008, 1:25am »

Quote

Modify

I've been trying to run scans for hours and read up on other topics, and im really confused and worried for my computer. I feel like crying and reinstalling the OS and deleting everything. The winlogonhook trojan has given me a big headache and a few hours to sleep. I really hope someone can help me clean my system because it needs treatment.

I'm really hoping somone can fix this. I can't access my control panel nor my computer properties. plus i keep on getting stupid messages which make me angry.

And i was wondering if its okay to get on the internet or not. im using a different computer, but i use a jump drive to do the transfer of log files and downloads and other things.

Logfile of HijackThis v1.99.1
Scan saved at 2:21:06 AM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
C:\Program Files\Apoint\Apoint .exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony\ISB Utility\ISBMgr .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr .exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr .exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\WINDOWS\avp.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\MSSYSM~2.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt .exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole .exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\MSSYSM~2 .EXE
C:\WINDOWS\avp .exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\RegistryBooster 2\RegistryBooster .exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast .exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast .exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Application Data\U3\0000185E2575D48A\LaunchPad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstr.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [VMConsole.exe] "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe" /windowmin
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp .exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\MSSYSM~3.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\RegistryBooster 2\RegistryBooster .exe /S
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - Startup: findfast .exe
O4 - Startup: findfast .exe
O4 - Startup: findfast .exe
O4 - Startup: findfast.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.c ab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5270

Re: I'm another winlogonhook victim please help me
« Reply #1 on: Jan 5^th, 2008, 2:11am »

Quote

Modify

Welcome to the forum, INEEDMAJORHELP � Wink

Yep, you are infected. �However, I don't think it will take a complete rebuild to correct the problems. �

You probably should print out these instructions so you will have them when you close your browser.

Please do this.

1. �Go to the link below and download combofix.exe. �Save it on your desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. �Now close down all your Security Programs except your software firewall. �Disable your resident antivirus program. �Close your browser window(s).

3. �Double click combofix.exe & follow the prompts.

When combofix finishes, it will produce a log for you.

Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.

4. �Post back here the log from Combofix and post a new Hijackthis log.

In addition, I sent you a forum Private Message. You need to be signed onto the forum to access your Private Message.

« Last Edit: Jan 5^th, 2008, 3:21am by siliconman01 »

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5270

Re: I'm another winlogonhook victim please help me
« Reply #2 on: Jan 5^th, 2008, 2:35am »

Quote

Modify

After you complete the above post, please go to the link below and follow the procedure for further cleaning of your system. You have several trojans and other items on your system.

http://www.misec.net/forum/board/FAQ/1170863449

Once you have completed all the steps in the procedure above, please post back here

- A new Hijackthis scan log
- The scan/cleaning log of SuperAntispyware
- The scan/cleaning log of TrojanHunter
- The scan/cleaning log of Bit Defender

In addition, what version of Norton(Symantec) are you running? NIS 2005, NIS 2006, NIS 2007, NIS 2008? And does it have a current subscription and receiving daily updates?

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

INEEDMAJORHELP
Newbie

Posts: 11

Re: I'm another winlogonhook victim please help me
« Reply #3 on: Jan 5^th, 2008, 10:07pm »

Quote

Modify

i have 05 i do believe and no i havent gotten any new subscriptions since it costs alot

« Last Edit: Jan 5^th, 2008, 10:07pm by INEEDMAJORHELP »

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5270

Re: I'm another winlogonhook victim please help me
« Reply #4 on: Jan 5^th, 2008, 10:59pm »

Quote

Modify

Okay, I assume you are doing the work list I posted above. �Also I have responded to your Private Message. � Wink

Quote:

i have 05 i do believe and no i havent gotten any new subscriptions since it costs alot

You are effectively running your computer unprotected. �If your subscription on 2005 has expired, NIS 2005 has more or less "turned off" both your firewall detection and infection protection. �Definitely NOT a good situation and you will continue to become infected because you are unguarded. �

HOWEVER, I do not recommend that you buy a subscription for NIS 2005. I do recommend that you buy a license for NIS 2008 and replace NIS 2005.

« Last Edit: Jan 6^th, 2008, 12:34am by siliconman01 »

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

INEEDMAJORHELP
Newbie

Posts: 11

Re: I'm another winlogonhook victim please help me
« Reply #5 on: Jan 6^th, 2008, 12:11pm »

Quote

Modify

I see a major difference after running combofix. I can now access my control panel and other settings but i can't seem to access any email due to norton antivirus program. The program tells me i do not have authority to change the setting(s). And about the 08 version of NIS do i have to buy it to be ultimately protected? The logs for hijackthis and combofix will be posted following this one

IP Logged

INEEDMAJORHELP
Newbie

Posts: 11

Re: I'm another winlogonhook victim please help me
« Reply #6 on: Jan 6^th, 2008, 12:14pm »

Quote

Modify

ComboFix 08-01-04.1 - Owner 2008-01-06 12:35:36.3 - NTFSx86
Running from: H:\Documents\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~1\SYMNET~1\SNDMon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RegistryBooster 2\RegistryBooster .exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\SymNetDrv\SNDMon.exe
C:\Program Files\Valve\Steam\\Steam.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\RCX65.tmp
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\vtstr.exe
C:\WINDOWS\xpupdate.exe
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\Owner\Application Data\printer.exe
C:\Documents and Settings\Owner\Application Data\ultra
C:\Documents and Settings\Owner\Application Data\ultra\uninstall.bat
C:\Documents and Settings\Owner\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\Owner\Desktop\Free Online Dating.lnk
C:\Documents and Settings\Owner\Desktop\Go to Casino.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast .exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast .exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast .exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast .exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast .exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast.exe
C:\PROGRA~1\SYMNET~1\SNDMon.exe
C:\Program Files\3269.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Ahead\Ahead\data\Xtras\MSSYSM~1 .EXE
C:\Program Files\Ahead\Ahead\data\Xtras\MSSYSM~1.EXE
C:\Program Files\Ahead\Ahead\data\Xtras\MSSYSM~2 .EXE
C:\Program Files\Ahead\Ahead\data\Xtras\MSSYSM~2.EXE
C:\Program Files\Ahead\Ahead\data\Xtras\MSSYSM~3 .EXE
C:\Program Files\Ahead\Ahead\data\Xtras\MSSYSM~3.EXE
C:\Program Files\Ahead\Ahead\data\Xtras\MSSYSM~4 .EXE
C:\Program Files\Ahead\Ahead\data\Xtras\MSSYSM~4.EXE
C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr .exe
C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Helper
C:\Program Files\Helper\Helper9.dll
C:\Program Files\Helper\ifastseek.dll
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\lsass.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\RegistryBooster 2\RegistryBooster .exe
C:\Program Files\smss.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\spoolsv.exe
C:\Program Files\SymNetDrv\SNDMon.exe
C:\Program Files\Valve\Steam\\Steam.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\lsass .exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddcaaaw.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drvcadr.dll
C:\WINDOWS\system32\drvmofr.dll
C:\WINDOWS\system32\icvjbqyy.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\printer .exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\RCX6C.tmp
C:\WINDOWS\system32\rponkyau.ini
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\spoolvs .exe
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\tuvstro.dll
C:\WINDOWS\system32\uayknopr.dll
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\vtstr.exe
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\winuns32.dll
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\yrmlfjnc.dll
C:\WINDOWS\TEMP\winD1 .exe
C:\WINDOWS\xpupdate.exe

Code:

<pre>
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe" replaces infected copy of "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe" replaces infected copy of "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"C:\Program Files\AIM6\aim6 .exe" replaces infected copy of "C:\Program Files\AIM6\aim6.exe"
"C:\Program Files\Apoint\Apoint .exe" replaces infected copy of "C:\Program Files\Apoint\Apoint.exe"
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe" replaces infected copy of "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"C:\Program Files\Common Files\Real\Update_OB\realsched .exe" replaces infected copy of "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
"C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool .exe" replaces infected copy of "C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe"
"C:\Program Files\Common Files\Symantec Shared\ccApp .exe" replaces infected copy of "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe" replaces infected copy of "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
"C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe" replaces infected copy of "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"C:\Program Files\iTunes\iTunesHelper .exe" replaces infected copy of "C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe" replaces infected copy of "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"C:\Program Files\MSN Messenger\msnmsgr .exe" replaces infected copy of "C:\Program Files\MSN Messenger\msnmsgr.exe"
"C:\Program Files\Sony\ISB Utility\ISBMgr .exe" replaces infected copy of "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole .exe" replaces infected copy of "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe"
"C:\Program Files\Sony\VAIO Power Management\SPMgr .exe" replaces infected copy of "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
"C:\Program Files\Sony\VAIO Update 3\VAIOUpdt .exe" replaces infected copy of "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe"
"C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr .exe" replaces infected copy of "C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe"
"C:\Program Files\SymNetDrv\SNDMon .exe" replaces infected copy of "C:\Program Files\SymNetDrv\SNDMon.exe"
"C:\Program Files\Valve\Steam\Steam .exe" replaces infected copy of "C:\Program Files\Valve\Steam\Steam.exe"
"C:\Program Files\Windows Media Player\WMPNSCFG .exe" replaces infected copy of "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
"C:\WINDOWS\avp .exe" replaces infected copy of "C:\WINDOWS\avp.exe"
"C:\WINDOWS\xpupdate .exe" replaces infected copy of "C:\WINDOWS\xpupdate.exe"
"C:\WINDOWS\ATK0100\Hcontrol .exe" replaces infected copy of "C:\WINDOWS\ATK0100\Hcontrol.exe"
"C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal .exe" replaces infected copy of "C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe"
"C:\WINDOWS\SONYSYS\VAIO Recovery\reminder .exe" replaces infected copy of "C:\WINDOWS\SONYSYS\VAIO Recovery\reminder.exe"
"C:\WINDOWS\system32\ctfmon .exe" moved to QooBox
"C:\WINDOWS\system32\NeroCheck .exe" replaces infected copy of "C:\WINDOWS\system32\NeroCheck.exe"
"C:\WINDOWS\system32\printer .exe" moved to QooBox
"C:\WINDOWS\system32\spoolvs .exe" moved to QooBox
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe" replaces infected copy of "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe" replaces infected copy of "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"C:\Program Files\AIM6\aim6 .exe" replaces infected copy of "C:\Program Files\AIM6\aim6.exe"
"C:\Program Files\Apoint\Apoint .exe" replaces infected copy of "C:\Program Files\Apoint\Apoint.exe"
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe" replaces infected copy of "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"C:\Program Files\Common Files\Real\Update_OB\realsched .exe" replaces infected copy of "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
"C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool .exe" replaces infected copy of "C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe"
"C:\Program Files\Common Files\Symantec Shared\ccApp .exe" replaces infected copy of "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe" replaces infected copy of "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
"C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe" replaces infected copy of "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"C:\Program Files\iTunes\iTunesHelper .exe" replaces infected copy of "C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe" replaces infected copy of "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"C:\Program Files\MSN Messenger\msnmsgr .exe" replaces infected copy of "C:\Program Files\MSN Messenger\msnmsgr.exe"
"C:\Program Files\Sony\ISB Utility\ISBMgr .exe" replaces infected copy of "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole .exe" replaces infected copy of "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe"
"C:\Program Files\Sony\VAIO Power Management\SPMgr .exe" replaces infected copy of "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
"C:\Program Files\Sony\VAIO Update 3\VAIOUpdt .exe" replaces infected copy of "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe"
"C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr .exe" replaces infected copy of "C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe"
"C:\Program Files\SymNetDrv\SNDMon .exe" replaces infected copy of "C:\Program Files\SymNetDrv\SNDMon.exe"
"C:\Program Files\Valve\Steam\Steam .exe" replaces infected copy of "C:\Program Files\Valve\Steam\Steam.exe"
"C:\Program Files\Windows Media Player\WMPNSCFG .exe" replaces infected copy of "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
"C:\WINDOWS\ATK0100\Hcontrol .exe" replaces infected copy of "C:\WINDOWS\ATK0100\Hcontrol.exe"
"C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal .exe" replaces infected copy of "C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe"
"C:\WINDOWS\SONYSYS\VAIO Recovery\reminder .exe" replaces infected copy of "C:\WINDOWS\SONYSYS\VAIO Recovery\reminder.exe"
"C:\WINDOWS\system32\ctfmon .exe" moved to QooBox
"C:\WINDOWS\system32\NeroCheck .exe" replaces infected copy of "C:\WINDOWS\system32\NeroCheck.exe"
</pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\NPF

((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 12:50 . 2008-01-06 12:50319--ahs----C:\WINDOWS\system32\rtstv.ini
2008-01-06 12:49 . 2008-01-06 12:49331,776--a------C:\WINDOWS\system32\vtstr.exe
2008-01-06 12:46 . 2008-01-06 12:47328,192---------C:\WINDOWS\system32\vtstr.dll
2008-01-06 11:54 . 2008-01-06 12:49488,448--a------C:\WINDOWS\system32\NeroCheck.exe
2008-01-06 00:01 . 2000-08-31 08:0051,200--a------C:\WINDOWS\NirCmd.exe
2008-01-05 17:14 . 2008-01-05 17:14104,448--a------C:\WINDOWS\system32\drvmof.dll
2008-01-05 02:20 . 2005-02-16 11:06218,112--a------C:\SUPERSTUFF.exe
2008-01-05 01:05 . 2008-01-05 01:05143--a------C:\WINDOWS\wininit.ini
2008-01-05 00:13 . 2008-01-05 00:52<DIR>d--------C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 23:03 . 2008-01-04 23:0329,824--a------C:\WINDOWS\system32\ctfmona .exe
2008-01-04 22:50 . 2008-01-04 22:50<DIR>d--------C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com
2008-01-04 22:37 . 2008-01-04 22:371,283,174--a------C:\Install
2008-01-04 22:37 . 2008-01-04 22:37104,448--a------C:\WINDOWS\system32\drvcad.dll
2008-01-03 17:53 . 2008-01-03 17:53<DIR>d--------C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-03 16:35 . 2008-01-03 17:54<DIR>d--------C:\FLEXlm
2008-01-03 16:30 . 2001-06-21 21:3973,728--a------C:\WINDOWS\system32\drivers\SENTINEL.SYS
2008-01-03 16:30 . 2001-06-21 21:3949,664--a------C:\WINDOWS\system32\SNTI386.DLL
2008-01-03 16:30 . 2001-06-21 21:3920,032-ra------C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2008-01-03 16:30 . 2001-06-21 21:3918,432--a------C:\WINDOWS\system32\RNBOVDD.DLL
2008-01-03 16:30 . 2001-06-21 21:399,949--a------C:\WINDOWS\system32\SENTINEL.HLP
2008-01-03 16:30 . 2005-03-03 18:562,577--a------C:\WINDOWS\system32\config.hsp
2008-01-03 16:29 . 2008-01-03 16:30<DIR>d--------C:\WINDOWS\system32\RNBOSENT
2008-01-03 16:25 . 2008-01-03 16:25<DIR>d--------C:\Program Files\Autodesk
2008-01-03 16:20 . 2008-01-03 16:20<DIR>d--------C:\Program Files\FLEXLM
2008-01-03 16:14 . 2008-01-03 16:14<DIR>d--------C:\Program Files\Common Files\Autodesk Shared
2008-01-03 16:14 . 2008-01-03 16:15<DIR>d--------C:\Program Files\Common Files\Alias Shared
2008-01-02 21:12 . 2008-01-02 21:12<DIR>d--------C:\Program Files\PowerISO
2007-12-31 18:02 . 2007-12-31 18:02<DIR>d--------C:\Program Files\Hasbro
2007-12-31 13:11 . 2007-12-31 13:11<DIR>d--------C:\Program Files\Valve
2007-12-29 00:28 . 2007-12-29 00:28<DIR>d--------C:\Program Files\ACW
2007-12-27 15:34 . 2008-01-05 02:17<DIR>d--------C:\Documents and Settings\Owner\Application Data\U3
2007-12-18 17:06 . 2007-12-18 17:06<DIR>d--------C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder
2007-12-18 17:05 . 2007-12-18 17:0520--a------C:\WINDOWS\Hposcv07.INI
2007-12-18 16:23 . 2007-12-18 16:24<DIR>d--------C:\WINDOWS\system32\NtmsData
2007-12-18 16:23 . 2007-12-18 17:06<DIR>d--------C:\WINDOWS\AiOTemp
2007-12-15 10:00 . 2008-01-06 12:4754,156--ah-----C:\WINDOWS\QTFont.qfn
2007-12-15 10:00 . 2007-12-15 10:001,409--a------C:\WINDOWS\QTFont.for
2007-12-15 07:38 . 2007-12-15 07:38268--ah-----C:\sqmdata16.sqm
2007-12-15 07:38 . 2007-12-15 07:38244--ah-----C:\sqmnoopt16.sqm
2007-12-15 06:08 . 2007-12-15 06:08268--ah-----C:\sqmdata15.sqm
2007-12-15 06:08 . 2007-12-15 06:08244--ah-----C:\sqmnoopt15.sqm
2007-12-14 15:15 . 2007-12-14 15:15268--ah-----C:\sqmdata14.sqm
2007-12-14 15:15 . 2007-12-14 15:15244--ah-----C:\sqmnoopt14.sqm
2007-12-12 15:16 . 2007-12-12 15:16268--ah-----C:\sqmdata13.sqm
2007-12-12 15:16 . 2007-12-12 15:16244--ah-----C:\sqmnoopt13.sqm
2007-12-11 20:41 . 2007-12-11 20:41268--ah-----C:\sqmdata12.sqm
2007-12-11 20:41 . 2007-12-11 20:41244--ah-----C:\sqmnoopt12.sqm
2007-12-11 18:10 . 2007-04-17 04:282,455,488-----c---C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-11 18:10 . 2007-01-08 19:07991,232-----c---C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-07 15:12 . 2007-12-07 15:12<DIR>dr-h-----C:\Documents and Settings\Owner\Application Data\SecuROM

IP Logged

INEEDMAJORHELP
Newbie

Posts: 11

Re: I'm another winlogonhook victim please help me
« Reply #7 on: Jan 6^th, 2008, 12:15pm »

Quote

Modify

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 17:49---------d-----wC:\Program Files\iTunes
2008-01-06 17:48---------d-----wC:\Program Files\SymNetDrv
2008-01-06 17:48---------d-----wC:\Program Files\Common Files\Symantec Shared
2008-01-06 17:48---------d-----wC:\Program Files\Apoint
2008-01-06 17:47---------d-----wC:\Program Files\RegistryBooster 2
2008-01-06 17:47---------d-----wC:\Program Files\MSN Messenger
2008-01-06 17:47---------d-----wC:\Program Files\AIM6
2008-01-06 05:27---------d-----wC:\Program Files\QuickTime
2008-01-04 03:31---------d-----wC:\Documents and Settings\Owner\Application Data\uTorrent
2008-01-03 23:45---------d-----wC:\Program Files\Common Files\Adobe
2007-12-29 05:34---------d-----wC:\Program Files\XBC
2007-12-27 07:42---------d-----wC:\Program Files\XLink Kai Evolution VII
2007-12-18 22:06---------d--h--wC:\Program Files\InstallShield Installation Information
2007-12-18 22:06---------d-----wC:\Program Files\Hewlett-Packard
2007-12-15 11:06---------d-----wC:\Program Files\BitComet
2007-12-14 20:18---------d-----wC:\Program Files\Sony
2007-12-07 20:12108,144----a-wC:\WINDOWS\system32\CmdLineExt.dll
2007-12-07 11:59---------d-----wC:\Program Files\CAPCOM
2007-12-01 04:16---------d-----wC:\Program Files\Handbrake
2007-12-01 03:45---------d-----wC:\Program Files\Common Files\DirectX
2007-12-01 03:37225,280----a-wC:\WINDOWS\system32\UAService7.exe
2007-11-29 22:05---------d-----wC:\Documents and Settings\Owner\Application Data\Pegasys Inc
2007-11-29 03:3056,976----a-wC:\WINDOWS\system32\GenSvcInst.exe
2007-11-29 03:3033,408----a-wC:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-11-29 03:30122,512----a-wC:\WINDOWS\system32\bgsvcgen.exe
2007-11-29 02:28---------d-----wC:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-29 02:21---------d-----wC:\Program Files\PIXELA
2007-11-29 02:16---------d-----wC:\Program Files\Sony Corporation
2007-11-29 02:16---------d-----wC:\Program Files\Common Files\muvee Technologies
2007-11-27 23:52---------d-----wC:\Program Files\Java
2007-11-27 02:38---------d-----wC:\Documents and Settings\Owner\Application Data\dvdcss
2007-11-27 00:22359,808----a-wC:\WINDOWS\system32\drivers\tcpip.sys
2007-11-22 16:37---------d-----wC:\Program Files\iPod
2007-11-18 16:24---------d-----wC:\Program Files\Common Files\Stardock
2007-11-18 09:14---------d-----wC:\Program Files\Stardock
2007-11-18 08:26---------d-----wC:\Program Files\YzShadow
2007-11-17 20:1892,160----a-wC:\WINDOWS\system32\cabview.dll
2007-11-17 20:1883,456----a-wC:\WINDOWS\system32\charmap.exe
2007-11-17 20:1880,896----a-wC:\WINDOWS\system32\mydocs.dll
2007-11-17 20:1880,896----a-wC:\WINDOWS\system32\dfrgres.dll
2007-11-17 20:1880,216----a-wC:\WINDOWS\system32\wuauclt.exe
2007-11-17 20:188,192----a-wC:\WINDOWS\system32\wpabaln.exe
2007-11-17 20:1878,848----a-wC:\WINDOWS\system32\rtcshare.exe
2007-11-17 20:18750,080----a-wC:\WINDOWS\system32\wiashext.dll
2007-11-17 20:1875,776----a-wC:\WINDOWS\system32\magnify.exe
2007-11-17 20:18734,208----a-wC:\WINDOWS\system32\mstsc.exe
2007-11-17 20:1872,704----a-wC:\WINDOWS\system32\winchat.exe
2007-11-17 20:1870,656----a-wC:\WINDOWS\notepad.exe
2007-11-17 20:1867,584----a-wC:\WINDOWS\system32\batmeter.dll
2007-11-17 20:18587,776----a-wC:\WINDOWS\system32\shimgvw.dll
2007-11-17 20:1857,344----a-wC:\WINDOWS\system32\narrator.exe
2007-11-17 20:1855,296----a-wC:\WINDOWS\system32\migpwd.exe
2007-11-17 20:1853,248----a-wC:\WINDOWS\system32\utilman.exe
2007-11-17 20:1852,224----a-wC:\WINDOWS\system32\syncapp.exe
2007-11-17 20:18492,032----a-wC:\WINDOWS\system32\wiaacmgr.exe
2007-11-17 20:18473,600----a-wC:\WINDOWS\system32\zipfldr.dll
2007-11-17 20:1845,056----a-wC:\WINDOWS\system32\rcimlby.exe
2007-11-17 20:18441,856----a-wC:\WINDOWS\system32\sol.exe
2007-11-17 20:18440,320----a-wC:\WINDOWS\system32\freecell.exe
2007-11-17 20:18402,944----a-wC:\WINDOWS\system32\fontext.dll
2007-11-17 20:184,408,320----a-wC:\WINDOWS\system32\xpsp2res.dll
2007-11-17 20:18391,680----a-wC:\WINDOWS\system32\cmd.exe
2007-11-17 20:18360,960----a-wC:\WINDOWS\system32\mspaint.exe
2007-11-17 20:18331,776----a-wC:\WINDOWS\system32\mstask.dll
2007-11-17 20:1832,256----a-wC:\WINDOWS\system32\wupdmgr.exe
2007-11-17 20:18292,864----a-wC:\WINDOWS\system32\osk.exe
2007-11-17 20:18260,096----a-wC:\WINDOWS\system32\sndrec32.exe
2007-11-17 20:18224,256----a-wC:\WINDOWS\regedit.exe
2007-11-17 20:18218,624----a-wC:\WINDOWS\system32\syncui.dll
2007-11-17 20:18200,192----a-wC:\WINDOWS\system32\moricons.dll
2007-11-17 20:182,263,040----a-wC:\WINDOWS\system32\netshell.dll
2007-11-17 20:18194,048----a-wC:\WINDOWS\system32\photowiz.dll
2007-11-17 20:18186,368----a-wC:\WINDOWS\system32\accwiz.exe
2007-11-17 20:18168,960----a-wC:\WINDOWS\system32\mobsync.exe
2007-11-17 20:18158,720----a-wC:\WINDOWS\system32\sndvol32.exe
2007-11-17 20:18151,552----a-wC:\WINDOWS\system32\wscript.exe
2007-11-17 20:18139,264----a-wC:\WINDOWS\system32\stobject.dll
2007-11-17 20:18131,072----a-wC:\WINDOWS\system32\mycomput.dll
2007-11-17 20:18130,560----a-wC:\WINDOWS\system32\mshearts.exe
2007-11-17 20:18128,512----a-wC:\WINDOWS\system32\msiexec.exe
2007-11-17 20:18122,880----a-wC:\WINDOWS\system32\winmine.exe
2007-11-17 20:18117,760----a-wC:\WINDOWS\system32\calc.exe
2007-11-17 20:18100,864----a-wC:\WINDOWS\system32\ahui.exe
2007-11-17 20:181,978,880----a-wC:\WINDOWS\system32\spider.exe
2007-11-17 20:181,656,832----a-wC:\WINDOWS\explorer.exe
2007-11-17 20:181,477,120----a-wC:\WINDOWS\system32\msgina.dll
2007-11-17 20:181,404,416----a-wC:\WINDOWS\system32\cards.dll
2007-11-17 20:181,108,480----a-wC:\WINDOWS\system32\setupapi.dll
2007-11-17 20:17840,192----a-wC:\WINDOWS\system32\rasdlg.dll
2007-11-17 20:1780,896----a-wC:\WINDOWS\system32\icmui.dll
2007-11-17 20:17744,448----a-wC:\WINDOWS\system32\comctl32.dll
2007-11-17 20:1759,392----a-wC:\WINDOWS\system32\sendmail.dll
2007-11-17 20:17500,224----a-wC:\WINDOWS\system32\cmdial32.dll
2007-11-17 20:17488,280----a-wC:\WINDOWS\system32\wuapi.dll
2007-11-17 20:17390,144----a-wC:\WINDOWS\system32\themeui.dll
2007-11-17 20:17347,136----a-wC:\WINDOWS\system32\tourstart.exe
2007-11-17 20:1732,768----a-wC:\WINDOWS\hh.exe
2007-11-17 20:1731,744----a-wC:\WINDOWS\system32\stimon.exe
2007-11-17 20:17218,624----a-wC:\WINDOWS\system32\taskmgr.exe
2007-11-17 20:17189,952----a-wC:\WINDOWS\system32\credui.dll
2004-08-04 12:0094,784--sh--wC:\WINDOWS\twain.dll
2004-08-04 12:0050,688--sh--wC:\WINDOWS\twain_32.dll
2004-08-20 03:261,216--sh--wC:\WINDOWS\Twunk_16.dll
2004-08-20 03:261,216--sh--wC:\WINDOWS\Twunk_32.dll
2004-08-04 12:001,028,096--sha-wC:\WINDOWS\system32\mfc42.dll
2004-08-04 12:0054,784--sha-wC:\WINDOWS\system32\msvcirt.dll
2004-08-04 12:00413,696--sha-wC:\WINDOWS\system32\msvcp60.dll
2004-08-04 12:00343,040--sha-wC:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28549,376--sha-wC:\WINDOWS\system32\oleaut32.dll
2004-08-04 12:0083,456--sha-wC:\WINDOWS\system32\olepro32.dll
2004-08-04 12:0011,776--sha-wC:\WINDOWS\system32\regsvr32.exe
.
Code:

<pre>
----a-w 2,241,024 2008-01-06 17:47:20 C:\Program Files\RegistryBooster 2\RegistryBooster .exe
----a-w 29,824 2008-01-05 04:03:21 C:\WINDOWS\system32\ctfmona .exe
</pre>

((((((((((((((((((((((((((((( snapshot@2008-01-06_ 0.41.30.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-06 17:45:3916,384----atwC:\WINDOWS\Temp\Perflib_Perfdata_32c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48284F34-F1E8-4439-8512-B18CB54CD4D0}]
2008-01-06 12:47328192---------C:\WINDOWS\system32\vtstr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\Ahead\data\Xtras\MS28C2~1.EXE" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\RegistryBooster 2\RegistryBooster .exe" [2008-01-06 12:47 2241024]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-06 12:47 407552]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-06 12:47 630784]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-06 12:47 6037504]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2008-01-06 12:48 1611776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2008-01-06 12:48 396800]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2008-01-06 12:48 456192]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-06 12:48 742400]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2008-01-06 12:48 396288]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2008-01-06 12:48 362496]
"TVTunerLib"="C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe" [2008-01-06 12:48 600576]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2008-01-06 12:48 627712]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2008-01-06 12:48 365568]
"VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2008-01-06 12:48 570880]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-06 12:48 396800]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-01-06 12:48 437760]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 12:49 468480]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 12:49 382976]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-06 12:49 488448]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-06 12:49 513024]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2008-01-06 12:49 1252352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 12:49 372736]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2008-01-06 12:49 425472]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-06 12:49 690176]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2008-01-06 12:49 390144]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"VMConsole.exe"="C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe" [2008-01-06 12:49 732672]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-26 18:31:21]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 20:23:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-01-18 15:48 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\vtstr.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication PackagesREG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtstr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProvidersmsapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2004-09-22 11:55]
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2006-01-25 10:54]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 13:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 14:26]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 20:26]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2003-06-18 19:12]
S3 fa410;NETGEAR FA410TX Fast Ethernet PC Card Driver;C:\WINDOWS\system32\DRIVERS\fa410nd5.sys [2001-08-17 07:12]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-02-15 00:30]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 20:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-12-13 14:33:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-22 04:01:20 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
.
************************************************************************ **

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 12:49:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\rtstv.ini 391 bytes
C:\WINDOWS\system32\rtstv.ini2 391 bytes

scan completed successfully
hidden files: 2

************************************************************************ **
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\vtstr.dll
.
Completion time: 2008-01-06 12:55:09 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-01-06 17:54:59
.
2007-12-18 08:09:52--- E O F ---

IP Logged

INEEDMAJORHELP
Newbie

Posts: 11

Re: I'm another winlogonhook victim please help me
« Reply #8 on: Jan 6^th, 2008, 12:16pm »

Quote

Modify

Logfile of HijackThis v1.99.1
Scan saved at 1:06:57 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\vrsyeaaj.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SUPERSTUFF\SUPERSTUFF.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstr.exe
O2 - BHO: {45ea41d3-f623-7e49-60b4-82c6e5ed3650} - {0563de5e-6c28-4b06-94e7-326f3d14ae54} - C:\WINDOWS\system32\doosjgfn.dll
O2 - BHO: (no name) - {352FF10D-654C-4707-B66C-5CB8EE88F942} - C:\WINDOWS\system32\vtstr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [VMConsole.exe] "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe" /windowmin
O4 - HKLM\..\Run: [b47130ca] rundll32.exe "C:\WINDOWS\system32\dhyaqqxk.dll",b
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\MS28C2~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\RegistryBooster 2\RegistryBooster .exe /S
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.c ab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\vrsyeaaj.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 5270

Re: I'm another winlogonhook victim please help me
« Reply #9 on: Jan 6^th, 2008, 2:16pm »

Quote

Modify

Combofix found and corrected several infections including some of the Symantec modules being infected. This is why you are having problems with email.

I have examined your Hijackthis log and there are still multiple infections. We need to do some more work cleaning. We are probably going to have to do multiple cleaning steps...one at a time...until we get rid of some of this junk.

Please do this:

1. Go to the link below and download Dr. Web CureIt. Save it onto your Desktop. Do NOT run it just yet.

http://www.freedrweb.com/cureit/

2. Now reboot your computer into SAFE MODE.

3. Run Dr. Web Cureit. BE SURE to scan ALL your disk drives with Dr. Web. This make take more than one scan. Let Dr. Web clean what it finds.

4. Reboot back into Normal Mode.

5. Post back here the scan log from Dr. Web CureIt.

6. Post a new HiJackthis log.

Quote:

And about the 08 version of NIS do i have to buy it to be ultimately protected?

Concerning your question above, you either need to purchase a license for a current and active anti-virus, firewall, anti-malware program or find free software that does protection...such as ZoneAlarm free for the firewall and AVG free for the antivirus, anti-malware.

IP Logged

______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!

INEEDMAJORHELP
Newbie

Posts: 11

Re: I'm another winlogonhook victim please help me
« Reply #10 on: Jan 6^th, 2008, 9:59pm »

Quote