Overclock.net › Forums › Software, Programming and Coding › Other Software › Trojan Agent Winlogonhook
New Posts  All Forums:Forum Nav:

Trojan Agent Winlogonhook

post #1 of 4
Thread Starter 
I downloaded a trial of Spy Sweeper, scanned and found traces of Trojan Agent Winlogonhook in my registry- HKLM\\SOFTWARE\\MICROSOFT\\MSSMGR.
As it's a trial I have to purchase to remove, here's my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 23:01:00, on 17/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccProxy.exe
C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe
C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvc.exe
C:\\WINDOWS\\system32\\cisvc.exe
C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\
avapsvc.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\ E_S4I0S2.EXE
C:\\Program Files\\Microsoft IntelliPoint\\point32.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe
C:\\PROGRA~1\\TWINTO~1\\MouseElf.EXE
C:\\Program Files\\TwinTouch SE\\EMouse.exe
C:\\Program Files\\Microsoft Office\\Office\\1033\\OLFSNT40.EXE
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Common Files\\Symantec Shared\\Security Console\\NSCSRVCE.EXE
C:\\WINDOWS\\system32\\NOTEPAD.EXE
C:\\WINDOWS\\system32\\cidaemon.exe
C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe
C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe
C:\\Program Files\\Webroot\\Spy Sweeper\\SSU.EXE
C:\\PROGRA~1\\WINZIP\\winzip32.exe
C:\\Documents and Settings\\Backup\\Local Settings\\Temp\\wz54d6\\HijackThis.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://google.com/
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion \\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion \\Internet Settings,ProxyOverride = local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.5.0_06\\bin\\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\\Program Files\\Common Files\\Symantec Shared\\AdBlocking\\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\\Program Files\\Common Files\\Symantec Shared\\AdBlocking\\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\NavShExt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\\WINDOWS\\ImageShackToolbar\\ImageShackToolbar. dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\\WINDOWS\\system32\\msdxm.ocx
O4 - HKLM\\..\\Run: [EPSON Stylus C66 Series] "C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\ \E_S4I0S2.EXE" /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\\..\\Run: [IntelliPoint] "C:\\Program Files\\Microsoft IntelliPoint\\point32.exe"
O4 - HKLM\\..\\Run: [ccApp] "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
O4 - HKLM\\..\\Run: [mouseElf] C:\\PROGRA~1\\TWINTO~1\\MouseElf.EXE
O4 - HKLM\\..\\Run: [MSConfig] "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfi g.exe" /auto
O4 - HKLM\\..\\Run: [SpySweeper] "C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe" /startintray
O4 - HKCU\\..\\Run: [msnmsgr] "C:\\Program Files\\MSN Messenger\\msnmsgr.exe" /background
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\\Program Files\\Microsoft Office\\Office\\1033\\OLFSNT40.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://L:\\Office12\\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\\WINDOWS\\ImageShackToolbar\\ImageShackToolbar. dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\\WINDOWS\\ImageShackToolbar\\ImageShackToolbar. dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\\WINDOWS\\ImageShackToolbar\\ImageShackToolbar. dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\\WINDOWS\\ImageShackToolbar\\ImageShackToolbar. dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_06\\bin\\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_06\\bin\\ssv.dll
O9 - Extra button: @C:\\WINDOWS\\ImageShackToolbar\\ImageShackToolbar .dll,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\\WINDOWS\\ImageShackToolbar\\ImageShackToolbar. dll
O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\\WINDOWS\\ImageShackToolbar\\ImageShackToolbar. dll
O9 - Extra button: @C:\\Program Files\\Messenger\\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\\Program Files\\Messenger\\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.6.0.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar...ackToolbar.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\MSNMES~1\\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: winusj32 - winusj32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\\WINDOWS\\SYSTEM32\\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\\Program Files\\Common Files\\Adobe Systems Shared\\Service\\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\\Program Files\\Norton Internet Security\\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\\Program Files\\Norton Internet Security\\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\\Program Files\\Common Files\\Macromedia Shared\\Service\\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:\\mysql\\bin\\mysqld-nt.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\Security Console\\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\\Program Files\\Norton Internet Security\\Norton AntiVirus\\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe

Can anyone help me out?
post #2 of 4
Download 3 programs:
Ad-aware Personal Edition
Spybot Search and Destroy
AVG Antivirus Free


These will do a much better job at catching spyware for you, after you download and install the programs, do the scans in safemode (F8 on the windows load screen to access it)
post #3 of 4
O20 - Winlogon Notify: winusj32 - winusj32.dll (file missing), or just winusj32 does not turn up any google hits at all. This may be what you are looking for, though Im not sure. If it was important for anything I would think google would turn something up for it.
½
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD A64 3500+ Winchester DFI nF4 SLi-DR EVGA 7800GT OCZ 4000VX 
Hard DriveOptical DriveOSMonitor
Maxtor 300Gb 16Mb Buffer Spinney one XP Pro SOYO LCD 
KeyboardPowerCaseMouse
Broken Somewhat OCZ PowerStream 520W None Old 
Mouse Pad
Pad? AHAAHAHAH 
  hide details  
Reply
½
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD A64 3500+ Winchester DFI nF4 SLi-DR EVGA 7800GT OCZ 4000VX 
Hard DriveOptical DriveOSMonitor
Maxtor 300Gb 16Mb Buffer Spinney one XP Pro SOYO LCD 
KeyboardPowerCaseMouse
Broken Somewhat OCZ PowerStream 520W None Old 
Mouse Pad
Pad? AHAAHAHAH 
  hide details  
Reply
post #4 of 4
Follow those steps and see if you still have any winlogonhook -> link.

And about your log, the only thing that can be fixed are

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: winusj32 - winusj32.dll (file missing)
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenon II X4 946 3Ghz A790GXM-AD3 Black Series XFX HD5750 1GB 4GB DDR3 
OSMonitorKeyboardPower
Windows 7 Ultimate X64 Samsung 932BW Clone ZM500-HP 
CaseMouseMouse Pad
CaseMall ATX R120-V2 SE Black Logitech G5 Steelpad 5L 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenon II X4 946 3Ghz A790GXM-AD3 Black Series XFX HD5750 1GB 4GB DDR3 
OSMonitorKeyboardPower
Windows 7 Ultimate X64 Samsung 932BW Clone ZM500-HP 
CaseMouseMouse Pad
CaseMall ATX R120-V2 SE Black Logitech G5 Steelpad 5L 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Other Software
Overclock.net › Forums › Software, Programming and Coding › Other Software › Trojan Agent Winlogonhook