Thread: Sinowal Trojan
View Single Post
Old 12-05-2008, 07:33 AM   #1 (permalink)
ander02
Registered User
 
Join Date: Dec 2008
Posts: 9
OS: XP


Sinowal Trojan
I believe that I have met up with the dreaded sinowal trojan. Here are the logs that you requested. I also have a post into another forum and if they answer first, I will discontinue this one so as not to waste anyone's time. Thanks so much for your help!


DDS (Version 1.0) - NTFSx86
Run by Cory at 8:27:15.29 on Fri 12/05/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.184 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Cory\Application Data\Google\ggqjh22510678.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\Cory\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = localhost
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [vidxhp] "c:\documents and settings\cory\application data\google\ggqjh22510678.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
StartupFolder: c:\docume~1\cory\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\freewe~1.lnk - c:\program files\coffeecup software\coffeecup free ftp\ThirtyDayTimer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - c:\program files\trend micro\tmas\sshook.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-11-17 55024]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB []
R3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-3-15 226304]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\sony\image converter 2\IcVzMon.exe [2006-7-13 32768]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);c:\windows\system32\drivers\CamDrL20.sys [2008-6-25 245760]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-3-15 29184]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB []
S4 Sflopsvopst;Sflopsvopst; []

=============== Created Last 30 ================

2008-12-05 08:16 250 a------- c:\windows\gmer.ini
2008-12-04 19:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-04 19:59 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-04 19:59 <DIR> --d----- c:\docume~1\cory\applic~1\SUPERAntiSpyware.com
2008-12-04 19:58 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-04 19:44 161,792 a------- c:\windows\SWREG.exe
2008-12-04 19:44 98,816 a------- c:\windows\sed.exe
2008-12-04 19:26 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2008-12-04 19:23 <DIR> --d----- c:\windows\ERUNT
2008-12-04 19:19 <DIR> --d----- C:\SDFix
2008-12-04 18:59 32,256 a------- c:\windows\system32\TDSSvuctaorg.dll
2008-12-04 18:59 65,536 a------- c:\windows\system32\drivers\TDSSljecmylt.sys
2008-11-11 19:44 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 19:42 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-11 10:24 43,904 ac------ c:\windows\system32\dllcache\sbp2port.sys
2008-11-11 10:24 43,904 a------- c:\windows\system32\drivers\sbp2port.sys

==================== Find3M ====================

2008-12-04 19:18 <DIR> --d----- c:\program files\Trend Micro
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 06:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 19:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-06-25 18:13 <DIR> --d----- c:\docume~1\cory\applic~1\FotoWire
2008-04-29 21:09 <DIR> --d----- c:\docume~1\cory\applic~1\CoffeeCup Software
2008-04-29 21:02 <DIR> --d----- c:\docume~1\cory\applic~1\CoreFTP
2008-04-04 19:55 <DIR> --d----- c:\docume~1\cory\applic~1\Flickr
2008-03-19 18:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GlobalSCAPE
2008-01-21 16:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2006-11-18 09:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2006-07-13 11:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Corporation
2006-07-13 11:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\VAIO Media Platform
2006-07-13 11:05 <DIR> --d----- c:\docume~1\cory\applic~1\Intuit
2006-07-13 11:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2006-03-15 15:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI

============= FINISH: 8:27:25.15 ===============
Attached Files
File Type: txt Gmer.txt (24.6 KB, 1 views)
File Type: txt Attach.txt (11.9 KB, 0 views)
ander02 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here