Got winlogonhook virus / trojan i think

This is not a trojan. It is for Window Media Player. See: http://www.liutilities.com/products/wintaskspro/processlibrary/wmpnetwk/

If you are having a problem with Windows Media Player you will have to post in the Software Forum since it is not a malware problem. But if you just want to get rid of this service from Windows Media Player, try the below.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Windows Media Player Network Sharing Service
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteWMPNetworkSvc into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT and reboot when it tells you it needs to.

You should also run the below since you may have a rootkit like service running.

Download this file - combofix.exe

1. Double click combofix.exe & follow the prompts.
2. When finished, it will produce a log ( C:\combofix.txt ) for you. Attach this log to your next reply See: HOW TO: Attach Items To Your Post

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

 

Your only malware issues are Messenger Plus! Live which we requested that you uninstall in the READ ME. Installing the above is more than likely where you go the Vundo infection that your PC still shows a few residual signs of. Delete the below files if they still exist:

C:\WINDOWS\system32\rtstv.bak1
C:\WINDOWS\system32\rtstv.bak2

Other than the above you have no real malware issues but I do have a few things you should do.

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below folders which may be left behind by the uninstall:
C:\Documents and Settings\HP_Owner\Application Data\Sunbelt Software
C:\Documents and Settings\HP_Owner\Application Data\Uniblue
C:\Program Files\Sunbelt Software


What is the below folder for?
REPAOR 21 Oct 2007 "Repaor"


Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 9

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Did you do what I requested in my last message to remove the service or not? If you did then attach a new HJT log.

We don't want logs from this. It is not useful to us in removing malware since it mostly shows things that have nothing to do with malware and that are not really problems.

 

If you feel comfortable with this scurge of the internet program on your PC then it is your decision. It cannot be trusted and who knows what it will do during any updates. This programs as caused millions of people issues and that is why we don't recommend using it even if you elect not to install the sponsor programs.

Yes this is related to Realtek AC97 Audio however it is not a required process and it monitors your actions. See the below:

http://www.bleepingcomputer.com/startups/Alcxmntr.exe-245.html

http://www.castlecops.com/s180-Alcxmntr_exe.html

Your logs show no signs of any problems other than what I already posted.

What do you require me to do now and what do i need to give you?[/quote]Did you complete all the other instructions? Did you apply the registry patch and was it successfully added?

 

You can try posting in the Software Forum for additional help on this.

Thanks.