Multiple Issues

T

TopNotchDew

New member
ok heres what went bad one day. friend got on my computer and bugged it up...BAD. now im sitting here wondering what to do with the major files that your S&D found on my system. I have run the check several times and they keep on coming back no matter how many times i swing my bat at them.

Here are the names of the little buggers:
-SystemDoctor2006
-Troj.PrintSpool
-Virtumonde
-Smitfraud-C. Toolbar888
-Winsoftware.WinAntiVirusPro2006

Now these have been up for a few weeks now and i have had no luck on any removal app that i can find.

What i have checked with is:
-Ad-Aware
-VundoFix
-Avast Antivirus
-S&D

Ok i know you prolly dont want to know my security programs inside and out so here is my Hijackthis log. Thank you for viewing my info. :bigthumb:




Logfile of HijackThis v1.99.1
Scan saved at 4:40:16 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Config\service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\jbqb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Aaron\My Documents\HijackThis\HijackThis.exe

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nznnhinbz] C:\WINDOWS\system32\nznnhinbz.exe
O4 - HKLM\..\Run: [pyoojkoagk] C:\WINDOWS\system32\pyoojkoagk.exe
O4 - HKLM\..\Run: [lpz] C:\WINDOWS\system32\lpz.exe
O4 - HKLM\..\Run: [m] C:\WINDOWS\system32\m.exe
O4 - HKLM\..\Run: [tahghkptdao] C:\WINDOWS\system32\tahghkptdao.exe
O4 - HKLM\..\Run: [rgcwogkm] C:\WINDOWS\system32\rgcwogkm.exe
O4 - HKLM\..\Run: [znnr] C:\WINDOWS\system32\znnr.exe
O4 - HKLM\..\Run: [bfrci] C:\WINDOWS\system32\bfrci.exe
O4 - HKLM\..\Run: [helkaqo] C:\WINDOWS\system32\helkaqo.exe
O4 - HKLM\..\Run: [jbqb] C:\WINDOWS\system32\jbqb.exe
O4 - HKLM\..\Run: [d] C:\WINDOWS\system32\d.exe
O4 - HKLM\..\Run: [ba] C:\WINDOWS\system32\ba.exe
O4 - HKLM\..\Run: [x] C:\WINDOWS\system32\x.exe
O4 - HKLM\..\Run: [knjdrrkx] C:\WINDOWS\system32\knjdrrkx.exe
O4 - HKLM\..\Run: [gao] C:\WINDOWS\system32\gao.exe
O4 - HKLM\..\Run: [bawomtr] C:\WINDOWS\system32\bawomtr.exe
O4 - HKLM\..\Run: [gpskjrrpw] C:\WINDOWS\system32\gpskjrrpw.exe
O4 - HKLM\..\Run: [ihjh] C:\WINDOWS\system32\ihjh.exe
O4 - HKLM\..\Run: [kafqxoias] C:\WINDOWS\system32\kafqxoias.exe
O4 - HKLM\..\Run: [pyobrzkqe] C:\WINDOWS\system32\pyobrzkqe.exe
O4 - HKLM\..\Run: [qgyvnxawx] C:\WINDOWS\system32\qgyvnxawx.exe
O4 - HKLM\..\Run: [eypthl] C:\WINDOWS\system32\eypthl.exe
O4 - HKLM\..\Run: [zcmrpkzts] C:\WINDOWS\system32\zcmrpkzts.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\olypblsa.dll",realset
O4 - HKLM\..\Run: [kbwzgsk] C:\WINDOWS\system32\kbwzgsk.exe
O4 - HKLM\..\Run: [j2281732] rundll32 C:\WINDOWS\system32\j2281732.dll sook
O4 - HKLM\..\Run: [sce] C:\WINDOWS\system32\sce.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe
O23 - Service: Print Spooler Service (ua5rzahjo) - Unknown owner - C:\WINDOWS\system32\oltzpxyxsb.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)
 
Hi TopNotchDew

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
 
Ok i guess im gonna take the recomended approach and wipe my computer because although i do no banking with this machine the detected problem i can tell have taken a toll on my computers speed and thats not to good when it comes to gaming PCs. I just need to know what i can do to try to save all of my personal things on my computer like movies and pictures and such. Because a few of them i will not be able to replace. And then i am still not overly confident with my understanding of the computer outside of an OS. So i might need some tips on makeing a safe wipe of my hard drive and getting my system up and running at almost completely healthy. THX :D
 
Hi

"I just need to know what i can do to try to save all of my personal things on my computer like movies and pictures and such. Because a few of them i will not be able to replace."

You don't have any backups?

As for reformatting windows, see here
 
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top