my pc seems badly infested, please help

  1. 21-07-2007  #1
    pinkangel
    pinkangel is offline Newbie

    my pc seems badly infested, please help

    Hello again..
    the antivirus programme i use said today after a scan it found 48 trojans/viruses, can this be right.. also i'm getting loads and loads of annoying popups and lots of times internet explorer doesn't load.

    this is my hijack this log..

    Logfile of HijackThis v1.99.1
    Scan saved at 19:29:28, on 21/07/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\qwerty12.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\System32\spoolsvc.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\pinkangel\Desktop\Angel\Desktop\HijackThi s.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toucan.com/jump/redir.asp?id=205
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\ssqrpqq.dll (file missing)
    O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\System32\tmp7.tmp.dll
    O2 - BHO: (no name) - {96265760-F966-451C-904C-CAE8AF4007F4} - C:\WINDOWS\System32\ddabc.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll
    O2 - BHO: (no name) - {da390f57-5731-41f5-a4ac-d774c32800f1} - C:\WINDOWS\system32\lpqres.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
    O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\pzwqm.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [388529725448] AutomaticUpdates.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
    O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
    O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
    O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
    O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
    O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{87EB032A-D07B-427D-AC5F-E715DF432FDE}: NameServer = 212.139.132.52 212.139.132.53
    O20 - AppInit_DLLs: c:\windows\system32\rqrpppn.dll
    O20 - Winlogon Notify: byxwxvu - C:\WINDOWS\
    O20 - Winlogon Notify: ddabc - C:\WINDOWS\System32\ddabc.dll (file missing)
    O20 - Winlogon Notify: lpqres - C:\WINDOWS\SYSTEM32\lpqres.dll
    O20 - Winlogon Notify: qomkjhg - C:\WINDOWS\
    O20 - Winlogon Notify: ssqrpqq - ssqrpqq.dll (file missing)
    O20 - Winlogon Notify: xxyawvw - xxyawvw.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\qwerty12.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

  3. 22-07-2007  #2
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Welcome,


    There is bad news and then there is even worst news.

    You do not even have any service packs/microsoft security updates and that is the reason your PC is so infected.

    Go here if you decide to do so:

    http://www.microsoft.com/windowsxp/d...1/default.mspx get service pack 1a, if you don't then there isn't anything we can do to help you as your computer will become infected again very quickly.

    Also, the trojans you have, have control of your computer and can do a lot of things to it...



    You have been infected by several Trojan horses with rootkit abilities that download and execute remote files and sends confidential computer information to a remote attacker. The Trojans also allow a remote attacker to perform various unauthorized actions on the compromised computer.

    Its very possible that anything could have been installed on your computer by the remote attacker, including opening other backdoors and installing other rootkits. While we can attempt to clean what we see in your logs, we can't guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer. Your computer could be completely compromised at this moment. The best advice we can give you is to backup your information, reformat, and reinstall.

    I also recommend that you disconnect this machine from the internet NOW!

    1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

    2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

    3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

    Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.


    The choice is yours but rest assured your computer is compromised and may never be entirely clean.


    If you want to continue go get service pack 1a and come back and post a new hijackthis log. Thanks.
+ Reply to Thread
« Services Problems | Symantec Con Job »