mary38483 Posted October 13, 2008 Share Posted October 13, 2008 My computer has recently had virus alert in my task bar next to the clock. I have tried everything i know of to fix this, but nothing has. My background has diappeared, in my start i no longer get my programs, or control panel, or my computer, or run....3 new icons have popped up on my desktop, and I keep messages saying i am infected.I have run Hijack this and this is the results it gives me....Logfile of HijackThis v1.99.1Scan saved at 09:29: VIRUS ALERT!, on 10/13/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\SlipStream Web Accelerator\slipcore.exeC:\WINDOWS\SYSTEM32\USRmlnkA.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\SYSTEM32\USRshutA.exeC:\WINDOWS\SYSTEM32\USRmlnkA.exeC:\Program Files\SlipStream Web Accelerator\slipgui.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\WINDOWS\system32\wpabaln.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\mary\LOCALS~1\Temp\Rar$EX00.281\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400O3 - Toolbar: olnmraew - {C6E98D75-91EE-4EB1-9CE2-047046F30E32} - C:\WINDOWS\olnmraew.dllO3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [slipStream] "C:\Program Files\SlipStream Web Accelerator\slipcore.exe"O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdAO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exeO4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimizedO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quietO4 - Global Startup: Instant Update Reminder.lnk = ?O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipgui.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\gui_resource.dll/327O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\gui_resource.dll/328O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dllO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2C6EAB0D-1A58-41BD-8453-EAB8BAC53A7A}: NameServer = 64.136.173.5 64.136.164.77O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO21 - SSODL: lfstbwvd - {39F839B6-596C-41B7-A906-834AE131C502} - C:\WINDOWS\lfstbwvd.dllO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe Link to comment Share on other sites More sharing options...
jaclaz Posted October 13, 2008 Share Posted October 13, 2008 A useful hijackthis "side" service is this site:http://www.hijackthis.de/where you have an easy to visualize analisys of your log.From it it does not seem that you have much problems.the "questionable items" are below (as coming from "short analisys"):[?] - C:\WINDOWS\SYSTEM32\USRmlnkA.exe[?] - C:\WINDOWS\SYSTEM32\USRmlnkA.exe[?] - O3 - Toolbar: olnmraew - {C6E98D75-91EE-4EB1-9CE2-047046F30E32} - C:\WINDOWS\olnmraew.dll[?] - O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\gui_resource.dll/327[?] - O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\gui_resource.dll/328[?] - O17 - HKLM\System\CCS\Services\Tcpip\..\{2C6EAB0D-1A58-41BD-8453-EAB8BAC53A7A}: NameServer = 64.136.173.5 64.136.164.77[?] - O21 - SSODL: lfstbwvd - {39F839B6-596C-41B7-A906-834AE131C502} - C:\WINDOWS\lfstbwvd.dllOf course only you may know how accurate is the above and what in it may actually be a problem.jaclaz Link to comment Share on other sites More sharing options...
Tarun Posted October 13, 2008 Share Posted October 13, 2008 Your HijackThis version is out of date.Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. After that please repost a your HijackThis log. Link to comment Share on other sites More sharing options...
Stoner81 Posted October 13, 2008 Share Posted October 13, 2008 In my experience this sounds like a rootkit infection in which case you are in some serious trouble try installing NOD32 v2.7 and update it then boot into safe mode and do a complete system scan and that mite do it. If not then I have generally found the only way to remove them is to do a complete format and reinstall your OS Stoner81 Link to comment Share on other sites More sharing options...
mary38483 Posted October 13, 2008 Author Share Posted October 13, 2008 The Slipstream process is my internet accelerator that came with my internet service, and the USR is my modem update reminder.I went and used 2 programs from lunarsoft.net and they have really straightened out my computer ALOT...However it is still showing my time in army time. That i haven't figured out yet. Link to comment Share on other sites More sharing options...
Tarun Posted October 13, 2008 Share Posted October 13, 2008 SUPERAntiSpyware has a setting to reset to the 12 hour clock. Link to comment Share on other sites More sharing options...
twig123 Posted October 13, 2008 Share Posted October 13, 2008 I would have suggested Malwarebytes Anti-Malware... even the free edition rocks! Link to comment Share on other sites More sharing options...
krona Posted October 13, 2008 Share Posted October 13, 2008 I had the same thing happen to my computer and following this workedhttp://miekiemoes.blogspot.com/2008/05/vir...to-restore.htmlgood luck! Link to comment Share on other sites More sharing options...
kooler Posted October 13, 2008 Share Posted October 13, 2008 malwarebytes get rid of it .. i think every vista laptop i worked on in the last 2 months has got that just do a full system scaN with it.. and it will have to reboot to get it off theregood luck Link to comment Share on other sites More sharing options...
Redhatcc Posted November 4, 2008 Share Posted November 4, 2008 Malwarebytes Anti-Malwarevery good program i didnt hear about it until like a month ago but i was impressed.... poor spybot what happened >.< Link to comment Share on other sites More sharing options...
robd Posted November 7, 2008 Share Posted November 7, 2008 +1 for Malware BytesThis sounds reminiscent to the Smitfraud virus I came across about 8 months ago which displayed a message in the system tray. Tarun recommended Malware Bytes and it did the trick then. Solid program. Link to comment Share on other sites More sharing options...
WangoTango Posted November 21, 2008 Share Posted November 21, 2008 (edited) Just by looking at your running processes, it's possible that a Trojan has disguised itself as one of the normal exe's. You might want to download Spybot, run it and see if it finds anything. If it does be shure to check the location of it and what it's called, write it down and delete it. Then go to Start > Run > Type "msconfig" without the quotes > Go to the startup tab. If anything that spybot found is checked, uncheck them. Or anything that looks suspicious look it up at the Startup page. Edited November 21, 2008 by WangoTango Link to comment Share on other sites More sharing options...
Tarun Posted November 21, 2008 Share Posted November 21, 2008 Since we haven't heard from mary in over a month, I'm closing this thread. If mary contacts me about reopening it I will. Link to comment Share on other sites More sharing options...
Recommended Posts