0

I've scanned with a lot of different Anti-Spyware and Anti-Virus software and none of them can detect anymore. I can't get rid of this Virus Alert on my taskbar, as well as when I go into My Computer, my C: Drive doesn't show up, even though it shows up when I Explore the Start Menu.
Here is my HiJackThis LogFile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10: VIRUS ALERT!, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1955684952-2250001309-4197435364-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Natalie')
O4 - HKUS\S-1-5-21-1955684952-2250001309-4197435364-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Natalie')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O21 - SSODL: eqvwamkl - {F7D30B90-DCFA-4276-BB14-0E550636CB4C} - C:\WINDOWS\eqvwamkl.dll (file missing)
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 2815 bytes

4
Contributors
8
Replies
9
Views
9 Years
Discussion Span
Last Post by jholland1964
0

I'm sorry I forgot to mention that my computer has 3 users on it, and this problem only occurs on two of the users.

0

Did you scan the entire computer...all users included?
Where are the scan logs and others you may have done? We really need to see, and know, what was found, where it was found and how it was removed.

0

Well, I don't have anymore scan logs. I just scaned with rpograms like AVG and Spyware Doctor. Most of them were found in System32 files. I'm sorry, I don't really know much about computers.

0

Well, I don't have anymore scan logs. I just scaned with rpograms like AVG and Spyware Doctor. Most of them were found in System32 files. I'm sorry, I don't really know much about computers.

Please run MBA-M and DSS as per the linky below and post those logs for us and we'll go from there.

Read me before posting a request for assistance

Seeing as it's the weekend, it may take a bit longer to get a reply.

PP :)

0

The MBA-M worked!
Thank you guys so much for helping me!
=)

Glad to hear it! We are happy to help!
MBA-M is an excellent tool - you ought to hang on to it.

You really should post the both logs, though. Often there are additional baddies that need to be addressed. Plus, we can often see weaknesses in you compy's defenses and advise you on how to address them to avoid future problems.

PP :)

0

steve328, you need to begin your OWN thread, rather than posting in another's. Each computer is different, and each problem is different. Make your own thread, give it a title explaining the problem...then in your post be specific about the problem, what scans you have done and the results and post the logs for those scans so maybe we can see why they did and exactly what they removed and for the ones you say didn't work, maybe we can see why they didn't work.
Will be looking for your new thread.
Judy

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.