[Guig0]

Hi there!

My pc was recently formatted with OS Windows XP, and before anything i did (following all the instrucions on You Must Read This Before Posting A Hijackthis Log thread and more, as suggested by irealityworldi):
1- Made all Updates;
2- Installed, Updated and scanned AVG7;
3- Installed, Updated and Ad-Aware SE;
4- Installed, Updated and scanned Spybot (and the DSO Exploit Fix);
5- Installed, Updated and scanned CWShredder;
6- Installed, Updated and scanned TDS-3;
7- Scanned Trend Housecall;
8- Installed, Updated and scanned Spyware Docto;
10- Installed, Updated and scanned Spyware Blaster;
11- got rid of IE and installed FireFox;
12- got rid of outlook express and installed Mozilla Thunderbird.


then, and only then, i felt free to roam the internet. But after two (or so) weeks I´m having two(?) problems with my computer:

1- my system is shutting down on it´s own (a blue screen with some text in white flashes before the system shutts down) and there is no conflict of hardware;

2- Two viruses shows up on AVG7 scan:
Vitus1 -> File Name: Beyond.class || RESULT/INFECTION: Virus identified Java/ByteVerify || PATH: c:\WINDOWS\guilherme\application data\Sun\Java\Deplyment\cache\javapi\v1.0\jar\archive.jar--19a449e5-33991fbd.zip:\Beyond.class
Vitus2 -> File Name: archive.jar-19a449e5-33991fbd.zip || RESULT/INFECTION: Virus identified Java/ByteVerify || PATH: c:\WINDOWS\guilherme\application data\Sun\Java\Deplyment\cache\javapi\v1.0\jar\archive.jar--19a449e5-33991fbd.zip
And on the Trend Housecall scan, those same viruses and more 3 variants appeared, but neither AVG7 or Trend Housecall could fix them
Both CWShredder and [b]TDS-3 shows nothing.

so my last move was to come here begging for help, with nothing else but the Logfile of HijackThis v1.99.0

Scan saved at 12:41:09, on 03/02/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Arquivos de programas\HHVcdV6Sys\VC6SecS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\arquivos de programas\amp winoff\winoff.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\SpywareGuard\sgmain.exe
C:\Arquivos de programas\SpywareGuard\sgbhp.exe
C:\Arquivos de programas\TDS3\tds-3.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\guilherme\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AMP WinOFF] c:\arquivos de programas\amp winoff\winoff.exe -quiet
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Virtual CD v6 Management Service - H+H Software GmbH - C:\Arquivos de programas\HHVcdV6Sys\VC6SecS.exe



Thanks in advance to any good soul that will waste his(hers) time helping me

[Advertisements]

jsut checking to see if you got this problem solved or not, if you haven't could you please post a new Hijack this with the latest versioni 1.99.1. you can get it at this link

As there has been no response from the original poster, this topic is now closed. If you have any other problems, please post a new topic.

Edited by bananafanafo, 24 April 2005 - 01:51 AM.

[Dragon]

jsut checking to see if you got this problem solved or not, if you haven't could you please post a new Hijack this with the latest versioni 1.99.1. you can get it at this link

As there has been no response from the original poster, this topic is now closed. If you have any other problems, please post a new topic.

Edited by bananafanafo, 24 April 2005 - 01:51 AM.