My pc was recently formatted with OS Windows XP, and before anything i did (following all the instrucions on You Must Read This Before Posting A Hijackthis Log thread and more, as suggested by irealityworldi):
1- Made all Updates;
2- Installed, Updated and scanned AVG7;
3- Installed, Updated and Ad-Aware SE;
4- Installed, Updated and scanned Spybot (and the DSO Exploit Fix);
5- Installed, Updated and scanned CWShredder;
6- Installed, Updated and scanned TDS-3;
7- Scanned Trend Housecall;
8- Installed, Updated and scanned Spyware Docto;
10- Installed, Updated and scanned Spyware Blaster;
11- got rid of IE and installed FireFox;
12- got rid of outlook express and installed Mozilla Thunderbird.
then, and only then, i felt free to roam the internet. But after two (or so) weeks Iīm having two(?) problems with my computer:
1- my system is shutting down on itīs own (a blue screen with some text in white flashes before the system shutts down) and there is no conflict of hardware;
2- Two viruses shows up on AVG7 scan:
Vitus1 -> File Name: Beyond.class || RESULT/INFECTION: Virus identified Java/ByteVerify || PATH: c:\WINDOWS\guilherme\application data\Sun\Java\Deplyment\cache\javapi\v1.0\jar\archive.jar--19a449e5-33991fbd.zip:\Beyond.class
Vitus2 -> File Name: archive.jar-19a449e5-33991fbd.zip || RESULT/INFECTION: Virus identified Java/ByteVerify || PATH: c:\WINDOWS\guilherme\application data\Sun\Java\Deplyment\cache\javapi\v1.0\jar\archive.jar--19a449e5-33991fbd.zip
And on the Trend Housecall scan, those same viruses and more 3 variants appeared, but neither AVG7 or Trend Housecall could fix them
Both CWShredder and [b]TDS-3 shows nothing.
so my last move was to come here begging for help, with nothing else but the Logfile of HijackThis v1.99.0
Scan saved at 12:41:09, on 03/02/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Arquivos de programas\HHVcdV6Sys\VC6SecS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\arquivos de programas\amp winoff\winoff.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\SpywareGuard\sgmain.exe
C:\Arquivos de programas\SpywareGuard\sgbhp.exe
C:\Arquivos de programas\TDS3\tds-3.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\guilherme\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AMP WinOFF] c:\arquivos de programas\amp winoff\winoff.exe -quiet
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Virtual CD v6 Management Service - H+H Software GmbH - C:\Arquivos de programas\HHVcdV6Sys\VC6SecS.exe
Thanks in advance to any good soul that will waste his(hers) time helping me