[Fausimo]

My computer restarts alone every time i try to scan.
I followed a couple of the threads in wich you help. (avg antispyware, cleanup!, and hyjackthis)

i did scans with avg antivirus, anti spyware and online scans but just before the end of the scan avg sends a virus page and before i can read it the computer reboots on its own then does a system restore(even if avg is closed it just doesnt notice).

The avg vault says that i have -Downloader.Tibs -Trojan horse downloader generic(.tsv,.ell, etc.) -trojan horse collected.z

 

[Fausimo]

Thanx in advance for any help that anyone could give me

 

[Fausimo]

Here's the hjt log

Logfile of HijackThis v1.99.1
Scan saved at 10:57:07 AM, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\TweakNow PowerPack\CDAuto.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\StatBar.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Exploiter/Exploder
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Transparent] C:\Program Files\TweakNow PowerPack\Transparent.exe 181
O4 - HKLM\..\Run: [CD Autorun] C:\Program Files\TweakNow PowerPack\CDAuto.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Stat Bar 2.46.lnk = C:\StatBar.exe
O4 - Startup: Winamp Agent.lnk = C:\Program Files\Winamp\winampa.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.carbonspace.com/bin/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.0.0812.00.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

 

[Fausimo]

i finally got to do a complete scan with avg anti-spyware here are the results

C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP95\A0013297.exe -> Adware.Relevant : Ignored.
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP143\A0020236.dll -> Adware.Solution : Ignored.
C:\Program Files\Rockstar Games\GTA San Andreas\HLM-INTR.EXE -> Backdoor.Hupigon.kg : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S9YVCPEV\null[2].jpg -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP170\A0025426.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP170\A0025423.exe -> Not-A-Virus.Hoax.Win32.Renos.gc : Ignored.
C:\Serials and cracks\CuteFTP_v6.xx_Pro.zip/patch.exe -> Trojan.Delf.li : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP172\A0025453.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP176\A0025511.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP178\A0025539.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP180\A0025565.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP186\A0025652.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP190\A0025696.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP192\A0025718.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP195\A0025768.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP197\A0026837.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP203\A0027030.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP205\A0027075.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP207\A0027109.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP209\A0027144.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\a.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP170\A0025421.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP170\A0025422.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP170\A0025424.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE5C789-92B4-4B89-9354-4B26DDD37ADA}\RP170\A0025425.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).


::Report end

:4-dontkno

 

[Fausimo]

UHM i think its okay well i think i went through it by myself
there was a run on startup file i had to delete and now i can do all the scans i need