Backdoor.bitfrose.acs

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Backdoor.bitfrose.acs, AVG anti-spyware found this

Options

millsarrr1 View Member Profile	May 28 2007, 06:59 PM Post #1
Member Group: Members Posts: 18 Joined: 15-July 06 Member No.: 76,344	i ran avg anti-spyware and it found Backdoor.Bitfrose.acs it wouldn't allow me to quarantine it. please help. thanks. Logfile of HijackThis v1.99.1 Scan saved at 5:45:24 PM, on 5/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Roxio\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\wwSecure.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Documents and Settings\millsarrr1\Desktop\utorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178211752376 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178211731376 O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFC8905-8908-4679-9A11-3A558F70F234}: NameServer = 68.87.85.98,68.87.69.146 O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

amateur View Member Profile	May 30 2007, 03:01 PM Post #2
Malware Fighter Group: HJT Team Posts: 2,730 Joined: 19-November 05 From: Rhode Island Member No.: 41,169	Hello and welcome to BC. I cannot see any evidence of malware in the log. Where does your AVG Anti Spyware reports this? Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. -------------------- Amateur ASAP

millsarrr1 View Member Profile	May 30 2007, 10:30 PM Post #3
Member Group: Members Posts: 18 Joined: 15-July 06 Member No.: 76,344	amateur, thanks for taking the time to review this. AVG found this in my D:\System Volume ... Information\_restore it said that it cant be quarantined because it is embedded in the archive D:\System Volume and asks me to quarantine the whole archive. the D drive is my secondary hard drive that i use to store all media and anything i dl. Deckard's System Scanner v20070426.43 Run by millsarrr1 on 2007-05-30 at 20:25:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 32: 2007-05-31 02:25:46 UTC - RP201 - Deckard's System Scanner Restore Point 31: 2007-05-31 02:25:00 UTC - RP200 - pre deckard's system scanner 30: 2007-05-30 08:43:41 UTC - RP199 - System Checkpoint 29: 2007-05-29 07:43:43 UTC - RP198 - System Checkpoint 28: 2007-05-28 07:27:04 UTC - RP197 - System Checkpoint -- First Restore Point -- 1: 2007-05-05 13:03:32 UTC - RP170 - Printer Driver Lexmark 640 Series Installed Performed disk cleanup. -- HijackThis (run as millsarrr1.exe) ------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 8:26:27 PM, on 5/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\system32\wwSecure.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\millsarrr1\Desktop\dss.exe C:\HJT\HIJACK~1\millsarrr1.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178211752376 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178211731376 O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFC8905-8908-4679-9A11-3A558F70F234}: NameServer = 68.87.85.98,68.87.69.146 O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver> R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler> S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing) -- Files created between 2007-04-30 and 2007-05-30 ----------------------------- 2007-05-28 17:35:50 0 d-------- C:\HJT 2007-05-24 19:17:11 0 d-------- C:\Program Files\QuickTime 2007-05-24 19:16:43 0 d-------- C:\Program Files\Xilisoft 2007-05-24 16:18:17 0 dr-h----- C:\Documents and Settings\millsarrr1\Recent 2007-05-23 12:08:53 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Webroot 2007-05-23 12:08:51 0 d-------- C:\Program Files\Webroot 2007-05-23 12:08:51 0 d-------- C:\Program Files\Common Files\Webroot Shared 2007-05-23 12:08:42 487936 --a------ C:\WINDOWS\system32\wwSecure.exe <Not Verified; Webroot Software, Inc.; > 2007-05-23 12:08:41 57344 --a------ C:\WINDOWS\Unwash6.exe <Not Verified; Webroot Software, Inc.; > 2007-05-21 23:18:51 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Help 2007-05-14 23:19:28 0 d-------- C:\Documents and Settings\All Users\Templates 2007-05-10 09:28:52 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith 2007-05-10 09:28:36 0 d-------- C:\Program Files\TechSmith 2007-05-09 17:24:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions 2007-05-09 17:22:16 0 d-------- C:\Program Files\Innovative Solutions 2007-05-09 12:15:33 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\SUPERAntiSpyware.com 2007-05-09 12:15:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-05-09 12:09:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-09 01:13:25 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\vlc 2007-05-09 01:06:14 0 d-------- C:\Program Files\VideoLAN 2007-05-08 11:06:05 0 d-------- C:\Program Files\PeerGuardian2 2007-05-07 22:20:53 0 d-------- C:\Program Files\MSXML 4.0 2007-05-07 21:19:43 0 d-------- C:\WINDOWS\system32\LogFiles 2007-05-07 20:28:35 0 d-------- C:\Program Files\Combined Community Codec Pack 2007-05-06 20:13:07 0 d-------- C:\Documents and Settings\millsarrr1\.housecall6.6 2007-05-06 20:10:01 0 d-------- C:\WINDOWS\Sun 2007-05-06 20:10:01 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Sun 2007-05-06 20:04:56 0 d-------- C:\Program Files\Java 2007-05-06 20:00:09 0 d-------- C:\Program Files\Common Files\Java 2007-05-06 19:23:15 0 d-------- C:\Program Files\SpywareGuard 2007-05-05 19:37:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio 2007-05-05 19:37:51 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Roxio 2007-05-05 19:36:30 0 d-------- C:\Program Files\InterActual 2007-05-05 19:32:58 0 d-------- C:\WINDOWS\system32\DLA 2007-05-05 19:32:38 0 d-------- C:\Program Files\Common Files\LightScribe 2007-05-05 19:31:33 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2007-05-05 19:30:23 0 d-------- C:\Program Files\Common Files\SureThing Shared 2007-05-05 19:28:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic 2007-05-05 19:26:41 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-05-05 19:21:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio 2007-05-05 19:21:02 0 d-------- C:\Program Files\Common Files\Sonic Shared 2007-05-05 19:20:57 0 d-------- C:\Program Files\Roxio 2007-05-05 19:19:52 0 d-------- C:\Program Files\Common Files\Roxio Shared 2007-05-05 19:10:31 0 d-------- C:\Program Files\Common Files\InstallShield 2007-05-05 19:01:54 0 d-------- C:\Program Files\CCleaner 2007-05-05 18:48:33 0 d-------- C:\Program Files\PowerISO 2007-05-05 12:48:24 0 d-------- C:\WINDOWS\system32\appmgmt 2007-05-05 12:47:24 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Leadertech 2007-05-05 07:25:32 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Adobe 2007-05-05 07:25:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-05-05 07:24:25 0 d-------- C:\WINDOWS\Downloaded Installations 2007-05-05 07:12:01 0 d-------- C:\Program Files\Common Files\Adobe 2007-05-05 07:02:26 0 d-------- C:\Program Files\Lexmark 640 Series 2007-05-05 07:02:24 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller> 2007-05-05 07:02:19 0 d-------- C:\Documents and Settings\millsarrr1\WINDOWS 2007-05-04 20:27:23 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Ahead 2007-05-04 18:16:57 0 d-------- C:\WINDOWS\pss 2007-05-04 17:59:39 0 d-------- C:\Documents and Settings\All Users\Application Data\scar5 2007-05-04 17:42:32 335 --a------ C:\WINDOWS\mozregistry.dat 2007-05-04 17:38:55 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Macromedia 2007-05-04 17:38:47 1277 --a------ C:\WINDOWS\mozver.dat 2007-05-04 17:37:12 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\uTorrent 2007-05-04 17:30:47 0 --a------ C:\WINDOWS\nsreg.dat 2007-05-04 17:30:37 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Mozilla 2007-05-04 07:24:26 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\scar5 2007-05-04 07:24:05 0 d-------- C:\Program Files\scar5 2007-05-04 07:21:23 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2007-05-04 07:20:39 0 d-------- C:\Program Files\SpywareBlaster 2007-05-04 06:34:01 0 d-------- C:\WINDOWS\Prefetch 2007-05-03 22:36:35 0 d-------- C:\WINDOWS\provisioning 2007-05-03 22:10:53 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2007-05-03 20:00:28 0 d-------- C:\WINDOWS\PeerNet 2007-05-03 19:44:07 0 d-------- C:\WINDOWS\system32\URTTemp 2007-05-03 18:40:54 0 d-------- C:\WINDOWS\RegisteredPackages 2007-05-03 15:35:48 0 d---s---- C:\WINDOWS\system32\Microsoft 2007-05-03 15:34:21 0 d-------- C:\WINDOWS\system32\PreInstall 2007-05-03 15:34:13 0 d--h----- C:\WINDOWS\$hf_mig$ 2007-05-03 13:48:05 0 d-------- C:\WINDOWS\ServicePackFiles 2007-05-03 13:48:05 0 d-------- C:\WINDOWS\ehome 2007-05-03 12:57:18 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat 2007-05-03 12:31:49 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-05-03 12:31:49 0 d--h---c- C:\WINDOWS\$xpsp1hfm$ 2007-05-03 12:26:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2007-05-03 11:52:45 0 d-------- C:\WINDOWS\system32\bits 2007-05-03 11:06:41 0 d--h----- C:\WINDOWS\msdownld.tmp 2007-05-03 11:06:36 0 d-------- C:\WINDOWS\Windows Update Setup Files 2007-05-03 11:02:29 0 d-------- C:\WINDOWS\SoftwareDistribution 2007-05-03 11:01:49 0 d---s---- C:\Documents and Settings\millsarrr1\UserData 2007-05-03 10:49:36 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver> 2007-05-03 10:49:35 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt> 2007-05-03 10:49:24 0 d-------- C:\Program Files\Sygate 2007-05-03 10:42:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2007-05-03 10:41:59 0 dr------- C:\Documents and Settings\Administrator\Favorites 2007-05-03 10:41:59 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2007-05-03 10:41:59 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-05-03 10:41:59 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-05-03 10:41:58 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-05-03 10:41:58 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-05-03 10:41:58 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-05-03 10:41:58 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2007-05-03 10:41:58 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-05-03 10:41:58 0 dr------- C:\Documents and Settings\Administrator\My Documents 2007-05-03 10:41:58 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-05-03 10:15:05 0 d--hs---- C:\WINDOWS\CSC 2007-05-03 10:10:00 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\U3 2007-05-03 10:05:33 0 d--hs---- C:\WINDOWS\Installer 2007-05-03 10:05:27 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Identities 2007-05-03 10:05:11 0 d--h----- C:\Documents and Settings\millsarrr1\Templates 2007-05-03 10:05:11 0 dr------- C:\Documents and Settings\millsarrr1\Start Menu 2007-05-03 10:05:11 0 dr-h----- C:\Documents and Settings\millsarrr1\SendTo 2007-05-03 10:05:11 0 d--h----- C:\Documents and Settings\millsarrr1\PrintHood 2007-05-03 10:05:11 2359296 --ah----- C:\Documents and Settings\millsarrr1\NTUSER.DAT 2007-05-03 10:05:11 0 d--h----- C:\Documents and Settings\millsarrr1\NetHood 2007-05-03 10:05:11 0 dr------- C:\Documents and Settings\millsarrr1\My Documents 2007-05-03 10:05:11 0 d--h----- C:\Documents and Settings\millsarrr1\Local Settings 2007-05-03 10:05:11 0 dr------- C:\Documents and Settings\millsarrr1\Favorites 2007-05-03 10:05:11 0 d-------- C:\Documents and Settings\millsarrr1\Desktop 2007-05-03 10:05:11 0 d---s---- C:\Documents and Settings\millsarrr1\Cookies 2007-05-03 10:05:11 0 dr-h----- C:\Documents and Settings\millsarrr1\Application Data 2007-05-03 10:01:25 0 d--hs---- C:\System Volume Information 2007-05-03 10:01:15 237568 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2007-05-03 10:01:15 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2007-05-03 10:01:15 0 d---s---- C:\Documents and Settings\LocalService\Cookies 2007-05-03 10:01:15 0 d-------- C:\Documents and Settings\LocalService\Application Data 2007-05-03 10:01:15 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2007-05-03 10:01:14 237568 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2007-05-03 10:01:14 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2007-05-03 10:01:14 0 d---s---- C:\Documents and Settings\NetworkService\Cookies 2007-05-03 10:01:14 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2007-05-03 10:01:14 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2007-05-03 09:54:05 0 d-------- C:\WINDOWS\system32\xircom 2007-05-03 09:54:04 0 d-------- C:\Program Files\microsoft frontpage 2007-05-03 09:53:10 237568 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT 2007-05-03 09:52:58 0 -rahs---- C:\MSDOS.SYS 2007-05-03 09:52:58 0 -rahs---- C:\IO.SYS 2007-05-03 09:52:58 0 --a------ C:\CONFIG.SYS 2007-05-03 09:52:58 0 --a------ C:\AUTOEXEC.BAT 2007-05-03 09:50:26 0 d--hs---- C:\Documents and Settings\All Users\DRM 2007-05-03 09:49:58 0 dr------- C:\WINDOWS\Offline Web Pages 2007-05-03 09:49:58 0 d---s---- C:\WINDOWS\Downloaded Program Files 2007-05-03 09:48:57 0 d-------- C:\WINDOWS\srchasst 2007-05-03 09:48:32 0 d-------- C:\WINDOWS\system32\DirectX 2007-05-03 09:48:31 0 d-------- C:\WINDOWS\system32\Macromed 2007-05-03 09:48:12 0 d-------- C:\Program Files\Movie Maker 2007-05-03 09:47:19 0 d-------- C:\WINDOWS\system32\Restore 2007-05-03 09:47:11 0 d-------- C:\WINDOWS\PCHEALTH 2007-05-03 09:47:01 0 d---s---- C:\WINDOWS\Tasks 2007-05-03 09:46:57 0 d-------- C:\Program Files\Common Files\MSSoap 2007-05-03 09:45:39 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-05-03 09:45:10 0 d-------- C:\WINDOWS\Registration 2007-05-03 09:44:57 0 d--h----- C:\Program Files\WindowsUpdate 2007-05-03 09:44:57 0 d-------- C:\Program Files\Online Services 2007-05-03 09:44:44 0 d-------- C:\Program Files\Messenger 2007-05-03 09:44:24 0 d-------- C:\Program Files\MSN Gaming Zone 2007-05-03 09:43:59 0 d-------- C:\Program Files\Windows NT 2007-05-03 09:43:36 0 d-------- C:\WINDOWS\system32\MsDtc 2007-05-03 09:43:32 0 d-------- C:\WINDOWS\system32\Com 2007-05-03 03:29:15 0 d-------- C:\Program Files\Common Files\ODBC 2007-05-03 03:29:08 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-05-03 03:29:07 0 dr------- C:\Program Files 2007-05-03 03:28:32 0 d--h----- C:\Documents and Settings\Default User\Templates 2007-05-03 03:28:32 0 dr------- C:\Documents and Settings\Default User\Start Menu 2007-05-03 03:28:32 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2007-05-03 03:28:32 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2007-05-03 03:28:32 0 d---s---- C:\Documents and Settings\Default User\Cookies 2007-05-03 03:28:32 0 dr------- C:\Documents and Settings\All Users\Start Menu 2007-05-03 03:28:32 0 d-------- C:\Documents and Settings\All Users\Favorites 2007-05-03 03:28:32 0 dr------- C:\Documents and Settings\All Users\Documents 2007-05-03 03:28:32 0 d-------- C:\Documents and Settings\All Users\Desktop 2007-05-03 03:28:11 0 d-------- C:\WINDOWS\system32\CatRoot2 2007-05-03 03:28:11 0 d-------- C:\WINDOWS\system32\CatRoot 2007-05-03 03:28:05 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2007-05-03 03:28:05 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2007-05-03 03:28:04 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2007-05-03 03:28:04 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2007-05-03 03:27:45 0 d-------- C:\Documents and Settings 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\WinSxS 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\usmt 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\inetsrv 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\IME 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\3com_dmi 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\3076 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\2052 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1054 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1042 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1041 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1037 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1033 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1031 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1028 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1025 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\mui 2007-05-03 03:17:04 0 d-------- C:\WINDOWS\ime 2007-05-03 03:17:03 0 d-------- C:\WINDOWS 2007-05-03 03:17:03 0 dr------- C:\WINDOWS\Web 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\twain_32 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\wins 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\wbem 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\spool 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\ShellExt 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\Setup 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\ras 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\oobe 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\npp 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\mui 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\icsxml 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\ias 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\export 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\drivers 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\drivers\etc 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\drivers\disdn 2007-05-03 03:17:03 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\dhcp 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\config 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\security 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Resources 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\repair 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\msapps 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\msagent 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Media 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\java 2007-05-03 03:17:03 0 d--h----- C:\WINDOWS\inf 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Help 2007-05-03 03:17:03 0 dr--s---- C:\WINDOWS\Fonts 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Driver Cache 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Debug 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Cursors 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Connection Wizard 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Config 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\AppPatch 2007-05-03 03:17:03 0 d-------- C:\WINDOWS\addins -- Find3M Report --------------------------------------------------------------- 2007-05-03 03:28:32 62 --ahs---- C:\Documents and Settings\millsarrr1\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE" "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE " "item"="Adobe Reader Synchronizer" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgas" "hkey"="HKLM" "command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NMBgMonitor" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DMXLauncher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Roxio\\Media Experience\\DMXLauncher.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PWRISOVM" "hkey"="HKLM" "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DrgToDsc" "hkey"="HKLM" "command"="\"C:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RoxWatchTray9" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SUPERAntiSpyware" "hkey"="HKCU" "command"="D:\\Downloads\\Utorrent2\\SUPERAntiSpyware Professional 3.7.0.1018\\Fixed exe\\SUPERAntiSpyware.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 -- End of Deckard's System Scanner: finished at 2007-05-30 at 20:32:14 --------- i apologize if the attachment didn't work right, i haven't used that function on this forum before. i previewed the post and didn't see it but the manage current attachments says that its there. Attached File(s) extra.txt ( 5.31k ) Number of downloads: 2

amateur View Member Profile	May 31 2007, 07:57 AM Post #4
Malware Fighter Group: HJT Team Posts: 2,730 Joined: 19-November 05 From: Rhode Island Member No.: 41,169	Hi, Hi, Your logs are clean. Go to Start>Run and type sysdm.cpl. Press Enter Select the System Restore Tab Place a check in "Turn off System Restore on all drives" Click Apply next, uncheck the same checkbox. Click Apply Click OK You can also find instructions on how to disable and re enable system restore here: Windows XP System Restore Guide AVG should not report it anymore. -------------------- Amateur ASAP

millsarrr1 View Member Profile	May 31 2007, 11:32 AM Post #5
Member Group: Members Posts: 18 Joined: 15-July 06 Member No.: 76,344	Thanks amateur, that worked. If you have a minute could you give me a brief explanation of why disabling and enabling the system restore would get rid of that and also why AVG would report that in the first place. Thanks, i appreciate your help.

amateur View Member Profile	May 31 2007, 01:04 PM Post #6
Malware Fighter Group: HJT Team Posts: 2,730 Joined: 19-November 05 From: Rhode Island Member No.: 41,169	Hi, Windows regularly sets restorepoints, something like an image of your system. It doesn't know the difference between bad files and the good ones. If you put Windows back to such a restorepoint, the malware present at that time will be put back. We flushed the old restore points and made a new clean one. AVG scans the whole system, including the system restore and reports whatever and wherever it finds anything suspicious/infected. A colleague of ours has excellent information and tips on the prevention of malware *here* and more on improving speed/system performance after malware removal *here* , if you'd like to have a look. Happy Surfing! -------------------- Amateur ASAP

amateur View Member Profile	Jun 6 2007, 09:10 PM Post #7
Malware Fighter Group: HJT Team Posts: 2,730 Joined: 19-November 05 From: Rhode Island Member No.: 41,169	Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread, and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Amateur ASAP

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides