Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.bitfrose.acs


  • This topic is locked This topic is locked
6 replies to this topic

#1 millsarrr1

millsarrr1

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 28 May 2007 - 06:59 PM

i ran avg anti-spyware and it found Backdoor.Bitfrose.acs it wouldn't allow me to quarantine it. please help. thanks.

Logfile of HijackThis v1.99.1
Scan saved at 5:45:24 PM, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Documents and Settings\millsarrr1\Desktop\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178211752376
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178211731376
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFC8905-8908-4679-9A11-3A558F70F234}: NameServer = 68.87.85.98,68.87.69.146
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:44 AM

Posted 30 May 2007 - 03:01 PM

Hello and welcome to BC.

I cannot see any evidence of malware in the log. Where does your AVG Anti Spyware reports this?

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  • Please attach extra.txt to your post.
To attach a file to a new post, simply
  • Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  • copy and paste the following into the "Upload File from your Computer" box:

    C:\Deckard\System Scanner\extra.txt

  • Click Upload.


#3 millsarrr1

millsarrr1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 30 May 2007 - 10:30 PM

amateur, thanks for taking the time to review this. AVG found this in my D:\System Volume ... Information\_restore
it said that it cant be quarantined because it is embedded in the archive D:\System Volume and asks me to quarantine the whole archive. the D drive is my secondary hard drive that i use to store all media and anything i dl.

Deckard's System Scanner v20070426.43
Run by millsarrr1 on 2007-05-30 at 20:25:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
32: 2007-05-31 02:25:46 UTC - RP201 - Deckard's System Scanner Restore Point
31: 2007-05-31 02:25:00 UTC - RP200 - pre deckard's system scanner
30: 2007-05-30 08:43:41 UTC - RP199 - System Checkpoint
29: 2007-05-29 07:43:43 UTC - RP198 - System Checkpoint
28: 2007-05-28 07:27:04 UTC - RP197 - System Checkpoint


-- First Restore Point --
1: 2007-05-05 13:03:32 UTC - RP170 - Printer Driver Lexmark 640 Series Installed


Performed disk cleanup.


-- HijackThis (run as millsarrr1.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:26:27 PM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\millsarrr1\Desktop\dss.exe
C:\HJT\HIJACK~1\millsarrr1.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178211752376
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178211731376
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFC8905-8908-4679-9A11-3A558F70F234}: NameServer = 68.87.85.98,68.87.69.146
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Files created between 2007-04-30 and 2007-05-30 -----------------------------

2007-05-28 17:35:50 0 d-------- C:\HJT
2007-05-24 19:17:11 0 d-------- C:\Program Files\QuickTime
2007-05-24 19:16:43 0 d-------- C:\Program Files\Xilisoft
2007-05-24 16:18:17 0 dr-h----- C:\Documents and Settings\millsarrr1\Recent
2007-05-23 12:08:53 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Webroot
2007-05-23 12:08:51 0 d-------- C:\Program Files\Webroot
2007-05-23 12:08:51 0 d-------- C:\Program Files\Common Files\Webroot Shared
2007-05-23 12:08:42 487936 --a------ C:\WINDOWS\system32\wwSecure.exe <Not Verified; Webroot Software, Inc.; >
2007-05-23 12:08:41 57344 --a------ C:\WINDOWS\Unwash6.exe <Not Verified; Webroot Software, Inc.; >
2007-05-21 23:18:51 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Help
2007-05-14 23:19:28 0 d-------- C:\Documents and Settings\All Users\Templates
2007-05-10 09:28:52 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2007-05-10 09:28:36 0 d-------- C:\Program Files\TechSmith
2007-05-09 17:24:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2007-05-09 17:22:16 0 d-------- C:\Program Files\Innovative Solutions
2007-05-09 12:15:33 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\SUPERAntiSpyware.com
2007-05-09 12:15:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-05-09 12:09:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-09 01:13:25 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\vlc
2007-05-09 01:06:14 0 d-------- C:\Program Files\VideoLAN
2007-05-08 11:06:05 0 d-------- C:\Program Files\PeerGuardian2
2007-05-07 22:20:53 0 d-------- C:\Program Files\MSXML 4.0
2007-05-07 21:19:43 0 d-------- C:\WINDOWS\system32\LogFiles
2007-05-07 20:28:35 0 d-------- C:\Program Files\Combined Community Codec Pack
2007-05-06 20:13:07 0 d-------- C:\Documents and Settings\millsarrr1\.housecall6.6
2007-05-06 20:10:01 0 d-------- C:\WINDOWS\Sun
2007-05-06 20:10:01 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Sun
2007-05-06 20:04:56 0 d-------- C:\Program Files\Java
2007-05-06 20:00:09 0 d-------- C:\Program Files\Common Files\Java
2007-05-06 19:23:15 0 d-------- C:\Program Files\SpywareGuard
2007-05-05 19:37:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2007-05-05 19:37:51 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Roxio
2007-05-05 19:36:30 0 d-------- C:\Program Files\InterActual
2007-05-05 19:32:58 0 d-------- C:\WINDOWS\system32\DLA
2007-05-05 19:32:38 0 d-------- C:\Program Files\Common Files\LightScribe
2007-05-05 19:31:33 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-05-05 19:30:23 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-05-05 19:28:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-05-05 19:26:41 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-05-05 19:21:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2007-05-05 19:21:02 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-05-05 19:20:57 0 d-------- C:\Program Files\Roxio
2007-05-05 19:19:52 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-05-05 19:10:31 0 d-------- C:\Program Files\Common Files\InstallShield
2007-05-05 19:01:54 0 d-------- C:\Program Files\CCleaner
2007-05-05 18:48:33 0 d-------- C:\Program Files\PowerISO
2007-05-05 12:48:24 0 d-------- C:\WINDOWS\system32\appmgmt
2007-05-05 12:47:24 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Leadertech
2007-05-05 07:25:32 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Adobe
2007-05-05 07:25:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-05-05 07:24:25 0 d-------- C:\WINDOWS\Downloaded Installations
2007-05-05 07:12:01 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-05 07:02:26 0 d-------- C:\Program Files\Lexmark 640 Series
2007-05-05 07:02:24 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-05-05 07:02:19 0 d-------- C:\Documents and Settings\millsarrr1\WINDOWS
2007-05-04 20:27:23 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Ahead
2007-05-04 18:16:57 0 d-------- C:\WINDOWS\pss
2007-05-04 17:59:39 0 d-------- C:\Documents and Settings\All Users\Application Data\scar5
2007-05-04 17:42:32 335 --a------ C:\WINDOWS\mozregistry.dat
2007-05-04 17:38:55 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Macromedia
2007-05-04 17:38:47 1277 --a------ C:\WINDOWS\mozver.dat
2007-05-04 17:37:12 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\uTorrent
2007-05-04 17:30:47 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-04 17:30:37 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Mozilla
2007-05-04 07:24:26 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\scar5
2007-05-04 07:24:05 0 d-------- C:\Program Files\scar5
2007-05-04 07:21:23 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-05-04 07:20:39 0 d-------- C:\Program Files\SpywareBlaster
2007-05-04 06:34:01 0 d-------- C:\WINDOWS\Prefetch
2007-05-03 22:36:35 0 d-------- C:\WINDOWS\provisioning
2007-05-03 22:10:53 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-03 20:00:28 0 d-------- C:\WINDOWS\PeerNet
2007-05-03 19:44:07 0 d-------- C:\WINDOWS\system32\URTTemp
2007-05-03 18:40:54 0 d-------- C:\WINDOWS\RegisteredPackages
2007-05-03 15:35:48 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-05-03 15:34:21 0 d-------- C:\WINDOWS\system32\PreInstall
2007-05-03 15:34:13 0 d--h----- C:\WINDOWS\$hf_mig$
2007-05-03 13:48:05 0 d-------- C:\WINDOWS\ServicePackFiles
2007-05-03 13:48:05 0 d-------- C:\WINDOWS\ehome
2007-05-03 12:57:18 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-05-03 12:31:49 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-03 12:31:49 0 d--h---c- C:\WINDOWS\$xpsp1hfm$
2007-05-03 12:26:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-05-03 11:52:45 0 d-------- C:\WINDOWS\system32\bits
2007-05-03 11:06:41 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-05-03 11:06:36 0 d-------- C:\WINDOWS\Windows Update Setup Files
2007-05-03 11:02:29 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-05-03 11:01:49 0 d---s---- C:\Documents and Settings\millsarrr1\UserData
2007-05-03 10:49:36 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2007-05-03 10:49:35 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2007-05-03 10:49:24 0 d-------- C:\Program Files\Sygate
2007-05-03 10:42:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-05-03 10:41:59 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-05-03 10:41:59 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-05-03 10:41:59 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-05-03 10:41:59 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-05-03 10:41:58 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-05-03 10:41:58 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-05-03 10:41:58 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-05-03 10:41:58 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-05-03 10:41:58 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-05-03 10:41:58 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-05-03 10:41:58 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-05-03 10:15:05 0 d--hs---- C:\WINDOWS\CSC
2007-05-03 10:10:00 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\U3
2007-05-03 10:05:33 0 d--hs---- C:\WINDOWS\Installer
2007-05-03 10:05:27 0 d-------- C:\Documents and Settings\millsarrr1\Application Data\Identities
2007-05-03 10:05:11 0 d--h----- C:\Documents and Settings\millsarrr1\Templates
2007-05-03 10:05:11 0 dr------- C:\Documents and Settings\millsarrr1\Start Menu
2007-05-03 10:05:11 0 dr-h----- C:\Documents and Settings\millsarrr1\SendTo
2007-05-03 10:05:11 0 d--h----- C:\Documents and Settings\millsarrr1\PrintHood
2007-05-03 10:05:11 2359296 --ah----- C:\Documents and Settings\millsarrr1\NTUSER.DAT
2007-05-03 10:05:11 0 d--h----- C:\Documents and Settings\millsarrr1\NetHood
2007-05-03 10:05:11 0 dr------- C:\Documents and Settings\millsarrr1\My Documents
2007-05-03 10:05:11 0 d--h----- C:\Documents and Settings\millsarrr1\Local Settings
2007-05-03 10:05:11 0 dr------- C:\Documents and Settings\millsarrr1\Favorites
2007-05-03 10:05:11 0 d-------- C:\Documents and Settings\millsarrr1\Desktop
2007-05-03 10:05:11 0 d---s---- C:\Documents and Settings\millsarrr1\Cookies
2007-05-03 10:05:11 0 dr-h----- C:\Documents and Settings\millsarrr1\Application Data
2007-05-03 10:01:25 0 d--hs---- C:\System Volume Information
2007-05-03 10:01:15 237568 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-05-03 10:01:15 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-05-03 10:01:15 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-05-03 10:01:15 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-05-03 10:01:15 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-05-03 10:01:14 237568 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-05-03 10:01:14 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-05-03 10:01:14 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-05-03 10:01:14 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-05-03 10:01:14 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-05-03 09:54:05 0 d-------- C:\WINDOWS\system32\xircom
2007-05-03 09:54:04 0 d-------- C:\Program Files\microsoft frontpage
2007-05-03 09:53:10 237568 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-05-03 09:52:58 0 -rahs---- C:\MSDOS.SYS
2007-05-03 09:52:58 0 -rahs---- C:\IO.SYS
2007-05-03 09:52:58 0 --a------ C:\CONFIG.SYS
2007-05-03 09:52:58 0 --a------ C:\AUTOEXEC.BAT
2007-05-03 09:50:26 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-05-03 09:49:58 0 dr------- C:\WINDOWS\Offline Web Pages
2007-05-03 09:49:58 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-03 09:48:57 0 d-------- C:\WINDOWS\srchasst
2007-05-03 09:48:32 0 d-------- C:\WINDOWS\system32\DirectX
2007-05-03 09:48:31 0 d-------- C:\WINDOWS\system32\Macromed
2007-05-03 09:48:12 0 d-------- C:\Program Files\Movie Maker
2007-05-03 09:47:19 0 d-------- C:\WINDOWS\system32\Restore
2007-05-03 09:47:11 0 d-------- C:\WINDOWS\PCHEALTH
2007-05-03 09:47:01 0 d---s---- C:\WINDOWS\Tasks
2007-05-03 09:46:57 0 d-------- C:\Program Files\Common Files\MSSoap
2007-05-03 09:45:39 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-03 09:45:10 0 d-------- C:\WINDOWS\Registration
2007-05-03 09:44:57 0 d--h----- C:\Program Files\WindowsUpdate
2007-05-03 09:44:57 0 d-------- C:\Program Files\Online Services
2007-05-03 09:44:44 0 d-------- C:\Program Files\Messenger
2007-05-03 09:44:24 0 d-------- C:\Program Files\MSN Gaming Zone
2007-05-03 09:43:59 0 d-------- C:\Program Files\Windows NT
2007-05-03 09:43:36 0 d-------- C:\WINDOWS\system32\MsDtc
2007-05-03 09:43:32 0 d-------- C:\WINDOWS\system32\Com
2007-05-03 03:29:15 0 d-------- C:\Program Files\Common Files\ODBC
2007-05-03 03:29:08 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-03 03:29:07 0 dr------- C:\Program Files
2007-05-03 03:28:32 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-05-03 03:28:32 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-05-03 03:28:32 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-05-03 03:28:32 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-05-03 03:28:32 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-05-03 03:28:32 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-05-03 03:28:32 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-05-03 03:28:32 0 dr------- C:\Documents and Settings\All Users\Documents
2007-05-03 03:28:32 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-05-03 03:28:11 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-05-03 03:28:11 0 d-------- C:\WINDOWS\system32\CatRoot
2007-05-03 03:28:05 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-05-03 03:28:05 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-05-03 03:28:04 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-05-03 03:28:04 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-05-03 03:27:45 0 d-------- C:\Documents and Settings
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\WinSxS
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\usmt
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\inetsrv
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\IME
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\3076
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\2052
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1054
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1042
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1041
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1037
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1033
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1031
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1028
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\system32\1025
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\mui
2007-05-03 03:17:04 0 d-------- C:\WINDOWS\ime
2007-05-03 03:17:03 0 d-------- C:\WINDOWS
2007-05-03 03:17:03 0 dr------- C:\WINDOWS\Web
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\twain_32
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\wins
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\wbem
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\spool
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\ShellExt
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\Setup
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\ras
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\oobe
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\npp
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\mui
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\icsxml
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\ias
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\export
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\drivers
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-03 03:17:03 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\dhcp
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system32\config
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\system
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\security
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Resources
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\repair
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\msapps
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\msagent
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Media
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\java
2007-05-03 03:17:03 0 d--h----- C:\WINDOWS\inf
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Help
2007-05-03 03:17:03 0 dr--s---- C:\WINDOWS\Fonts
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Driver Cache
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Debug
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Cursors
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Connection Wizard
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\Config
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\AppPatch
2007-05-03 03:17:03 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-05-03 03:28:32 62 --ahs---- C:\Documents and Settings\millsarrr1\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DMXLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Media Experience\\DMXLauncher.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RoxWatchTray9"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="D:\\Downloads\\Utorrent2\\SUPERAntiSpyware Professional 3.7.0.1018\\Fixed exe\\SUPERAntiSpyware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-05-30 at 20:32:14 ---------




i apologize if the attachment didn't work right, i haven't used that function on this forum before. i previewed the post and didn't see it but the manage current attachments says that its there.

Attached Files



#4 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:44 AM

Posted 31 May 2007 - 07:57 AM

Hi,

Hi,

Your logs are clean.

Go to Start>Run and type sysdm.cpl. Press Enter
  • Select the System Restore Tab
  • Place a check in "Turn off System Restore on all drives"
  • Click Apply
  • next, uncheck the same checkbox.
  • Click Apply
  • Click OK
You can also find instructions on how to disable and re enable system restore here:
Windows XP System Restore Guide

AVG should not report it anymore.

#5 millsarrr1

millsarrr1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 31 May 2007 - 11:32 AM

Thanks amateur, that worked. If you have a minute could you give me a brief explanation of why disabling and enabling the system restore would get rid of that and also why AVG would report that in the first place. Thanks, i appreciate your help.

#6 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:44 AM

Posted 31 May 2007 - 01:04 PM

Hi,

Windows regularly sets restorepoints, something like an image of your system. It doesn't know the difference between bad files and the good ones. If you put Windows back to such a restorepoint, the malware present at that time will be put back. We flushed the old restore points and made a new clean one. AVG scans the whole system, including the system restore and reports whatever and wherever it finds anything suspicious/infected.

A colleague of ours has excellent information and tips on the prevention of malware here and more on improving speed/system performance after malware removal here , if you'd like to have a look.

Happy Surfing! :thumbsup:

#7 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:44 AM

Posted 06 June 2007 - 09:10 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread, and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users