it does not seem to work for me...

i have found some virii and trojan stuff, tried to do a sys restore and it tells me that it cannot restore to that date... i have tried differentdates as well...


is there something i am missing?

It is possible that the malware corrupted your restore points, something else to think of is that if your pc was infected at the time of the restore point you are only going to reinfect yourself. Best bet is to disable system restore and reboot then clean the malware.

:)

thnx... i also remember the scanner saying its a dat trojan downloader or something like that...

so i have to go in and fix it manually... hmmm that might not bode well :D

also, i just switched from avg to nod32... and this is what the latest scan is gining me...

NOD32:

Error occurred while scanning MBR sector of the 2. physical disk. Error reading sector.
Error occurred while scanning MBR sector of the 3. physical disk. Error reading sector.

Date: 12.8.2006 Time: 13:26:03
Scanned disks, folders and files: C:
C:\pagefile.sys - error opening (File locked) [4]
C:\Documents and Settings\Administrator\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\Administrator\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt - error opening (File locked) [4]
File C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv540.jar-1b819912-1fae2ba7.zip is infected with a variant of Java/TrojanDownloader.OpenStream.C trojan. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
File C:\System Volume Information\_restore{F0A8DAA7-4716-40C3-B46E-CB5E5E4E01E7}\RP256\A0073935.exe is infected with probably a variant of Win32/TrojanDownloader.Small.AWA trojan. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed.

Logfile of HijackThis v1.99.1
Scan saved at 2:03:50 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\My Documents\My Downloads\Security\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.speedguide.net/forumdisplay.php?s=&forumid=41
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcclub.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NetStat Live] C:\Program Files\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcclub.com
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/0.8.0794.38/WinSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126367736355
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online2/bejeweled2/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: FAH@C:+Documents and Settings+Administrator+My Documents+My Downloads+F@H+FAH502-Console.exe - Stanford University - C:\Documents and Settings\Administrator\My Documents\My Downloads\F@H\FAH502-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Bastid I only used system restore once and the one time I did it was corrupted. I purched Acronis TrueImage and never looked back. It was the best money I ever spent for my PC/Lappys.

also, i just switched from avg to nod32... and this is what the latest scan is gining me...

NOD32:

Error occurred while scanning MBR sector of the 2. physical disk. Error reading sector.
Error occurred while scanning MBR sector of the 3. physical disk. Error reading sector.

Date: 12.8.2006 Time: 13:26:03
Scanned disks, folders and files: C:
C:\pagefile.sys - error opening (File locked) [4]
C:\Documents and Settings\Administrator\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\Administrator\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt - error opening (File locked) [4]
File C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv540.jar-1b819912-1fae2ba7.zip is infected with a variant of Java/TrojanDownloader.OpenStream.C trojan. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
File C:\System Volume Information\_restore{F0A8DAA7-4716-40C3-B46E-CB5E5E4E01E7}\RP256\A0073935.exe is infected with probably a variant of Win32/TrojanDownloader.Small.AWA trojan. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed.

I just worked on a friends computer with this problem. The Java/Trojan Downloader seems to have its vulnerability though older versions of sunjava. Check your add and remove programs list and see if there are any older versions of sunjava still there, or older updates. If so remove all of them, reboot and update to the latest version. I also had to remove from the start up in misconfig , and remove the registry keys associated with them. Hope this helps some. :)

I turn off System restore.. hogs too much resources.. I never put much on my comps anymore and just use a single huge drive to save music and stuff otherwise i'll just format from now on and start over..

I turn off System restore.. hogs too much resources.. I never put much on my comps anymore and just use a single huge drive to save music and stuff otherwise i'll just format from now on and start over..
I agree with turning off system restore.

Why format when you could be up and running in 6 minutes or so with a a pristine backup? After you tweak windows and all other custom program settings you are good to go. Same with games etc. Don't know about you but it takes me a good day to load, tweak and get everything just right.

Drive goes up, virus or whatever....Acronis to the rescue.

I agree with turning off system restore.

Why format when you could be up and running in 6 minutes or so with a a pristine backup? After you tweak windows and all other custom program settings you are good to go. Same with games etc. Don't know about you but it takes me a good day to load, tweak and get everything just right.

Drive goes up, virus or whatever....Acronis to the rescue.


:thumb: Acronis is great!

Really? I bought one a couple of weeks ago, but felt too complicated, so I threw it aside. Yesterday I, following my friend's advice, downloaded EAZFIX PRO 7.2.1 for a try.
Can you give me any detailed explanations? Many thanks!I have no working knowledge using the program you mentioned. Be free to hit me up when you purchase Acronis True Image. :D