I posted this on another thread last night -as it was linked to msn, but now im not sure if that is the only problem so i am putting it in its own post. I have just ran another scan with avast and it has detected win32 trogan-gen in C:System Volume Information\restore...loads of numbers

'Well I must have this on my computer because my son said i had sent him a link that his brother had sent earlier in the day from the same laptop - I knew something must be wrong because it all flashed and then froze i couldnt do anything on windows live. So i immediately turned msn off before i infected all those on line and did some scans.
I ran adaware and it only found some cookies - I then ran avast- i didnt get past the memory test as it said it was infected - so i did a boot scan and removed JS:Pdfka-mv to chest. I ran an avast scan and after a while again it said the memory was infected and so the process started again - It detected 2 win32 trojans. Again i have moved to chest and emptied all temp files etc. i have also updated all software etc with Secunia.  I have used msn tonight and not had the problem again.

My son said he had clicked on a link that a friend had sent as he quite often sends things and it was an image shack link so he thought it was safe - obviously not.  If my contacts have tried to open the link i sent even if it wouldnt open will they be infected?



C:System Volume Information\restore(many numbers)  is a restore point the System Restore option. I suggest that you disable System Restore, restart your computer, and then inable System Restore again.

When you disable System Restore and restart your computer, the old restore points will be eliminated.
When you again inable System Restore, a new restore point will be created.

Have you downloaded the latest version of HJT? If so, run it and post the log in this topic thread.



Hi, I have downloaded HJT from your link, and my post is below -well on 2 posts because it is too big.
I went into my system restore and for some very strange reason it was not enabled?? I don't understand that??

  • Guest
Run HJT again, choose scan only and fix this entry O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Also download these two progs , install, update, run and post the logs


Did HJT and fixed that  entry - could i fix the ones off HJT like utorrent to stop them running at start up or not?

also downloaded the 2 programmes and here are the logs:

SUPERAntiSpyware Scan Log

Generated 09/05/2009 at 10:15 PM

Application Version : 4.28.1010

Core Rules Database Version : 4086
Trace Rules Database Version: 2026

Scan type       : Complete Scan
Total Scan Time : 02:15:29

Memory items scanned      : 547
Memory threats detected   : 0
Registry items scanned    : 6405
Registry threats detected : 0
File items scanned        : 22057
File threats detected     : 4

Adware.Tracking Cookie
   C:\Documents and Settings\home\Cookies\home@atdmt[2].txt
   C:\Documents and Settings\home\Cookies\home@bs.serving-sys[1].txt
   C:\Documents and Settings\home\Cookies\home@serving-sys[1].txt
   C:\Documents and Settings\home\Cookies\home@doubleclick[1].txt

Malwarebytes' Anti-Malware 1.40
Database version: 2745
Windows 5.1.2600 Service Pack 3

05/09/2009 22:46:35
mbam-log-2009-09-05 (22-46-25).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 164548
Time elapsed: 2 hour(s), 22 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Don't worry about Adware.Tracking Cookies as they are no threat.

If you want to stop Adware.Tracking Cookies then install a HOSTS file:
Blocking Unwanted Parasites with a Hosts File

Re-run Malwarebytes with a Quick scan as a Full scan is only required when asked for by a Malwarebytes specialist and let it remove what it found by selecting Remove

Install User Profile Hive Cleanup Service:
Brief Description
A service to help with slow log off and unreconciled profile problems.