We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

computer wont restore to earlier date

2

Comments

  • lorrigirl29
    lorrigirl29 Posts: 65 Forumite
    right combi fix has ran and gave me a log what do i do now thanks
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Post the log (Will need to split it up)
    :idea:
  • lorrigirl29
    lorrigirl29 Posts: 65 Forumite
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.918 [GMT 0:00]
    Running from: c:\users\paul\Documents\QWERTY.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\pa61ot2u.default\extensions\{52b18df1-01de-4657-bbfd-d3aa4be3b108}
    c:\users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\pa61ot2u.default\extensions\{52b18df1-01de-4657-bbfd-d3aa4be3b108}\chrome\xulcache.jar
    c:\users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\pa61ot2u.default\extensions\{52b18df1-01de-4657-bbfd-d3aa4be3b108}\install.rdf
    c:\users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\r3tl2vna.default\extensions\{52b18df1-01de-4657-bbfd-d3aa4be3b108}
    c:\users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\r3tl2vna.default\extensions\{52b18df1-01de-4657-bbfd-d3aa4be3b108}\chrome\xulcache.jar
    c:\users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\r3tl2vna.default\extensions\{52b18df1-01de-4657-bbfd-d3aa4be3b108}\install.rdf
    c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\pa61ot2u.default\extensions\{52b18df1-01de-4657-bbfd-d3aa4be3b108}
    c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\pa61ot2u.default\extensions\{52b18df1-01de-4657-bbfd-d3aa4be3b108}\chrome\xulcache.jar
    c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\pa61ot2u.default\extensions\{52b18df1-01de-4657-bbfd-d3aa4be3b108}\install.rdf
    c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\r3tl2vna.default\extensions\{52b18df1-01de-4657-bbfd-d3aa4be3b108}
    c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\r3tl2vna.default\extensions\{52b18df1-01de-4657-bbfd-d3aa4be3b108}\chrome\xulcache.jar
    c:\users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\r3tl2vna.default\extensions\{52b18df1-01de-4657-bbfd-d3aa4be3b108}\install.rdf
    BITS: Possible infected sites
    hxxp://sync.broadband.o2.co.uk:8080
    .
    ((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
    .
    2010-03-01 21:44 . 2010-03-01 21:44
    d
    w- c:\users\Default\AppData\Local\temp
    2010-03-01 21:44 . 2010-03-01 21:44
    d
    w- c:\users\lorrigirl29\AppData\Local\temp
    2010-03-01 20:40 . 2010-03-01 20:40 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-02-28 22:45 . 2010-02-28 22:45
    d
    w- c:\users\paul\AppData\Roaming\Malwarebytes
    2010-02-28 22:45 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-28 22:45 . 2010-03-01 20:40
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-28 22:45 . 2010-02-28 22:45
    d
    w- c:\programdata\Malwarebytes
    2010-02-28 22:45 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-27 22:19 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-02-27 22:19 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-02-27 22:19 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-02-27 22:19 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-02-27 22:19 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-02-27 22:17 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-02-27 22:17 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
    2010-02-27 22:17 . 2010-02-27 22:17
    d
    w- c:\programdata\Alwil Software
    2010-02-27 22:17 . 2010-02-27 22:17
    d
    w- c:\program files\Alwil Software
    2010-02-27 21:57 . 2010-02-27 21:57
    d
    w- c:\program files\AxBx
    2010-02-26 22:58 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-02-26 22:58 . 2010-02-26 22:58
    d
    w- c:\program files\Panda Security
    2010-02-26 22:00 . 2010-02-26 22:00
    d
    w- c:\windows\McAfee.com
    2010-02-25 23:43 . 2010-02-25 23:43 388096 ----a-r- c:\users\paul\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-02-25 23:43 . 2010-02-25 23:43
    d
    w- c:\program files\TrendMicro
    2010-02-25 21:10 . 2010-02-27 20:09
    d
    w- c:\programdata\avg9
    2010-02-22 21:28 . 2010-02-22 21:27 38208 ----a-w- c:\users\paul\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-02-22 21:28 . 2010-02-22 21:27 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-02-22 21:20 . 2010-02-25 20:17
    d
    w- c:\program files\MSECACHE
    2010-02-21 17:30 . 2010-02-21 17:30
    d
    w- c:\users\paul\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
    2010-02-21 01:59 . 2010-02-22 22:06
    d
    w- c:\programdata\FLEXnet
    2010-02-21 01:45 . 2010-02-21 01:45
    d
    w- c:\program files\Common Files\Macrovision Shared
    2010-02-21 00:42 . 2010-02-21 00:42
    d
    w- C:\System Volume Data
    2010-02-21 00:40 . 2010-02-25 20:52
    d
    w- c:\users\paul\Incomplete
    2010-02-03 20:29 . 2010-02-03 20:29
    d
    w- c:\programdata\Bluetooth
    2010-02-02 21:11 . 1995-08-01 04:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
    2010-01-31 20:46 . 2010-02-02 21:11
    d
    w- c:\program files\ArcSoft
    2010-01-31 20:43 . 2010-01-31 20:43
    d
    w- c:\users\paul\AppData\Local\ABBYY
    2010-01-31 20:42 . 2010-01-31 20:43
    d
    w- c:\program files\ABBYY FineReader 6.0 Sprint
    2010-01-30 22:40 . 2007-09-07 17:33 135168 ----a-w- c:\windows\system32\EEBAPI.dll
    2010-01-30 22:40 . 2007-03-28 18:26 65536 ----a-w- c:\windows\system32\EEBUtil.dll
    2010-01-30 22:40 . 2006-12-19 18:31 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll
    2010-01-30 22:40 . 2006-12-19 18:20 77824 ----a-w- c:\windows\system32\EBAPI.dll
    2010-01-30 22:21 . 2010-01-30 22:22
    d
    w- c:\program files\EpsonNet
    2010-01-30 22:18 . 2009-05-01 00:00 15872 ----a-w- c:\windows\system32\escdev.dll
    2010-01-30 22:18 . 2009-05-01 00:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
    2010-01-30 22:18 . 2008-11-17 00:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-25 21:10 . 2009-05-15 21:37
    d
    w- c:\program files\AVG
    2010-02-25 20:52 . 2009-02-04 23:22
    d
    w- c:\users\paul\AppData\Roaming\LimeWire
    2010-02-25 20:51 . 2009-01-26 17:48
    d
    w- c:\programdata\AOL
    2010-02-25 20:28 . 2009-01-25 22:15 101048 ----a-w- c:\users\paul\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-25 20:14 . 2009-11-12 22:52
    d
    w- c:\program files\Common Files\PX Storage Engine
    2010-02-24 09:16 . 2009-10-03 18:28 181632
    w- c:\windows\system32\MpSigStub.exe
    2010-02-22 21:28 . 2009-07-08 21:32
    d
    w- c:\program files\Common Files\Adobe AIR
    2010-02-22 20:39 . 2009-02-04 23:20
    d
    w- c:\program files\LimeWire
    2010-02-21 01:45 . 2009-02-02 21:16
    d
    w- c:\program files\Common Files\Adobe
    2010-02-14 15:56 . 2010-01-24 05:54
    d
    w- c:\users\paul\AppData\Roaming\gtk-2.0
    2010-02-11 23:21 . 2006-11-02 11:18
    d
    w- c:\program files\Windows Mail
    2010-02-11 17:45 . 2009-01-30 22:54
    d
    w- c:\programdata\Microsoft Help
    2010-02-02 22:39 . 2009-02-24 20:55
    d
    w- c:\users\paul\AppData\Roaming\ArcSoft
    2010-02-02 21:11 . 2009-02-04 19:39
    d--h--w- c:\program files\InstallShield Installation Information
    2010-02-02 19:58 . 2010-01-23 23:07
    d
    w- c:\users\paul\AppData\Roaming\PhotoFiltre Studio X
    2010-02-02 19:48 . 2009-01-26 17:55
    d
    w- c:\users\paul\AppData\Roaming\AOL
    2010-02-01 22:35 . 2009-02-04 19:35
    d
    w- c:\program files\EPSON
    2010-01-30 23:05 . 2010-01-30 22:31
    d
    w- c:\users\paul\AppData\Roaming\Epson
    2010-01-30 22:40 . 2010-01-30 22:22
    d
    w- c:\program files\Common Files\EPSON
    2010-01-30 22:27 . 2010-01-30 22:19
    d
    w- c:\programdata\EPSON
    2010-01-30 22:25 . 2010-01-30 22:25
    d
    w- c:\programdata\UDL
    2010-01-30 22:24 . 2010-01-30 22:22
    d
    w- c:\program files\Epson Software
    2010-01-30 22:24 . 2009-02-04 19:38
    d
    w- c:\program files\Common Files\InstallShield
    2010-01-30 22:19 . 2010-01-30 22:19
    d
    w- c:\users\paul\AppData\Roaming\InstallShield
    2010-01-27 18:43 . 2010-01-27 18:43
    d
    w- c:\program files\IVT Corporation
    2010-01-25 19:54 . 2009-02-26 21:14
    d
    w- c:\users\paul\AppData\Roaming\uTorrent
    2010-01-25 19:22 . 2010-01-25 19:22
    d
    w- c:\program files\AML Products
    2010-01-25 12:00 . 2010-02-23 20:56 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-01-25 12:00 . 2010-02-23 20:56 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-25 12:00 . 2010-02-23 20:56 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-25 12:00 . 2010-02-23 20:56 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-01-25 11:58 . 2010-02-23 20:56 332288 ----a-w- c:\windows\system32\msdrm.dll
    2010-01-25 09:30 . 2010-01-25 09:30
    d
    w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2010-01-25 08:21 . 2010-02-23 20:56 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-25 08:21 . 2010-02-23 20:56 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-25 08:21 . 2010-02-23 20:56 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2010-01-25 08:21 . 2010-02-23 20:56 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-24 14:27 . 2010-01-24 14:27
    d
    w- c:\program files\Freeze.com
    2010-01-24 14:01 . 2009-06-29 14:00
    d
    w- c:\program files\Yahoo!
    2010-01-24 05:49 . 2010-01-24 05:49
    d
    w- c:\programdata\Winferno
    2010-01-24 05:48 . 2010-01-24 05:43
    d
    w- c:\programdata\Norton
    2010-01-24 05:45 . 2010-01-24 05:44
    d
    w- c:\programdata\Registry Helper
    2010-01-24 05:44 . 2010-01-24 05:44
    d
    w- c:\program files\Gimp-2.0
    2010-01-24 05:43 . 2010-01-24 05:43
    d
    w- c:\program files\Free Offers from Freeze.com
    2010-01-24 05:43 . 2010-01-24 05:43
    d
    w- c:\programdata\Symantec
    2010-01-24 05:43 . 2010-01-24 05:43
    d
    w- c:\programdata\NortonInstaller
    2010-01-24 05:43 . 2010-01-24 05:43
    d
    w- c:\program files\PriceGong
    2010-01-24 05:31 . 2010-01-24 05:30
    d
    w- c:\program files\iTunes
    2010-01-24 05:30 . 2010-01-24 05:30
    d
    w- c:\program files\iPod
    2010-01-24 05:30 . 2009-03-25 22:40
    d
    w- c:\program files\Common Files\Apple
    2010-01-24 05:30 . 2009-03-25 22:41
    d
    w- c:\programdata\Apple Computer
    2010-01-24 05:01 . 2010-01-05 20:38
    d
    w- c:\program files\QuickTime
    2010-01-24 04:35 . 2010-01-24 04:35
    d
    w- c:\program files\Microsoft Research
    2010-01-24 03:46 . 2009-02-05 19:53
    d
    w- c:\program files\Common Files\Nero
    2010-01-24 03:45 . 2009-02-05 19:53
    d
    w- c:\program files\Nero
    2010-01-24 03:45 . 2009-02-05 19:53
    d
    w- c:\programdata\Nero
    2010-01-24 03:44 . 2010-01-24 03:44
    d
    w- c:\program files\Ask.com
    2010-01-23 23:07 . 2010-01-23 23:07
    d
    w- c:\program files\PhotoFiltre Studio X
    2010-01-23 09:26 . 2010-02-23 20:56 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-01-21 19:08 . 2009-11-12 22:51
    d
    w- c:\program files\DivX
    2010-01-20 20:34 . 2009-02-21 12:51
    d
    w- c:\program files\Microsoft Silverlight
    2010-01-19 22:29 . 2010-01-19 22:29 25214 ----a-r- c:\users\paul\AppData\Roaming\Microsoft\Installer\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}\_6FEFF9B68218417F98F549.exe
    2010-01-19 22:29 . 2009-01-26 17:48
    d
    w- c:\program files\Common Files\aol
    2010-01-19 22:27 . 2009-07-01 15:03
    d
    w- c:\program files\Common Files\aolshare
    2010-01-19 22:25 . 2010-01-19 22:25 206032 ----a-w- c:\programdata\AOL Downloads\NexusSuite\2.1.99.1\comps\maillang.exe
    2010-01-19 22:25 . 2010-01-19 22:25 83808 ----a-w- c:\programdata\AOL Downloads\NexusSuite\2.1.99.1\ProgUpd.dll
    2010-01-19 22:25 . 2010-01-19 22:25 6378688 ----a-w- c:\programdata\AOL Downloads\NexusSuite\2.1.99.1\comps\ocpinst.exe
    2010-01-19 22:25 . 2010-01-19 22:25 376568 ----a-w- c:\programdata\AOL Downloads\NexusSuite\2.1.99.1\comps\unagi3.exe
    2010-01-19 22:25 . 2010-01-19 22:24 357776 ----a-w- c:\programdata\AOL Downloads\NexusSuite\2.1.99.1\comps\frntinst.exe
    2010-01-19 22:23 . 2010-01-19 22:23 5242640 ----a-w- c:\programdata\AOL Downloads\NexusSuite\2.1.99.1\noneCodesignFilesBundle.exe
    2010-01-19 22:23 . 2010-01-19 22:23 642480 ----a-w- c:\programdata\AOL Downloads\NexusSuite\2.1.99.1\comps\SLinst.exe
    2010-01-19 22:23 . 2010-01-19 22:23 1364072 ----a-w- c:\programdata\AOL Downloads\NexusSuite\2.1.99.1\comps\fdosetup.exe
    2010-01-19 22:23 . 2010-01-19 22:23 294376 ----a-w- c:\programdata\AOL Downloads\NexusSuite\2.1.99.1\comps\iacinst.exe
    2010-01-19 22:23 . 2010-01-19 22:23 11056 ----a-w- c:\programdata\AOL Downloads\NexusSuite\2.1.99.1\comps\ocfcheck.dll
    2010-01-19 22:23 . 2010-01-19 22:23 7984 ----a-w- c:\programdata\AOL Downloads\NexusSuite\2.1.99.1\comps\jgchck.dll
    2010-01-19 22:23 . 2010-01-19 22:23 1174536 ----a-w- c:\programdata\AOL Downloads\NexusSuite\2.1.99.1\comps\prfrd.exe
    2010-01-19 22:23 . 2010-01-19 22:23 45864 ----a-w- c:\programdata\AOL Downloads\NexusSuite\2.1.99.1\comps\ACSInstA.dll
    2010-01-19 21:53 . 2010-01-14 22:09
    d
    w- c:\program files\Picaboo
    2010-01-19 21:53 . 2009-10-13 20:04
    d
    w- c:\program files\Google
    2010-01-19 21:53 . 2009-07-01 12:32
    d
    w- c:\program files\Common Files\Software Update Utility
    2010-01-19 21:53 . 2009-02-27 23:46
    d
    w- c:\program files\CCleaner
    2010-01-19 21:52 . 2009-01-29 11:25
    d
    w- c:\program files\AOL 9.0 VR
    2010-01-19 21:01 . 2010-01-19 20:59
    d
    w- c:\program files\AOL 9.5
    2010-01-19 21:01 . 2010-01-16 23:31
    d
    w- c:\program files\Common Files\aolshare(74)
    2010-01-19 21:00 . 2010-01-19 21:00
    d
    w- c:\programdata\AOL Toolbar
    2010-01-19 20:59 . 2010-01-16 23:30
    d
    w- c:\program files\AOL(9)
    2010-01-19 20:57 . 2009-01-26 17:34
    d
    w- c:\programdata\AOL Downloads
    2010-01-19 20:39 . 2010-01-17 12:08
    d
    w- c:\users\paul\AppData\Roaming\GetRightToGo
    2010-01-19 20:39 . 2009-06-10 20:15
    d
    w- c:\program files\Safari
    2010-01-19 20:39 . 2010-01-17 13:04
    d
    w- c:\program files\FreeRIP3
    2010-01-18 22:54 . 2010-01-18 22:54
    d
    w- c:\program files\Find Favorites
    2010-01-18 22:24 . 2009-06-30 22:31
    d
    w- c:\users\paul\AppData\Roaming\Uniblue
    2010-01-18 22:24 . 2010-01-18 22:24
    d
    w- c:\program files\Uniblue
    2010-01-18 21:47 . 2010-01-18 21:47
    d
    w- c:\programdata\FileCure
    2010-01-18 21:47 . 2009-02-24 21:09
    d
    w- c:\programdata\ParetoLogic
    2010-01-18 21:47 . 2009-02-24 21:09
    d
    w- c:\program files\Common Files\ParetoLogic
    2010-01-18 21:47 . 2010-01-18 21:47
    d
    w- c:\program files\ParetoLogic
    2010-01-18 21:35 . 2010-01-18 21:35
    d
    w- c:\program files\Common Files\PC Tools
    2010-01-18 21:30 . 2010-01-18 21:25
    d
    w- c:\program files\RegCure
    2010-01-18 21:25 . 2010-01-18 21:25
    d
    w- c:\programdata\RegCure
    .
  • lorrigirl29
    lorrigirl29 Posts: 65 Forumite
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
    2008-09-02 14:05 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}]
    2009-08-10 22:48 288056 ----a-w- c:\program files\PriceGong\1.5.0\PriceGongIE.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-09-30 10:40 1182088 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
    "HostManager"="c:\program files\Common Files\AOL\1233228337\ee\AOLSoftware.exe" [2008-06-24 41824]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    c:\users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    AOL Desktop.lnk - c:\program files\Common Files\aol\Launch\aollaunch.exe [2008-6-24 41824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2008-02-26 14:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):aa,34,f0,1c,ac,22,ca,01
    R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [26/02/2010 22:58 28552]
    R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [27/02/2010 22:19 162512]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/02/2010 22:19 19024]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/02/2010 22:19 51792]
    R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [04/03/2009 15:52 202016]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/10/2009 20:04 133104]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [02/10/2009 19:42 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
    S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21/04/2007 14:54 52080]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 14:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    2010-02-28 c:\windows\Tasks\Epson Printer Software Downloader.job
    - c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 11:43]
    2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 20:04]
    2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 20:04]
    2010-03-01 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]
    2010-02-06 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.aol.com/
    uInternet Settings,ProxyOverride = *.local
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Lookup on Merriam Webster - [URL]file://c:\program[/URL] files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - [URL]file://c:\program[/URL] files\ieSpell\wikipedia.HTM
    .
    - - - - ORPHANS REMOVED - - - -
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-01 21:45
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-03-01 21:49:40
    ComboFix-quarantined-files.txt 2010-03-01 21:49
    Pre-Run: 108,282,871,808 bytes free
    Post-Run: 107,615,309,824 bytes free
    - - End Of File - - A74763555D8F2063E799C3A72BA13071
  • lorrigirl29
    lorrigirl29 Posts: 65 Forumite
    now what guys iv posted loads of logs
  • debitcardmayhem
    debitcardmayhem Posts: 13,104 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Hi Lorri, me again, this post is to let you now about subscribing to posts ,
    go to the top of this thread, select Thread Tools, Subscribe to thread, Then Change notification to Instant Notification by email, saves you worrying when you get a reply. Also by posting this note your thread will go back up to the top of forum at time now 11:33 ish.
    Someone will help , I can't delete the other thread it belongs to you, and I don't know how either :o . Going to zzzz now so good look, and try not too fret :)
    4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Uninstall ~ ASK TOOLBAR (ASKBARDIS)
    NERO TOOLBAR (If its there)
    BEARSHARE TOOLBAR

    TICk and FIX these in hijack this ~
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: PriceGong - {D2A2595C-4FE4-4315-AA9B-19DBD6271B71} - C:\Program Files\PriceGong\1.5.0\PriceGongIE.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
    O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

    Bearshare is more than likely the reason your computers infected
    :idea:
  • lorrigirl29
    lorrigirl29 Posts: 65 Forumite
    hi thanks i cant find ask toolbar and also i cant find bear share in uninstall programs

    i installed photoshop 8 thats when all my troubles seemd to start
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    TICK all those I posted
    :idea:
  • debitcardmayhem
    debitcardmayhem Posts: 13,104 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    lorrigirl29 wrote: »
    hi thanks i cant find ask toolbar and also i cant find bear share in uninstall programs

    i installed photoshop 8 thats when all my troubles seemd to start
    Hi again Lorri wait for Rik (he's awesome) but by the by where did you install photoshop from ? :)

    Edit OOps rik is refreshed an on the case - sorry rik
    4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.1K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.2K Spending & Discounts
  • 245.1K Work, Benefits & Business
  • 600.7K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 258.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture