We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

this is my log from malware

2

Comments

  • jewls
    jewls Posts: 165 Forumite
    Reluctant_spender wrote: »
    The o10 entries in the hijack log are all linked to Stopzilla - I would remove this program from add/remove programs via the control panel.

    Whilst in add remove I would also unistall Mininova and all references to it.


    hi

    i have got rid of stopzilla is it no good? also mininova is this where the problems i have had have come from?

    is norton ok? also could not find mininova from my programme files i had removed the toolbars and something called vuse? so i might have got rid of it. can i not use mininova anymore, my virus software now seems ok?

    many thanks

    jue
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Open notepad and copy/paste the text in RED below

    File::
    C:\Windows\hpoins19.dat

    Save this as "CFScript" (FULL file will be 'CFScript.txt')

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScript.gif


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

    Combofix should never take more that 30 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    :idea:
  • jewls
    jewls Posts: 165 Forumite
    aliEnRIK wrote: »
    Open notepad and copy/paste the text in RED below

    File::
    C:\Windows\hpoins19.dat

    Save this as "CFScript" (FULL file will be 'CFScript.txt')

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScript.gif

    hi

    did this is started right away did not reboot but crashed computor blue screen so i am going to give u some details on screen

    says

    catchme sys
    address a5568010base at a5565000 date setup 49a3495d
    a problem has been detected windows shut down to prevent further damage
    ComboFix 09-11-21.03 - neil 22/11/2009 19:10:18.5.1 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.766.235 [GMT 0:00]
    Running from: C:\Users\neil\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run
    .
    C:\Windows\hpoins19.dat
    .
    ((((((((((((((((((((((((( Files Created from 2009-10-22 to 2009-11-22 )))))))))))))))))))))))))))))))
    .
    2009-11-22 19:34:06 . 2009-11-22 19:34:24 0 d
    w- C:\Users\neil\AppData\Local\temp
    2009-11-22 19:34:06 . 2009-11-22 19:34:06 0 d
    w- C:\Users\Public\AppData\Local\temp
    2009-11-22 19:34:06 . 2009-11-22 19:34:06 0 d
    w- C:\Users\Default\AppData\Local\temp
    2009-11-22 15:37:38 . 2009-11-02 09:00:00 84912 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091122.003\NAVENG.SYS
    2009-11-22 15:37:38 . 2009-11-02 09:00:00 177520 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091122.003\NAVENG32.DLL
    2009-11-22 15:37:38 . 2009-11-02 09:00:00 1647984 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091122.003\NAVEX32A.DLL
    2009-11-22 15:37:38 . 2009-11-02 09:00:00 1323568 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091122.003\NAVEX15.SYS
    2009-11-22 15:37:37 . 2009-11-02 09:00:00 371248 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091122.003\EECTRL.SYS
    2009-11-22 15:37:37 . 2009-11-02 09:00:00 2747952 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091122.003\CCERASER.DLL
    2009-11-22 15:37:37 . 2009-11-02 09:00:00 259440 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091122.003\ECMSVR32.DLL
    2009-11-22 15:37:37 . 2009-11-02 09:00:00 102448 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091122.003\ERASER.SYS
    2009-11-21 19:33:50 . 2009-11-21 19:33:50 0 d
    w- C:\Users\neil\AppData\Roaming\Yahoo!
    2009-11-21 18:15:33 . 2009-11-21 18:16:36 0 d
    w- C:\Program Files\CCleaner
    2009-11-20 18:41:41 . 2009-09-10 14:54:06 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
    2009-11-20 18:41:27 . 2009-09-10 14:53:50 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2009-11-20 18:41:26 . 2009-11-20 18:42:39 4096 d
    w- C:\Program Files\Malwarebytes' Anti-Malware
    2009-11-19 23:10:49 . 2009-11-22 11:16:16 2268672 ----a-w- C:\Users\neil\AppData\Local\cooliris-win-iefull-release-1.11.5.29501.en-US.msi
    2009-11-18 22:45:09 . 2009-11-18 22:45:09 0 d
    w- C:\Program Files\Windows Portable Devices
    2009-11-18 20:52:20 . 2009-09-10 02:00:36 92672 ----a-w- C:\Windows\system32\UIAnimation.dll
    2009-11-18 20:52:17 . 2009-09-10 02:00:54 1164800 ----a-w- C:\Windows\system32\UIRibbonRes.dll
    2009-11-18 20:52:16 . 2009-09-10 02:01:02 3023360 ----a-w- C:\Windows\system32\UIRibbon.dll
    2009-11-18 20:50:22 . 2009-09-24 22:54:55 258048 ----a-w- C:\Windows\system32\winspool.drv
    2009-11-18 20:50:20 . 2009-09-25 01:33:01 369664 ----a-w- C:\Windows\system32\WMPhoto.dll
    2009-11-18 20:50:09 . 2009-09-25 01:27:25 634880 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys
    2009-11-18 20:50:09 . 2009-09-25 01:27:04 37888 ----a-w- C:\Windows\system32\cdd.dll
    2009-11-18 20:50:03 . 2009-09-25 01:33:15 829440 ----a-w- C:\Windows\system32\d3d10warp.dll
    2009-11-18 20:50:02 . 2009-09-24 22:54:52 26112 ----a-w- C:\Windows\system32\printfilterpipelineprxy.dll
    2009-11-18 20:50:00 . 2009-09-25 01:36:13 280064 ----a-w- C:\Windows\system32\XpsGdiConverter.dll
    2009-11-18 20:50:00 . 2009-09-25 01:35:31 135680 ----a-w- C:\Windows\system32\XpsRasterService.dll
    2009-11-18 20:47:44 . 2009-10-01 01:02:05 30208 ----a-w- C:\Windows\system32\WPDShextAutoplay.exe
    2009-11-18 20:41:33 . 2009-10-08 21:07:59 4096 ----a-w- C:\Windows\system32\oleaccrc.dll
    2009-11-18 20:41:30 . 2009-10-08 21:08:01 555520 ----a-w- C:\Windows\system32\UIAutomationCore.dll
    2009-11-18 20:41:30 . 2009-10-08 21:08:01 234496 ----a-w- C:\Windows\system32\oleacc.dll
    2009-11-14 10:28:46 . 2009-11-14 10:28:46 0 d
    w- C:\Windows\system32\Registry Patrol
    2009-11-14 10:28:35 . 2009-11-22 14:59:57 0 d
    w- C:\Program Files\Registry Patrol
    2009-11-13 18:35:36 . 2009-10-28 22:37:22 343088 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
    2009-11-13 18:35:36 . 2009-10-28 22:37:22 329592 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
    2009-11-13 18:35:36 . 2009-10-28 22:37:21 811896 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
    2009-11-13 18:35:36 . 2009-10-28 22:37:21 488312 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
    2009-11-13 18:35:36 . 2009-10-28 22:37:21 466992 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
    2009-11-12 20:01:19 . 2009-10-28 22:37:21 811896 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\Scxpx86.dll
    2009-11-12 20:01:17 . 2009-10-28 22:37:22 329592 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSXpx86.sys
    2009-11-12 20:01:16 . 2009-10-28 22:37:22 343088 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSvix86.sys
    2009-11-12 20:01:16 . 2009-10-28 22:37:21 488312 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSxpx86.dll
    2009-11-12 20:01:14 . 2009-10-28 22:37:21 466992 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSviA64.sys
    2009-11-11 20:03:55 . 2009-08-14 13:27:17 2036736 ----a-w- C:\Windows\system32\win32k.sys
    2009-11-11 19:59:49 . 2009-08-10 12:35:06 355328 ----a-w- C:\Windows\system32\WSDApi.dll
    2009-11-07 21:17:13 . 2009-11-08 13:11:50 0 d
    w- C:\ProgramData\SITEguard
    2009-11-07 21:11:38 . 2009-11-07 21:11:38 0 d
    w- C:\Program Files\Common Files\iS3
    2009-11-07 21:11:09 . 2009-11-22 11:14:38 0 d
    w- C:\ProgramData\STOPzilla!
    2009-11-06 17:41:57 . 2009-08-07 02:24:08 44768 ----a-w- C:\Windows\system32\wups2.dll
    2009-11-06 17:41:57 . 2009-08-07 02:24:04 53472 ----a-w- C:\Windows\system32\wuauclt.exe
    2009-11-06 17:41:57 . 2009-08-07 01:45:15 2421760 ----a-w- C:\Windows\system32\wucltux.dll
    2009-11-06 17:41:56 . 2009-08-07 02:23:45 1929952 ----a-w- C:\Windows\system32\wuaueng.dll
    2009-11-06 17:41:06 . 2009-08-07 02:24:09 35552 ----a-w- C:\Windows\system32\wups.dll
    2009-11-06 17:41:06 . 2009-08-07 02:23:52 575704 ----a-w- C:\Windows\system32\wuapi.dll
    2009-11-06 17:41:06 . 2009-08-07 01:44:40 87552 ----a-w- C:\Windows\system32\wudriver.dll
    2009-11-06 17:40:12 . 2009-08-06 19:23:06 171608 ----a-w- C:\Windows\system32\wuwebv.dll
    2009-11-06 17:40:12 . 2009-08-06 18:44:46 33792 ----a-w- C:\Windows\system32\wuapp.exe
    2009-11-03 22:59:37 . 2009-11-03 22:59:37 0 d
    w- C:\Program Files\Trend Micro
    2009-11-03 21:18:59 . 2009-11-03 21:18:59 0 d
    w- C:\Users\neil\AppData\Roaming\Malwarebytes
    2009-11-03 21:18:53 . 2009-11-03 21:18:53 0 d
    w- C:\ProgramData\Malwarebytes
    2009-11-03 10:15:36 . 2009-11-03 10:15:36 0 d
    w- C:\Users\neil\AppData\Local\Symantec
    2009-11-03 09:56:24 . 2009-08-22 08:13:59 25648 ----a-r- C:\Windows\system32\drivers\SymIMV.sys
    2009-11-03 08:44:35 . 2009-11-03 08:24:17 107368 ----a-r- C:\Windows\system32\GEARAspi.dll
    2009-11-03 08:44:31 . 2009-11-03 08:24:19 26600 ----a-r- C:\Windows\system32\drivers\GEARAspiWDM.sys
    2009-11-03 08:20:11 . 2009-11-03 08:20:11 0 d
    w- C:\Windows\system32\N360_BACKUP
    2009-11-02 23:00:35 . 2009-11-02 20:42:06 195456
    w- C:\Windows\system32\MpSigStub.exe
    2009-11-02 22:49:28 . 2009-11-03 08:44:12 0 d
    w- C:\ProgramData\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
    2009-11-02 22:48:41 . 2009-11-03 08:43:20 0 d
    w- C:\Program Files\Symantec
    2009-11-02 22:48:41 . 2009-11-03 08:36:03 124976 ----a-w- C:\Windows\system32\drivers\SYMEVENT.SYS
    2009-11-02 22:47:35 . 2009-11-02 22:47:39 1290592 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
    2009-11-02 22:47:35 . 2009-11-02 22:47:35 136840 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
    2009-11-02 22:47:26 . 2009-11-02 22:47:26 796016 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
    2009-11-02 22:46:40 . 2009-11-03 17:29:02 0 d
    w- C:\Windows\system32\drivers\N360
    2009-11-02 22:46:29 . 2009-11-02 22:47:06 0 d
    w- C:\Program Files\Norton 360
    2009-11-02 22:46:25 . 2009-11-02 22:46:29 0 d
    w- C:\ProgramData\Norton
    2009-11-02 22:44:08 . 2009-11-02 22:45:05 0 d
    w- C:\ProgramData\NortonInstaller
    2009-11-02 22:44:08 . 2009-11-02 22:44:13 0 d
    w- C:\Program Files\NortonInstaller
    2009-11-01 21:20:46 . 2009-11-01 21:23:47 0 d
    w- C:\Windows\system32\ca-ES
    2009-11-01 21:20:46 . 2009-11-01 21:23:25 0 d
    w- C:\Windows\system32\eu-ES
    2009-11-01 21:20:39 . 2009-11-01 21:23:12 0 d
    w- C:\Windows\system32\vi-VN
    2009-11-01 20:42:57 . 2009-11-01 20:43:00 4096 d
    w- C:\Windows\system32\EventProviders
    2009-11-01 18:56:54 . 2009-11-01 18:56:54 108341 ----a-w- C:\Users\neil\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\digitaleditions\digitaleditions.exe
    2009-10-31 10:58:41 . 2009-10-31 10:58:41 0 d
    w- C:\Users\neil\AppData\Local\AOL UK Toolbar
    2009-10-31 10:58:01 . 2009-10-31 10:58:09 4096 d
    w- C:\Program Files\AOL UK Toolbar
    2009-10-31 10:58:01 . 2009-10-31 10:58:01 0 d
    w- C:\ProgramData\AOL UK Toolbar
    2009-10-31 10:57:56 . 2009-10-31 10:57:56 0 d
    w- C:\Program Files\Common Files\Software Update Utility
    2009-10-28 22:37:22 . 2009-10-28 22:37:22 343088 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
    2009-10-28 22:37:22 . 2009-10-28 22:37:22 329592 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
    2009-10-28 22:37:21 . 2009-10-28 22:37:21 811896 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
    2009-10-28 22:37:21 . 2009-10-28 22:37:21 488312 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
    2009-10-28 22:37:21 . 2009-10-28 22:37:21 466992 ----a-w- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
    2009-10-28 22:19:02 . 2009-10-28 22:40:40 0 d
    w- C:\Users\neil\AppData\Local\SpookyManor
    2009-10-28 22:17:11 . 2009-10-28 22:17:11 0 d
    w- C:\Windows\Mortimer Beckett And The Secrets Of Spooky Manor
    2009-10-27 17:52:52 . 2009-09-10 14:58:28 310784 ----a-w- C:\Windows\system32\unregmp2.exe
    2009-10-27 17:52:47 . 2009-09-10 14:59:26 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-22 14:57:44 . 2009-02-15 22:01:54 16384 d
    w- C:\Program Files\FileVOoM Pro
    2009-11-22 10:52:23 . 2009-11-22 10:07:12 912 ----a-w- C:\Windows\system32\drivers\kgpcpy.cfg
    2009-11-22 09:00:45 . 2007-08-28 12:58:59 4096 d
    w- C:\ProgramData\Google Updater
    2009-11-21 19:33:55 . 2007-04-22 21:05:32 0 d
    w- C:\Program Files\Yahoo!
    2009-11-21 19:15:21 . 2008-11-17 11:06:40 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
    2009-11-21 19:09:47 . 2007-08-28 12:58:55 4096 d
    w- C:\Program Files\Google
    2009-11-21 18:21:58 . 2009-09-27 08:29:58 8192 d
    w- C:\Users\neil\AppData\Roaming\Azureus
    2009-11-19 18:41:17 . 2007-04-24 19:23:40 4096 d
    w- C:\Program Files\Java
    2009-11-18 22:44:54 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
    2009-11-18 22:43:57 . 2009-11-18 22:43:57 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2009-11-18 22:42:40 . 2009-11-18 22:42:40 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-14 21:09:40 . 2008-11-01 20:12:35 1356 ----a-w- C:\Users\neil\AppData\Local\d3d9caps.dat
    2009-11-14 10:13:12 . 2006-11-02 11:18:33 4096 d
    w- C:\Program Files\Windows Mail
    2009-11-14 09:51:52 . 2008-02-18 12:01:33 0 d
    w- C:\ProgramData\Microsoft Help
    2009-11-08 09:25:17 . 2007-04-23 02:30:16 25070 ----a-w- C:\Users\neil\AppData\Roaming\nvModes.dat
    2009-11-03 17:44:27 . 2006-12-07 12:06:42 4096 d
    w- C:\ProgramData\Symantec
    2009-11-03 08:36:03 . 2009-11-02 22:48:41 806 ----a-w- C:\Windows\system32\drivers\SYMEVENT.INF
    2009-11-03 08:36:03 . 2009-11-02 22:48:41 7456 ----a-w- C:\Windows\system32\drivers\SYMEVENT.CAT
    2009-11-03 08:28:01 . 2006-12-07 12:06:28 12288 d
    w- C:\Program Files\Common Files\Symantec Shared
    2009-11-02 22:39:34 . 2009-04-07 08:19:48 4096 d
    w- C:\ProgramData\McAfee
    2009-11-01 21:24:30 . 2006-11-02 12:37:34 0 d
    w- C:\Program Files\Windows Calendar
    2009-11-01 21:24:28 . 2006-11-02 12:37:34 0 d
    w- C:\Program Files\Windows Sidebar
    2009-11-01 21:24:26 . 2006-11-02 12:37:34 4096 d
    w- C:\Program Files\Windows Collaboration
    2009-11-01 21:24:26 . 2006-11-02 12:37:34 0 d
    w- C:\Program Files\Windows Journal
    2009-11-01 21:24:23 . 2006-11-02 12:37:34 4096 d
    w- C:\Program Files\Windows Photo Gallery
    2009-11-01 21:24:15 . 2006-11-02 12:37:34 4096 d
    w- C:\Program Files\Windows Defender
    2009-11-01 12:19:19 . 2009-07-12 18:17:36 0 d
    w- C:\Program Files\Gamehouse
    2009-10-25 18:23:45 . 2009-07-25 14:06:19 0 d
    w- C:\ProgramData\AlawarWrapper
    2009-10-18 15:23:54 . 2009-10-18 15:23:54 0 d
    w- C:\Users\neil\AppData\Roaming\Princess Isabella
    2009-10-11 09:31:31 . 2009-10-11 09:26:24 0 d
    w- C:\Users\neil\AppData\Roaming\Epson
    2009-10-11 04:17:27 . 2008-11-01 09:15:58 411368 ----a-w- C:\Windows\system32\deploytk.dll
    2009-10-09 22:21:32 . 2009-10-09 22:04:00 0 d
    w- C:\Program Files\Common Files\EPSON
    2009-10-09 22:20:07 . 2009-10-09 21:58:24 0 d
    w- C:\ProgramData\EPSON
    2009-10-09 22:13:27 . 2009-10-09 21:55:52 0 d
    w- C:\Program Files\epson
    2009-10-09 22:12:53 . 2009-10-09 22:12:52 0 d
    w- C:\ProgramData\UDL
    2009-10-09 22:11:38 . 2009-10-09 22:07:18 0 d
    w- C:\Program Files\Epson Software
    2009-10-09 22:11:35 . 2006-12-02 07:31:36 0 d--h--w- C:\Program Files\InstallShield Installation Information
    2009-10-09 22:06:40 . 2009-10-09 22:05:47 65536 d
    w- C:\Program Files\ABBYY FineReader 6.0 Sprint
    2009-10-09 22:04:33 . 2009-10-09 22:02:37 0 d
    w- C:\Program Files\EpsonNet
    2009-10-01 01:02:17 . 2009-11-18 20:47:05 2537472 ----a-w- C:\Windows\system32\wpdshext.dll
    2009-10-01 01:02:04 . 2009-11-18 20:47:04 334848 ----a-w- C:\Windows\system32\PortableDeviceApi.dll
    2009-10-01 01:02:02 . 2009-11-18 20:47:05 87552 ----a-w- C:\Windows\system32\WPDShServiceObj.dll
    2009-10-01 01:02:00 . 2009-11-18 20:47:43 31232 ----a-w- C:\Windows\system32\BthMtpContextHandler.dll
    2009-10-01 01:01:59 . 2009-11-18 20:47:05 546816 ----a-w- C:\Windows\system32\wpd_ci.dll
    2009-10-01 01:01:59 . 2009-11-18 20:47:04 160256 ----a-w- C:\Windows\system32\PortableDeviceTypes.dll
    2009-10-01 01:01:56 . 2009-11-18 20:47:23 60928 ----a-w- C:\Windows\system32\PortableDeviceConnectApi.dll
    2009-10-01 01:01:56 . 2009-11-18 20:47:04 196608 ----a-w- C:\Windows\system32\PortableDeviceWMDRM.dll
    2009-10-01 01:01:56 . 2009-11-18 20:47:04 100864 ----a-w- C:\Windows\system32\PortableDeviceClassExtension.dll
    2009-10-01 01:01:56 . 2009-11-18 20:47:03 350208 ----a-w- C:\Windows\system32\WPDSp.dll
    2009-10-01 01:01:54 . 2009-11-18 20:47:43 81920 ----a-w- C:\Windows\system32\wpdbusenum.dll
    2009-10-01 01:01:54 . 2009-11-18 20:47:06 40448 ----a-w- C:\Windows\system32\drivers\WpdUsb.sys
    2009-10-01 01:01:50 . 2009-11-18 20:47:04 226816 ----a-w- C:\Windows\system32\WpdMtp.dll
    2009-10-01 01:01:49 . 2009-11-18 20:47:07 33280 ----a-w- C:\Windows\system32\WpdConns.dll
    2009-10-01 01:01:49 . 2009-11-18 20:47:06 61952 ----a-w- C:\Windows\system32\WpdMtpUS.dll
    2009-09-29 20:40:54 . 2009-02-02 19:48:12 0 d
    w- C:\Users\neil\AppData\Roaming\Image Zone Express
    2009-09-27 08:30:10 . 2009-09-27 08:30:10 0 d
    w- C:\ProgramData\Azureus
    2009-09-27 08:29:52 . 2009-09-27 08:29:52 51200 ----a-w- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\3ppyjx41.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\components\FFExternalAlert.dll
    2009-09-27 08:29:52 . 2009-09-27 08:29:52 114688 ----a-w- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\3ppyjx41.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\components\npmozax.dll
    2009-09-27 08:29:19 . 2009-09-27 08:28:39 4096 d
    w- C:\Program Files\Vuze
    2009-09-26 11:36:34 . 2009-09-26 11:36:05 0 d
    w- C:\Users\neil\AppData\Roaming\GameHouse
    2009-09-26 11:36:33 . 2009-09-26 11:36:32 0 d
    w- C:\ProgramData\n7-89-o9-3r-4t-r9
    2009-09-25 02:10:10 . 2009-11-18 20:49:59 974848 ----a-w- C:\Windows\system32\WindowsCodecs.dll
    2009-09-25 02:07:08 . 2009-11-18 20:49:59 189440 ----a-w- C:\Windows\system32\WindowsCodecsExt.dll
    2009-09-25 02:04:32 . 2009-11-18 20:49:59 321024 ----a-w- C:\Windows\system32\PhotoMetadataHandler.dll
    2009-09-25 01:49:22 . 2009-11-18 20:49:58 1554432 ----a-w- C:\Windows\system32\xpsservices.dll
    2009-09-25 01:48:08 . 2009-11-18 20:49:58 351232 ----a-w- C:\Windows\system32\XpsPrint.dll
    2009-09-25 01:38:29 . 2009-11-18 20:49:58 847360 ----a-w- C:\Windows\system32\OpcServices.dll
    2009-09-25 01:33:25 . 2009-11-18 20:49:59 195584 ----a-w- C:\Windows\system32\dxdiagn.dll
    2009-09-25 01:32:59 . 2009-11-18 20:49:59 252928 ----a-w- C:\Windows\system32\dxdiag.exe
    2009-09-25 01:31:53 . 2009-11-18 20:49:55 519680 ----a-w- C:\Windows\system32\d3d11.dll
    2009-09-25 01:31:26 . 2009-11-18 20:49:56 486912 ----a-w- C:\Windows\system32\d3d10level9.dll
    2009-09-25 01:31:21 . 2009-11-18 20:49:54 161280 ----a-w- C:\Windows\system32\d3d10_1.dll
    2009-09-25 01:31:19 . 2009-11-18 20:49:55 218112 ----a-w- C:\Windows\system32\d3d10_1core.dll
    2009-09-25 01:31:16 . 2009-11-18 20:49:53 1030144 ----a-w- C:\Windows\system32\d3d10.dll
    2009-09-25 01:31:15 . 2009-11-18 20:49:59 828928 ----a-w- C:\Windows\system32\d2d1.dll
    2009-09-25 01:30:23 . 2009-11-18 20:49:56 190464 ----a-w- C:\Windows\system32\d3d10core.dll
    2009-09-25 01:30:23 . 2009-11-18 20:49:54 481792 ----a-w- C:\Windows\system32\dxgi.dll
    2009-09-25 01:27:04 . 2009-11-18 20:49:57 793088 ----a-w- C:\Windows\system32\FntCache.dll
    2009-09-25 01:27:04 . 2009-11-18 20:49:56 1064448 ----a-w- C:\Windows\system32\DWrite.dll
    2009-09-24 22:54:53 . 2009-11-18 20:49:58 667648 ----a-w- C:\Windows\system32\printfilterpipelinesvc.exe
    2009-09-14 09:29:50 . 2009-10-15 19:55:15 144896 ----a-w- C:\Windows\system32\drivers\srv2.sys
    2009-09-10 16:48:01 . 2009-10-15 19:57:27 218624 ----a-w- C:\Windows\system32\msv1_0.dll
    2009-09-04 11:41:59 . 2009-10-15 19:55:23 60928 ----a-w- C:\Windows\system32\msasn1.dll
    2009-08-29 00:27:49 . 2009-09-03 06:16:26 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
    2009-08-29 00:14:38 . 2009-09-03 06:16:28 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
    2009-08-27 05:22:28 . 2009-10-15 19:55:50 916480 ----a-w- C:\Windows\system32\wininet.dll
    2009-08-27 05:17:43 . 2009-10-15 19:55:45 109056 ----a-w- C:\Windows\system32\iesysprep.dll
    2009-08-27 05:17:43 . 2009-10-15 19:55:44 71680 ----a-w- C:\Windows\system32\iesetup.dll
    2009-08-27 03:42:29 . 2009-10-15 19:55:46 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
    2009-08-26 20:26:06 . 2009-08-26 20:26:06 10134 ----a-r- C:\Users\neil\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-11-19_22.40.17 )))))))))))))))))))))))))))))))))))))))))
    .
  • jewls
    jewls Posts: 165 Forumite
    jewls wrote: »
    aliEnRIK wrote: »
    Open notepad and copy/paste the text in RED below

    File::
    C:\Windows\hpoins19.dat

    Save this as "CFScript" (FULL file will be 'CFScript.txt')

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScript.gif
    + 2007-04-24 04:02:54 . 2009-11-22 17:26:15 83186 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05:11 . 2009-11-22 18:52:59 62360 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2007-04-24 04:03:01 . 2009-11-22 18:53:17 20992 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2570473948-2623807429-1831362901-1000_UserData.bin
    - 2006-11-02 13:02:04 . 2009-11-19 22:00:25 32768 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2006-11-02 13:02:04 . 2009-11-22 19:02:51 32768 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2006-11-02 13:02:04 . 2009-11-19 22:00:25 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2006-11-02 13:02:04 . 2009-11-22 19:02:51 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2006-11-02 13:02:04 . 2009-11-19 22:00:25 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2006-11-02 13:02:04 . 2009-11-22 19:02:51 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-05-17 19:54:20 . 2009-11-21 21:20:30 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-05-17 19:54:20 . 2009-11-17 21:33:33 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-05-17 19:54:20 . 2009-11-17 21:33:33 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-05-17 19:54:20 . 2009-11-21 21:20:30 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-05-17 19:54:20 . 2009-11-21 21:20:30 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-05-17 19:54:20 . 2009-11-17 21:33:33 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2007-04-24 05:54:43 . 2009-11-17 12:59:05 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2007-04-24 05:54:43 . 2009-11-22 09:29:05 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2007-04-24 05:54:43 . 2009-11-22 09:29:05 32768 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2007-04-24 05:54:43 . 2009-11-17 12:59:05 32768 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2007-04-24 05:54:43 . 2009-11-22 09:29:05 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2007-04-24 05:54:43 . 2009-11-17 12:59:05 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2006-11-02 10:25:05 . 2009-11-18 22:44:54 86016 C:\Windows\inf\infstor.dat
    + 2006-11-02 10:25:05 . 2009-11-22 10:52:43 86016 C:\Windows\inf\infstor.dat
    + 2006-11-02 10:25:05 . 2009-11-22 10:52:43 51200 C:\Windows\inf\infpub.dat
    - 2006-11-02 10:25:05 . 2009-11-18 22:44:54 51200 C:\Windows\inf\infpub.dat
    + 2007-05-05 22:30:20 . 2009-11-22 15:02:56 6856 C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    + 2008-03-09 14:59:36 . 2009-11-21 20:39:55 1944 C:\Windows\System32\WDI\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}.bin
    - 2009-11-19 17:59:58 . 2009-11-19 17:59:58 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-11-22 17:23:57 . 2009-11-22 18:44:54 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-11-22 17:23:56 . 2009-11-22 18:44:54 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-11-19 17:59:58 . 2009-11-19 17:59:58 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-11-17 11:06:40 . 2009-11-21 19:15:21 2560 C:\Windows\_MSRSTRT.EXE
    - 2008-11-17 11:06:40 . 2008-11-17 11:06:42 2560 C:\Windows\_MSRSTRT.EXE
    + 2009-01-18 23:02:35 . 2009-11-21 10:25:59 342710 C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2006-11-02 10:33:01 . 2009-11-19 19:32:28 600378 C:\Windows\System32\perfh009.dat
    + 2006-11-02 10:33:01 . 2009-11-22 09:34:20 600378 C:\Windows\System32\perfh009.dat
    - 2006-11-02 10:33:01 . 2009-11-19 19:32:28 105852 C:\Windows\System32\perfc009.dat
    + 2006-11-02 10:33:01 . 2009-11-22 09:34:20 105852 C:\Windows\System32\perfc009.dat
    - 2009-05-13 19:08:51 . 2009-11-17 13:28:55 245760 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-05-13 19:08:51 . 2009-11-22 13:35:22 245760 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2006-11-02 10:25:05 . 2009-11-22 10:52:43 143360 C:\Windows\inf\infstrng.dat
    - 2006-11-02 10:25:05 . 2009-11-18 22:44:54 143360 C:\Windows\inf\infstrng.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-04-13 13:47:14 121392 ----a-w- C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 12:59:07 68856]
    "Acer Tour Reminder"="" [BU]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-14 18:38:48 151552]
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-7 528384]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
  • GunJack
    GunJack Posts: 11,896 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    not known combofix crash like that before.....can you re-run it without the script ??

    if not, might have to go to Dr Web...
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • jewls
    jewls Posts: 165 Forumite
    GunJack wrote: »
    not known combofix crash like that before.....can you re-run it without the script ??

    if not, might have to go to Dr Web...


    hi

    how do i do that...must admit i am learning more and more about comptors now. but tell me how to do that lol thanks for your help it is much much appreciated


    jue
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Download and run the FREE version of DR WEB
    http://www.freedrweb.com/download+cureit/gr/
    It will auto QUICK scan
    After that set to scan the WHOLE computer and press the 'play' icon

    ***DO NOT UPGRADE TO FULL VERSION***
    :idea:
  • jewls
    jewls Posts: 165 Forumite
    aliEnRIK wrote: »
    Download and run the FREE version of DR WEB
    http://www.freedrweb.com/download+cureit/gr/
    It will auto QUICK scan
    After that set to scan the WHOLE computer and press the 'play' icon

    ***DO NOT UPGRADE TO FULL VERSION***

    hi

    did what you said, left it on overnight and day, it still had some issues on it which was dealt with, after all which has been done for me.. i think the computor is working a lot better now,i have more knowledge to deal with things. the only thing is the internet explorer still keeps closing but this happens on my sons computor so i think it just might be one of those things..my sons computor is new and he has anti virus i am happy with the outcome and after all you have help me a lot and cant thank you enough alienrik

    many many thanks to you

    and all the other people involved on this site

    god bless

    jue
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    It shouldnt shut down on you though. I would guess you have a 'plug in' thats affecting them both. Id suggest resetting Internet explorer

    I would also suggest you download FIREFOX to use in place of IE (Most of us find it much better)
    :idea:
  • jewls
    jewls Posts: 165 Forumite
    aliEnRIK wrote: »
    It shouldnt shut down on you though. I would guess you have a 'plug in' thats affecting them both. Id suggest resetting Internet explorer

    I would also suggest you download FIREFOX to use in place of IE (Most of us find it much better)
    well i know i said i know a lot but? how do i reset the internet explorer also what is a plug in maybe i can sort it then,, and the other thing you said firefox i thought this stopped thing coming through ? can you enlighten me

    if so i might not bother you anymore lol
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.2K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.3K Spending & Discounts
  • 245.3K Work, Benefits & Business
  • 601K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 259.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture