Page 4 of 4 FirstFirst 1234
Results 31 to 37 of 37

Thread: How to remove SelectionLinks 4.2

  1. #31
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    That seems to be only partial log. Please post a complete one (if that was all the contents then run ComboFix again following the same steps).
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  2. #32
    Junior Member
    Join Date
    Apr 2013
    Posts
    22

    Default combofix log rerun

    ComboFix 13-05-01.03 - Weeblie Watson 01/05/2013 18:48:53.4.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2088 [GMT 1:00]
    Running from: c:\documents and settings\Weeblie Watson\My Documents\DOWNLOADS\ComboFix.exe
    Command switches used :: c:\combifix logs\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-04-01 to 2013-05-01 )))))))))))))))))))))))))))))))
    .
    .
    2013-05-01 17:43 . 2013-05-01 17:43 -------- d-----w- c:\documents and settings\Weeblie Watson\Local Settings\Application Data\Sun
    2013-04-28 13:48 . 2013-04-28 13:48 2848867 ----a-w- c:\program files\Outlook Express\slide 2.exe
    2013-04-28 13:39 . 2013-04-28 13:39 2850339 ----a-w- c:\program files\Outlook Express\slide.exe
    2013-04-28 13:07 . 2013-04-28 13:07 -------- d-----w- c:\documents and settings\Weeblie Watson\Application Data\FastStone
    2013-04-28 13:06 . 2013-04-28 13:06 -------- d-----w- c:\program files\FastStone Image Viewer
    2013-04-28 11:56 . 2013-04-28 19:46 -------- d-----w- c:\documents and settings\Weeblie Watson\Application Data\vlc
    2013-04-28 11:55 . 2013-04-28 11:55 -------- d-----w- c:\program files\VideoLAN
    2013-04-28 11:54 . 2013-04-28 11:54 -------- d-----w- c:\program files\Common Files\Java
    2013-04-28 11:37 . 2013-04-28 11:36 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-04-28 11:37 . 2013-04-28 11:36 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-04-26 14:15 . 2013-04-26 14:15 -------- d-----w- C:\CLEAN
    2013-04-23 09:51 . 2013-04-23 09:51 -------- d-----w- c:\program files\Common Files\Skype
    2013-04-18 10:41 . 2013-05-01 17:48 -------- d-----w- C:\Combifix logs
    2013-04-04 17:37 . 2013-04-17 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2013-04-04 17:37 . 2013-04-04 17:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2013-04-04 16:12 . 2013-04-04 16:13 -------- d-----w- c:\program files\ERUNT
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-28 11:36 . 2012-09-22 20:51 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-04-28 11:36 . 2010-04-16 11:46 788896 ----a-w- c:\windows\system32\deployJava1.dll
    2013-04-04 13:50 . 2010-04-16 11:56 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-08 08:36 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
    2013-03-07 01:32 . 2003-07-16 20:39 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-07 00:50 . 2002-08-29 01:04 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-03-02 01:25 . 2003-07-16 20:51 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-02-27 07:56 . 2009-10-22 17:29 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2013-02-24 19:03 . 2003-07-16 20:51 832512 ----a-w- c:\windows\system32\wininet.dll
    2013-02-24 19:03 . 2003-07-16 20:30 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-24 19:03 . 2012-03-07 21:02 78336 ----a-w- c:\windows\system32\ieencode.dll
    2013-02-24 19:03 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
    2013-02-12 00:32 . 2009-10-22 18:14 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
    2013-02-12 00:32 . 2003-07-16 20:49 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-04-12 11:30 . 2013-04-12 11:30 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 1630208]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Weeblie Watson\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Weeblie Watson^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\Weeblie Watson\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]
    2012-03-01 22:59 285072 ----a-w- c:\program files\Samsung\AllShare\AllShareAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
    2003-08-29 03:59 122880 ------w- c:\windows\BCMSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    2008-04-14 00:12 110592 ------w- c:\windows\system32\bthprops.cpl
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2009-03-18 01:40 767312 ------w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
    2012-11-29 10:32 2086984 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 18:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2003-11-13 12:19 1232946 ------w- c:\program files\Ahead\InCD\InCD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2013-02-20 12:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-05-03 05:46 13529088 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-05-03 05:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-05-03 05:46 1630208 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2013-02-28 17:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "InCDsrv"=2 (0x2)
    "SkypeUpdate"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "gupdatem"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)
    "SamsungAllShareV2.0"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
    "c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
    "c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
    "c:\\Documents and Settings\\Weeblie Watson\\Local Settings\\Application Data\\JDownloader 2.0\\JDownloader2.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 32592]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [28/02/2011 23:25 14776]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 05:12 255968]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 14:19 297168]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03/08/2010 16:23 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03/08/2010 16:23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03/08/2010 16:23 27216]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24/01/2010 16:37 47360]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31/01/2012 16:02 7391072]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28/02/2013 18:45 161384]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [28/01/2013 20:52 13896]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [28/01/2013 20:52 9160]
    S3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\INQ1usbser.sys [20/08/2010 11:33 103680]
    S3 ldiskl;ldiskl;\??\c:\docume~1\WEEBLI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\WEEBLI~1\LOCALS~1\Temp\ldiskl.sys [?]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3D.tmp --> c:\windows\system32\3D.tmp [?]
    S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [02/03/2012 17:00 27584]
    S4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [02/03/2012 17:00 25504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-04-30 15:52 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 15:51]
    .
    2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 15:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = hxxp://www.mytalktalk.co.uk
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{903A7D21-B6DF-49AF-A6A5-E8C98A70A224}: NameServer = 62.24.199.13,62.24.199.23
    FF - ProfilePath - c:\documents and settings\Weeblie Watson\Application Data\Mozilla\Firefox\Profiles\2hbx2av0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-05-01 18:55
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\3D.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1696)
    c:\windows\system32\WININET.dll
    c:\windows\system32\nview.dll
    c:\windows\system32\NVWRSENG.DLL
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2013-05-01 18:57:20
    ComboFix-quarantined-files.txt 2013-05-01 17:57
    ComboFix2.txt 2013-05-01 12:46
    ComboFix3.txt 2013-04-30 09:32
    ComboFix4.txt 2013-04-18 10:16
    .
    Pre-Run: 7,089,876,992 bytes free
    Post-Run: 7,079,510,016 bytes free
    .
    - - End Of File - - 2A5CD7FA6E8E58D499E05CEC09DE60BE

  3. #33
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Good. Please reboot if you haven't done so yet. Then see if Chrome still has that item listed on extensions section.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #34
    Junior Member
    Join Date
    Apr 2013
    Posts
    22

    Default thanks

    Thank you so much,,,its gone from extentions,

  5. #35
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    You're welcome! Let's see the final steps next.


    THESE STEPS ARE VERY IMPORTANT

    Let's reset system restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

    1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    2. Reboot.

    3. Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.
    NOTE: only do this ONCE,NOT on a regular basis


    Let's uninstall adwcleaner:

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.




    Now lets uninstall ComboFix:
    • Click START then RUN
    • Now copy-paste Combofix /uninstall in the runbox and click OK




    UPDATING WINDOWS AND INTERNET EXPLORER

    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.



    Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.



    Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #36
    Junior Member
    Join Date
    Apr 2013
    Posts
    22

    Default Once aagain

    Thanks so much, was driving me mad,done evrything you asked,removed combofix and stuff,updated everything and all is fine,great job

  7. #37
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •