Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 37

Thread: How to remove SelectionLinks 4.2

  1. #21
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please uninstall Chrome via Control Panel's Programs And Features functionality and then do the following:


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    Folder::
    C:\Documents and Settings\Weeblie Watson\Local Settings\Application Data\Google\Chrome
    c:\program files\google\chrome

    Save this as

    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).

    Then post the resultant log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  2. #22
    Junior Member
    Join Date
    Apr 2013
    Posts
    22

    Default Log from combofix

    ComboFix 13-04-29.01 - Weeblie Watson 30/04/2013 10:24:57.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1934 [GMT 1:00]
    Running from: c:\documents and settings\Weeblie Watson\My Documents\DOWNLOADS\ComboFix.exe
    Command switches used :: c:\combifix logs\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 )))))))))))))))))))))))))))))))
    .
    .
    2013-04-28 13:48 . 2013-04-28 13:48 2848867 ----a-w- c:\program files\Outlook Express\slide 2.exe
    2013-04-28 13:39 . 2013-04-28 13:39 2850339 ----a-w- c:\program files\Outlook Express\slide.exe
    2013-04-28 13:07 . 2013-04-28 13:07 -------- d-----w- c:\documents and settings\Weeblie Watson\Application Data\FastStone
    2013-04-28 13:06 . 2013-04-28 13:06 -------- d-----w- c:\program files\FastStone Image Viewer
    2013-04-28 11:56 . 2013-04-28 19:46 -------- d-----w- c:\documents and settings\Weeblie Watson\Application Data\vlc
    2013-04-28 11:55 . 2013-04-28 11:55 -------- d-----w- c:\program files\VideoLAN
    2013-04-28 11:54 . 2013-04-28 11:54 -------- d-----w- c:\program files\Common Files\Java
    2013-04-28 11:37 . 2013-04-28 11:36 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-04-28 11:37 . 2013-04-28 11:36 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-04-26 14:15 . 2013-04-26 14:15 -------- d-----w- C:\CLEAN
    2013-04-23 09:51 . 2013-04-23 09:51 -------- d-----w- c:\program files\Common Files\Skype
    2013-04-18 10:41 . 2013-04-30 09:24 -------- d-----w- C:\Combifix logs
    2013-04-04 17:37 . 2013-04-17 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2013-04-04 17:37 . 2013-04-04 17:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2013-04-04 16:12 . 2013-04-04 16:13 -------- d-----w- c:\program files\ERUNT
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-28 11:36 . 2012-09-22 20:51 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-04-28 11:36 . 2010-04-16 11:46 788896 ----a-w- c:\windows\system32\deployJava1.dll
    2013-04-04 13:50 . 2010-04-16 11:56 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-08 08:36 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
    2013-03-07 01:32 . 2003-07-16 20:39 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-07 00:50 . 2002-08-29 01:04 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-03-02 01:25 . 2003-07-16 20:51 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-02-27 07:56 . 2009-10-22 17:29 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2013-02-24 19:03 . 2003-07-16 20:51 832512 ----a-w- c:\windows\system32\wininet.dll
    2013-02-24 19:03 . 2003-07-16 20:30 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-24 19:03 . 2012-03-07 21:02 78336 ----a-w- c:\windows\system32\ieencode.dll
    2013-02-24 19:03 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
    2013-02-12 00:32 . 2009-10-22 18:14 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
    2013-02-12 00:32 . 2003-07-16 20:49 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-04-12 11:30 . 2013-04-12 11:30 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 1630208]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Weeblie Watson\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Weeblie Watson^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\Weeblie Watson\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]
    2012-03-01 22:59 285072 ----a-w- c:\program files\Samsung\AllShare\AllShareAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
    2003-08-29 03:59 122880 ------w- c:\windows\BCMSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    2008-04-14 00:12 110592 ------w- c:\windows\system32\bthprops.cpl
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2009-03-18 01:40 767312 ------w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
    2012-11-29 10:32 2086984 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 18:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2003-11-13 12:19 1232946 ------w- c:\program files\Ahead\InCD\InCD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2013-02-20 12:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-05-03 05:46 13529088 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-05-03 05:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-05-03 05:46 1630208 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2013-02-28 17:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "InCDsrv"=2 (0x2)
    "SkypeUpdate"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "gupdatem"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)
    "SamsungAllShareV2.0"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
    "c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
    "c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
    "c:\\Documents and Settings\\Weeblie Watson\\Local Settings\\Application Data\\JDownloader 2.0\\JDownloader2.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 32592]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [28/02/2011 23:25 14776]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 05:12 255968]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 14:19 297168]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03/08/2010 16:23 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03/08/2010 16:23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03/08/2010 16:23 27216]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24/01/2010 16:37 47360]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31/01/2012 16:02 7391072]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28/02/2013 18:45 161384]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [28/01/2013 20:52 13896]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [28/01/2013 20:52 9160]
    S3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\INQ1usbser.sys [20/08/2010 11:33 103680]
    S3 ldiskl;ldiskl;\??\c:\docume~1\WEEBLI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\WEEBLI~1\LOCALS~1\Temp\ldiskl.sys [?]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3D.tmp --> c:\windows\system32\3D.tmp [?]
    S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [02/03/2012 17:00 27584]
    S4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [02/03/2012 17:00 25504]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - JAVAQUICKSTARTERSERVICE
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = hxxp://www.mytalktalk.co.uk
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{903A7D21-B6DF-49AF-A6A5-E8C98A70A224}: NameServer = 62.24.199.13,62.24.199.23
    FF - ProfilePath - c:\documents and settings\Weeblie Watson\Application Data\Mozilla\Firefox\Profiles\2hbx2av0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Google Update - c:\documents and settings\Weeblie Watson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-04-30 10:29
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\3D.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3608)
    c:\windows\system32\WININET.dll
    c:\windows\system32\nview.dll
    c:\windows\system32\NVWRSENG.DLL
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2013-04-30 10:32:15
    ComboFix-quarantined-files.txt 2013-04-30 09:32
    ComboFix2.txt 2013-04-18 10:16
    .
    Pre-Run: 7,630,090,240 bytes free
    Post-Run: 7,702,286,336 bytes free
    .
    - - End Of File - - 2062500D5CF8388CE19BC06514DAB11E

  3. #23
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Reinstall Chrome now and see if the problem still occurs.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #24
    Junior Member
    Join Date
    Apr 2013
    Posts
    22

    Default Selection Links

    Ads seem to have gone however extensions in browser 4.3 selection link still cannot be disabled - tick box greyed out.

  5. #25
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Could you take a screenshot of the Chrome extensions dialog having developer mode checkbox checked, please?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #26
    Junior Member
    Join Date
    Apr 2013
    Posts
    22

    Default chrome screenshot

    Tried several times to post screenshot as pdf file,hope its there this time

  7. #27
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please download the Registry Search tool by clicking on the
    hard drive icon halfway down this page:
    http://www.billsway.com/vbspage/
    Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for kcpnojbo and click OK. Post the logfile from the tool here for me.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #28
    Junior Member
    Join Date
    Apr 2013
    Posts
    22

    Default reg search

    log as requested

  9. #29
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist]
    "1"=-
    [HKEY_USERS\S-1-5-21-1275210071-507921405-725345543-1004\Software\Policies\Google\Chrome\ExtensionInstallForcelist]
    "1"=-

    Save this as

    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
    Then post the resultant log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #30
    Junior Member
    Join Date
    Apr 2013
    Posts
    22

    Default combofix log

    ComboFix 13-05-01.03 - Weeblie Watson 01/05/2013 13:38:21.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1964 [GMT 1:00]
    Running from: c:\documents and settings\Weeblie Watson\My Documents\DOWNLOADS\ComboFix.exe
    Command switches used :: c:\combifix logs\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-04-01 to 2013-05-01 )))))))))))))))))))))))))))))))
    .
    .
    2013-04-28 13:48 . 2013-04-28 13:48 2848867 ----a-w- c:\program files\Outlook Express\slide 2.exe
    2013-04-28 13:39 . 2013-04-28 13:39 2850339 ----a-w- c:\program files\Outlook Express\slide.exe
    2013-04-28 13:07 . 2013-04-28 13:07 -------- d-----w- c:\documents and settings\Weeblie Watson\Application Data\FastStone
    2013-04-28 13:06 . 2013-04-28 13:06 -------- d-----w- c:\program files\FastStone Image Viewer
    2013-04-28 11:56 . 2013-04-28 19:46 -------- d-----w- c:\documents and settings\Weeblie Watson\Application Data\vlc
    2013-04-28 11:55 . 2013-04-28 11:55 -------- d-----w- c:\program files\VideoLAN
    2013-04-28 11:54 . 2013-04-28 11:54 -------- d-----w- c:\program files\Common Files\Java
    2013-04-28 11:37 . 2013-04-28 11:36 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-04-28 11:37 . 2013-04-28 11:36 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-04-26 14:15 . 2013-04-26 14:15 -------- d-----w- C:\CLEAN
    2013-04-23 09:51 . 2013-04-23 09:51 -------- d-----w- c:\program files\Common Files\Skype
    2013-04-18 10:41 . 2013-05-01 12:38 -------- d-----w- C:\Combifix logs
    2013-04-04 17:37 . 2013-04-17 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2013-04-04 17:37 . 2013-04-04 17:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2013-04-04 16:12 . 2013-04-04 16:13 -------- d-----w- c:\program files\ERUNT
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-28 11:36 . 2012-09-22 20:51 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-04-28 11:36 . 2010-04-16 11:46 788896 ----a-w- c:\windows\system32\deployJava1.dll
    2013-04-04 13:50 . 2010-04-16 11:56 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-08 08:36 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
    2013-03-07 01:32 . 2003-07-16 20:39 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-07 00:50 . 2002-08-29 01:04 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-03-02 01:25 . 2003-07-16 20:51 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-02-27 07:56 . 2009-10-22 17:29 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2013-02-24 19:03 . 2003-07-16 20:51 832512 ----a-w- c:\windows\system32\wininet.dll
    2013-02-24 19:03 . 2003-07-16 20:30 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-24 19:03 . 2012-03-07 21:02 78336 ----a-w- c:\windows\system32\ieencode.dll
    2013-02-24 19:03 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
    2013-02-12 00:32 . 2009-10-22 18:14 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
    2013-02-12 00:32 . 2003-07-16 20:49 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-04-12 11:30 . 2013-04-12 11:30 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 1630208]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Weeblie Watson\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Weeblie Watson^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\Weeblie Watson\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]
    2012-03-01 22:59 285072 ----a-w- c:\program files\Samsung\AllShare\AllShareAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
    2003-08-29 03:59 122880 ------w- c:\windows\BCMSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    2008-04-14 00:12 110592 ------w- c:\windows\system32\bthprops.cpl
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2009-03-18 01:40 767312 ------w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
    2012-11-29 10:32 2086984 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 18:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2003-11-13 12:19 1232946 ------w- c:\program files\Ahead\InCD\InCD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2013-02-20 12:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-05-03 05:46 13529088 ----a-w- c:\windows\system32\nvcpl.dll
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •