Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ssave, Onu. Is it malware? How to delete it?


  • Please log in to reply
30 replies to this topic

#1 kakangmas

kakangmas

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 10 June 2014 - 11:17 PM

Hi,

 

First of all I'm newbee here. thanks for letting me in.

 

In my chrome extension there is Ssave, Onu which I never intentionally install. I tried many times to delete it with different tools but unfortunately it still there after restart. When it is enable (out of my intention), it generated hyperlink from the text we browse from internet.

 

Need your help in removing this Ssave.

 

on top of that, my laptop recently very slow during shut down. is there any clue what happened?

 

thanks,

ropi 



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:11:15 PM

Posted 11 June 2014 - 08:10 AM

Hi Kakangmas and welcome to BleepingComputer! :)
 
:step1: Download AdwCleaner by Xplode and save to your Desktop. 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button. (only once)
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • NOW : If you're ready to clean it all up.....click the Clean button.(only once)
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

:step2: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

What we need in your next reply:

  • Adwcleaner log
  • JRT log

Thank you.


Edited by Sirawit, 11 June 2014 - 08:10 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 kakangmas

kakangmas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 11 June 2014 - 11:49 PM

Hi Sirawit,

 

Thanks for your reply.

 

________________

# AdwCleaner v3.212 - Report created 12/06/2014 at 11:24:41
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Hp - HP-HP
# Running from : C:\ROPIDOCS\SOFTWARE\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : d0e87c27
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\Broowsoee22savee
Folder Deleted : C:\ProgramData\safeweb
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broowsoee22savee
Folder Deleted : C:\Program Files (x86)\SW-Booster
Folder Deleted : C:\Program Files (x86)\safeweb
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Hp\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Hp\AppData\Local\torch
Folder Deleted : C:\Users\Hp\AppData\LocalLow\Broowsoee22savee
Folder Deleted : C:\Users\Public\Documents\baidu
Folder Deleted : C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\2067c0pi.default\Extensions\ksigomow47@dqppxiu.net
Folder Deleted : C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\2067c0pi.default\Extensions\t0txmjv.e7j@yugflctsb.co.uk
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\acgbdhggmelcahabkgbdlmmiidbablba
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\acgbdhggmelcahabkgbdlmmiidbablba
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\acgbdhggmelcahabkgbdlmmiidbablba
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgndjiepjbbaojjmpjapgpkcicbjneo
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgndjiepjbbaojjmpjapgpkcicbjneo
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgndjiepjbbaojjmpjapgpkcicbjneo
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofdkcdfmlfbnnjahamlgajcgadiifem
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofdkcdfmlfbnnjahamlgajcgadiifem
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofdkcdfmlfbnnjahamlgajcgadiifem
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Babylon.xml
File Deleted : C:\Windows\System32\Tasks\Driver Booster Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\SW-Booster
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\2067c0pi.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "Delta Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Line Deleted : user_pref("extensions.9AyYx7xFV7b.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.[...]
Line Deleted : user_pref("extensions.u2WsET5xiry.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.[...]
Line Deleted : user_pref("keyword.url", "hxxp://websearch.youwillfind.info/?pid=658&r=2013/04/29&hid=3264458161&lg=EN&cc=ID&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.fastosearch.info/?pid=2942&r=2014/06/05&hid=15363358046887968269&lg=EN&cc=ID&unqvl=55&l=1&q=");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1651E006E68D5FB1&affID=123621&tsp=4974");
 
-\\ Google Chrome v35.0.1916.114
 
*************************
 
AdwCleaner[R0].txt - [27314 octets] - [09/02/2014 10:36:05]
AdwCleaner[R1].txt - [1643 octets] - [09/02/2014 10:47:12]
AdwCleaner[R2].txt - [1763 octets] - [21/02/2014 09:11:06]
AdwCleaner[R3].txt - [3834 octets] - [06/03/2014 09:05:10]
AdwCleaner[R4].txt - [2014 octets] - [06/03/2014 09:17:10]
AdwCleaner[R5].txt - [2157 octets] - [24/03/2014 16:50:56]
AdwCleaner[R6].txt - [2918 octets] - [01/04/2014 14:43:11]
AdwCleaner[R7].txt - [7016 octets] - [12/06/2014 11:21:04]
AdwCleaner[S0].txt - [27220 octets] - [09/02/2014 10:41:02]
AdwCleaner[S1].txt - [1603 octets] - [09/02/2014 10:47:39]
AdwCleaner[S2].txt - [1723 octets] - [21/02/2014 09:12:10]
AdwCleaner[S3].txt - [3656 octets] - [06/03/2014 09:06:00]
AdwCleaner[S4].txt - [1974 octets] - [06/03/2014 09:19:04]
AdwCleaner[S5].txt - [2121 octets] - [24/03/2014 16:51:34]
AdwCleaner[S6].txt - [2892 octets] - [01/04/2014 14:44:07]
AdwCleaner[S7].txt - [6807 octets] - [12/06/2014 11:24:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [6867 octets] ##########
 

________________

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Hp on 12/06/2014 at 11:33:35,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2825943287-3271621894-341339423-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSatToolbar_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSatToolbar_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSatToolbar_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSatToolbar_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Hp\AppData\Roaming\mozilla\firefox\profiles\2067c0pi.default\extensions\staged
Successfully deleted the following from C:\Users\Hp\AppData\Roaming\mozilla\firefox\profiles\2067c0pi.default\prefs.js
 
user_pref("extensions.u2WsET5xiry.url", "hxxp://jpisyncs.info/sync2/?q=hfZ9ofV9CShEAen0rTwGqchTB6lKDzt4okVwtNtVh7n0rjnEqdaFrdrHpjrHtMFHhd9Fqda8rdCErdw4rHnMDMlGojUMAe4UojCHrHs5
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/06/2014 at 11:38:40,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

________________

 

however, I still found Ssave, Onu in my chrome extension. 

 

please advise.

 

thanks & regards,

kakangmas



#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:11:15 PM

Posted 12 June 2014 - 06:11 AM

It removed a lot of things, but I'm concerning about some entries, please do this scan for me.

 

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
Click Go and copy / paste the result (Result.txt).

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 kakangmas

kakangmas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 13 June 2014 - 08:33 PM

Hi Sirawit,

 

thanks for your help.

 

Please find below the results:

MiniToolBox by Farbar  Version: 13-06-2014
Ran by Hp (administrator) on 14-06-2014 at 08:28:52
Running from "C:\ROPIDOCS\SOFTWARE"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/14/2014 07:12:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/13/2014 06:21:07 PM) (Source: ESENT) (User: )
Description: DllHost (3908) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Hp\AppData\Local\Microsoft\Windows\WebCache\V0100003.log.
 
Error: (06/13/2014 06:20:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/13/2014 06:34:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2014 06:36:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2014 00:35:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: egui.exe, version: 5.0.2225.0, time stamp: 0x52526cc8
Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcdd833
Exception code: 0xc000000d
Fault offset: 0x000000000001e090
Faulting process id: 0x938
Faulting application start time: 0xegui.exe0
Faulting application path: egui.exe1
Faulting module path: egui.exe2
Report Id: egui.exe3
 
 
System errors:
=============
Error: (06/14/2014 07:12:21 AM) (Source: Service Control Manager) (User: )
Description: The Layanan Google Update (gupdate) service failed to start due to the following error: 
%%3
 
Error: (06/14/2014 07:12:18 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error: 
%%3
 
Error: (06/13/2014 06:19:54 PM) (Source: Service Control Manager) (User: )
Description: The Layanan Google Update (gupdate) service failed to start due to the following error: 
%%3
 
Error: (06/13/2014 06:19:51 PM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error: 
%%3
 
Error: (06/13/2014 06:34:36 AM) (Source: Service Control Manager) (User: )
Description: The Layanan Google Update (gupdate) service failed to start due to the following error: 
%%3
 
Error: (06/13/2014 06:34:33 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error: 
%%3
 
Error: (06/12/2014 06:34:54 PM) (Source: Service Control Manager) (User: )
Description: The Layanan Google Update (gupdate) service failed to start due to the following error: 
%%3
 
Error: (06/12/2014 06:34:51 PM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error: 
%%3
 
Error: (06/12/2014 06:25:36 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
Error: (06/10/2014 06:07:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 6712 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error: (05/12/2014 05:22:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 10219 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error: (03/26/2014 09:03:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 47915 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (02/24/2014 09:34:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 51365 seconds with 4860 seconds of active time.  This session ended with a crash.
 
Error: (12/12/2013 09:06:47 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19559 seconds with 1620 seconds of active time.  This session ended with a crash.
 
Error: (11/07/2013 06:36:02 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2056 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (10/02/2013 10:01:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6679.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 49 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/08/2013 09:55:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 45130 seconds with 3840 seconds of active time.  This session ended with a crash.
 
Error: (06/07/2013 08:01:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1310 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error: (05/23/2013 02:25:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 29258 seconds with 3000 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-04 20:20:46.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-04 20:20:46.454
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
 
=========================== Installed Programs ============================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Advanced PDF Utilities Free 6.0.1 (HKLM-x32\...\Advanced PDF Utilities Free_is1) (Version:  - PDFCore Co., Ltd.)
AMD APP SDK Runtime (Version: 10.0.851.6 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{51F9B09B-2FE4-8B3A-628A-0C0654E253AF}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Anti Tracks Free Edition (HKLM\...\AntiTracksFree_is1) (Version:  - Giant Matrix)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.140 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.3300 - Broadcom Corporation)
Catalyst Control Center (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0117.2241.40496 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CSPro 5.0 (HKLM-x32\...\{832410E5-14E8-402C-A364-F9AC34AEA6E0}) (Version: 5.0.1 - U.S. Census Bureau)
Cspro 5_0_003Beta (HKLM-x32\...\Cspro_is1) (Version:  - )
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3917.58 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.2.4725 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dictionary 1.0 (HKLM-x32\...\Dictionary 1.0_is1) (Version: 1.0 - DataMagnet Software Solutions Incorporated)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.4 - IObit)
Encrypt Files v1.5 (HKLM-x32\...\Encrypt Files_is1) (Version:  - PowTools)
ESET Endpoint Security (HKLM\...\{DBBFFE9D-3617-470E-BA6F-B6DEE37B2A72}) (Version: 5.0.2228.1 - ESET, spol. s r.o.)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
EyeDefender 1.08 (HKCU\...\EyeDefender) (Version:  - )
FILEminimizer Suite (HKLM-x32\...\FILEminimizer Suite_is1) (Version:  - balesio AG)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HOMER 2.68 beta (HKLM-x32\...\HOMER_is1) (Version:  - )
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{857F4F6C-3CEF-4E80-8EB5-2DF65DFD8ED9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Help (HKLM-x32\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet Ink Adv 2060 K110 Product Improvement Study (HKLM\...\{CC25768B-BC3C-4D5D-B511-9BE035616B11}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
IBM SPSS Amos 21 (HKLM-x32\...\{304B71E3-1017-4717-86BC-F1D18519FEF2}) (Version: 21.0.0.0 - IBM Corp)
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
iiputils2 2013-08-02-15-30 (HKLM-x32\...\iiputils2_is1) (Version:  - )
Image Optimizer 3.0 (HKLM-x32\...\{07EA4E9F-BD35-4F38-9809-D825B772B833}) (Version: 3.0 - Geeks Ltd)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
IZArc 4.1.8 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.8 - Ivan Zahariev)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
LEAP (HKLM-x32\...\{6A013F64-B1BD-488D-B565-027DEF0C4574}) (Version: 7.00.00037 - Stockholm Environment Institute)
LightScribe  1.4.136.1 (x32 Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
MegaDownloader 0.82 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 0.82 - Andres_age)
Memory Washer 7.1.0 (HKLM-x32\...\Memory Washer_is1) (Version:  - Giant Matrix)
Mendeley Desktop 1.6 (HKLM-x32\...\Mendeley Desktop) (Version: 1.6 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MultiCommander (HKLM\...\MultiCommander) (Version:  - )
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{52F02F20-77E1-41A6-9758-7C8751D880A2}) (Version: 1.4.0 - OLYMPUS IMAGING CORP.)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Compressor (HKLM-x32\...\{74CB4E29-732C-47A6-B9C6-790EC768FCBA}) (Version: 2.7.0.0 - iWesoft)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Protected Folder (HKLM-x32\...\Protected Folder_is1) (Version:  - IObit)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
S2S2013L_A 2014-02-24-11-53 (HKLM-x32\...\S2S2013L_A_is1) (Version:  - )
S2S2013L_B 2014-02-24-11-54 (HKLM-x32\...\S2S2013L_B_is1) (Version:  - )
S2S2013L_C 2014-02-24-11-54 (HKLM-x32\...\S2S2013L_C_is1) (Version:  - )
S2S2013S_A 2013-10-16-11-49 (HKLM-x32\...\S2S2013S_A_is1) (Version:  - )
S2S2013S_B 2013-10-16-11-51 (HKLM-x32\...\S2S2013S_B_is1) (Version:  - )
S2S2013S_C 2013-10-16-11-52 (HKLM-x32\...\S2S2013S_C_is1) (Version:  - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SMADAV version 9.6.1 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 9.6.1 - SmadSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Theme Manager v 1.0 (HKLM-x32\...\ThemeManager) (Version:  - )
Ultra Video Joiner 6.4.0311 (HKLM-x32\...\Ultra Video Joiner_is1) (Version:  - Aone Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinUtilities Undelete 3.1 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043A06}_is1) (Version:  - YL Computing, Inc)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 52%
Total physical RAM: 3994.36 MB
Available physical RAM: 1896.46 MB
Total Pagefile: 11992.54 MB
Available Pagefile: 9541.49 MB
Total Virtual: 4095.88 MB
Available Virtual: 3986.16 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:573.97 GB) (Free:194.96 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:21.91 GB) (Free:1.87 GB) NTFS
4 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\HP-HP
 
Administrator            Guest                    Hp                       
 
 
**** End of log ****


#6 kakangmas

kakangmas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 13 June 2014 - 08:47 PM

I attached below the Ssave

 

   Ssave. Onu extension in chrome

I should remove  it manually every time I open chrome.

 

I dont know hot to copy image here. It does not seem work here.

 

thanks



#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:11:15 PM

Posted 14 June 2014 - 12:06 PM

You can upload your picture to sites like imgur.com or flickr.com then post BBCode link here.

 

We need to remove programs using Control Panel Programs and Features

Click "Start" on the taskbar and then click "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Coupon Printer for Windows

Additional instructions can be found here if needed.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 kakangmas

kakangmas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 15 June 2014 - 10:08 PM

Hi Sirawit,

 

Thanks for your help.

I removed "Coupon Printer for Windows" already.

 

overall, the laptop is much faster during start up. However the Ssave,onu (2.14) extension still there everytime I open chrome. The shut down process also still took quite long time (compare to last two months for example).

 

need your further enlightment.

 

thank you.

ropi



#9 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:11:15 PM

Posted 16 June 2014 - 09:49 AM

ok, for now we will try to remove that ssave onu thing out, can you capture image of the screen you see it (or in chrome extensions page) and upload the picture to imgur.com or flickr.com? So I can check further at this point.

 

Note: Attachments is not allow in this forums section.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#10 kakangmas

kakangmas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 16 June 2014 - 08:58 PM

Hi Sirawit,

 

https://www.flickr.com/photos/124688317@N04/

 

Please let me know whether you can view the picture or not.

 

Thank you,

ropi



#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:11:15 PM

Posted 17 June 2014 - 07:58 AM

Pleas try click on that bin button next to the extension and confirm removal, then wait for about 5 minutes and open extension page again, did it comes back?

 

Thank you.

 

NOTE: And yes I can view the picture. :)


Edited by Sirawit, 17 June 2014 - 07:59 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 kakangmas

kakangmas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 17 June 2014 - 05:16 PM

Hi Sirawit,

 

I had been removing it in the setting page every time I open chrome. Unfortunately, after restart (or next time open my laptop) it appears again.

 

I removed the ssave, onu application using Iobit Uninstaller by powerful option and resulted in crash of my laptop. Automaticly the laptop going to the restore point before the uninstallment. Then I uninstalled it in standard way (not the powerful option). Could it be the left over made it appears again? however I can not find the application both in control panel and iobit uninstaller.

 

Thanks,

ropi



#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:11:15 PM

Posted 18 June 2014 - 07:57 AM

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on YesFailure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

Thank you.


Edited by Sirawit, 18 June 2014 - 07:58 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 kakangmas

kakangmas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 19 June 2014 - 12:46 AM

Hi Sirawit,

 

Thanks for your constant support.

 

I did scanned and deleted all this in the Quarantine lists. However, after rebooting, the Ssave extension still there. Is there any other ways to cope with it?

 

please find below the log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 19/06/2014 7:50:33, SYSTEM, HP-HP, Protection, Malware Protection, Starting, 
Protection, 19/06/2014 7:50:34, SYSTEM, HP-HP, Protection, Malware Protection, Started, 
Protection, 19/06/2014 7:50:34, SYSTEM, HP-HP, Protection, Malicious Website Protection, Starting, 
Protection, 19/06/2014 7:51:39, SYSTEM, HP-HP, Protection, Malicious Website Protection, Started, 
Update, 19/06/2014 8:47:30, SYSTEM, HP-HP, Scheduler, Malware Database, 2014.6.18.3, 2014.6.18.11, 
Protection, 19/06/2014 8:47:30, SYSTEM, HP-HP, Protection, Refresh, Starting, 
Protection, 19/06/2014 8:47:30, SYSTEM, HP-HP, Protection, Malicious Website Protection, Stopping, 
Protection, 19/06/2014 8:47:31, SYSTEM, HP-HP, Protection, Malicious Website Protection, Stopped, 
Protection, 19/06/2014 8:48:16, SYSTEM, HP-HP, Protection, Refresh, Success, 
Protection, 19/06/2014 8:48:16, SYSTEM, HP-HP, Protection, Malicious Website Protection, Starting, 
Protection, 19/06/2014 8:48:17, SYSTEM, HP-HP, Protection, Malicious Website Protection, Started, 
Update, 19/06/2014 11:50:00, SYSTEM, HP-HP, Manual, Malware Database, 2014.6.18.11, 2014.6.19.1, 
Protection, 19/06/2014 11:50:02, SYSTEM, HP-HP, Protection, Refresh, Starting, 
Protection, 19/06/2014 11:50:02, SYSTEM, HP-HP, Protection, Malicious Website Protection, Stopping, 
Protection, 19/06/2014 11:50:04, SYSTEM, HP-HP, Protection, Malicious Website Protection, Stopped, 
Protection, 19/06/2014 11:51:48, SYSTEM, HP-HP, Protection, Refresh, Success, 
Protection, 19/06/2014 11:51:52, SYSTEM, HP-HP, Protection, Malicious Website Protection, Starting, 
Protection, 19/06/2014 11:54:31, SYSTEM, HP-HP, Protection, Malicious Website Protection, Started, 
Protection, 19/06/2014 12:33:45, SYSTEM, HP-HP, Protection, Malware Protection, Starting, 
Protection, 19/06/2014 12:33:45, SYSTEM, HP-HP, Protection, Malware Protection, Started, 
Protection, 19/06/2014 12:33:45, SYSTEM, HP-HP, Protection, Malicious Website Protection, Starting, 
Protection, 19/06/2014 12:34:49, SYSTEM, HP-HP, Protection, Malicious Website Protection, Started, 
 
(end)
 
best regards,
ropi


#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:11:15 PM

Posted 19 June 2014 - 04:00 AM

Hmm, this is not the log I want, this is the location of scan log:

 

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users