Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome Extension Caused A Problem.Malware?


  • Please log in to reply
23 replies to this topic

#1 Cyrus not the Virus

Cyrus not the Virus

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 18 June 2014 - 02:36 AM

I am reposting my topic from http://www.bleepingcomputer.com/forums/t/538013/google-chrome-extension-caused-a-problemmalware/?p=3397067

 
You can see that even the pasted sentences below are highlighted in light blue.
 

I downloaded a free extension from Google Chrome Web Store called History Calendar made by Russian programmers, it's supposed to allowed the Chrome users to look for older surfing history (3 months or more) and URLs easier. It instead messed up my Chrome.

I had to discard it.

 

Now, SiteAdvisor is not working or displaying in Chrome.

 

Both search results from Google displayed in Internet Explorer and and Google Chrome will be highlighted in blue colour unless Siteadvisor is shut down. Once Siteadvisor is shut down, I am blind even though I have WOT.

 

Whenever, I signed in to email my username also will be highlighted as I typed my password. 

 

I found out from Google search that Google Chrome Web Store is riddled with malicious malware in the shape of extensions (free of course). I should have found earlier but now it's rather late.Damaged done!

 

First, it's annoying to see search results in Google.com and my username highlighted all the time whenever I logged in for my emails, going to forum like bleepingcomputer, or searching for info.

 

Second not only Google Chrome is affected so is Internet Explorer.

 

Third, Siteadvisor is working only on Internet Explorer not on  Google Chrome. I have uninstall and reinstalled Siteadvisor extension a few times on Chrome but now Siteadvisor is still not working at all most of the time.

 

There no redirecting, MBAM scan showed no result of any infection. I tried to search for an answer but no avail.

 

Should I use DDS to see what is going on?

Thank you very much.

 


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:43 AM

Posted 18 June 2014 - 07:03 AM

Hi -

 

Try the following advice links for Google Chrome problems. Do not follow any

 

 

* How to Disable Extensions in Google Chrome - Next How to Uninstall Extensions in Google Chrome
* How To Disable Individual Plug-ins in Google Chrome <- try only if the above does not work
 

 

If the above did not resolve the problem, then create a new browser user profile.
*
How to Create a new browser user profile in Google Chrome
 

 

This is an area to find if you are infected and to offer advice with programs like Malwarebytes etc.

 

Do not post DDS or other logs unless requested.

 

 

Tell us how you go with the above links, so we can look further -



#3 Cyrus not the Virus

Cyrus not the Virus
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 20 June 2014 - 03:47 AM

Hello noknojon,

 

Thank you for the advice.

 

I have already disabled and deleted  the History Calendar extension on Google Chrome.

I  have already disabled and deleted the SiteAdvisor extension. Then reinstalled the SiteAdvisor extension many times.

 

The problem is as long as I use  SiteAdvisor extension for Google Chrome and SiteAdvisor plugin for Internet Explorer.

The search results are highlighted in light blue from all the search engines as long as Siteadvisor is working.

 

If I disabled Siteadvisor extension for Google Chrome and  SiteAdvisor plugin for Internet Explorer , the highlight light blue in colour  will disappear.

Something in  History Calendar extension on Google Chrome had infected in my Windows 7 with something that wants to shutdown Siteadvisor extension for Google Chrome and SiteAdvisor plugin for Internet Explorer.

 

This infection does not allow me to use Siteadvisor extension for Google Chrome and SiteAdvisor plugin for Internet Explorer.

And highlighted my username every time I logged into  an inbox, forums,etc which I am suspecting stealing my passwords.


Edited by Cyrus not the Virus, 20 June 2014 - 04:06 AM.


#4 Cyrus not the Virus

Cyrus not the Virus
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 20 June 2014 - 04:08 AM

May I know how do I check for keyloggers? Do I use AV software or special software?



#5 Cyrus not the Virus

Cyrus not the Virus
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 20 June 2014 - 04:10 AM

For example if I registered with a forum, my username and email address will be  highlighted in yellow or earth colour. 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:43 AM

Posted 20 June 2014 - 06:57 AM

First, it's annoying to see search results in Google.com and my username highlighted all the time whenever I logged in for my emails, going to forum like bleepingcomputer, or searching for info.

From the above result it sounds like you have Remember Me or similar ticked with your logins, and passwords are always remembered when you do that.
 

 

If you are sincere, please click on Google in my signature and search for "how do I check for keyloggers" and you can add "in Windows 8", if you wish.

This will return several million results of advice, programs, and methods to use -



#7 Cyrus not the Virus

Cyrus not the Virus
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 22 June 2014 - 08:44 AM

Thank you very much noknojon.I am going to use CCleaner to clean up my mess.



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:43 AM

Posted 22 June 2014 - 04:36 PM

Sorry but we were a bit busy at the time, but I do believe that the following is true if you check ......

 

From the above result it sounds like you have Remember Me or similar ticked with your logins, and passwords are always remembered when you do that.
 

 

Please download Temp File Cleaner by Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK > Exit, and reboot your computer and finish the cleanup


#9 Cyrus not the Virus

Cyrus not the Virus
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 24 June 2014 - 01:34 AM

Hello noknojon,
Pls do not apologise.I am really grateful and thankful for all your replies besides taking time to answer all my questions. 
 
I did not know until now that my email provider sent all your replies into the spam box.As I check my spam box, I saw all your replies,
 
For the past few days,I relied on the use of the history section link to visit this forum in order to read your reply.
 
Now, I am not using the auto complete of my full username when I logged in to my mail.I will type my full username, the highlighting on yellow ochre will NOT appear.
 
What I did in the past was to type a few alphabets of my full username into the login username box and let the auto complete to display my full username.
 
Next, pointing the cursor at the listed or displayed full username I pressed Enter,I saved typing efforts.The highlighting on yellow ochre will appear inside the login box with my full username. This solved the highlighting problem for the short term not the search results with Siteadvisor on. 
 
Will do and see what will happen.
Thanks.


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:43 AM

Posted 24 June 2014 - 02:08 AM

Hi -

 

First -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

Next -

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
Click Go and copy / paste the result (Result.txt).



#11 Cyrus not the Virus

Cyrus not the Virus
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 28 June 2014 - 02:43 AM

Hi noknojon,

Thank you very much for your replies. I will post the results when I have completed the steps that you have listed.

Thank you for being patient.



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:43 AM

Posted 28 June 2014 - 04:24 PM

OK-

 

Whenever you have 5 minutes of time to spend on it, we will be here.

 

I am having plenty of time / dramas trying to load my Windows Hate, that I finally caved into.



#13 Cyrus not the Virus

Cyrus not the Virus
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 02 July 2014 - 05:49 AM

Hi noknojon,
Sorry to hear that you too have Windows problems.
Thank you for being patient with me. 
 
I ran TFC as told and went online to see if everything remained the same.The problems remained.
Here is the TFC results.
 
Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: All Users
 
User: CCC
->Temp folder emptied: 126689 bytes
->Temporary Internet Files folder emptied: 615906414 bytes
->Java cache emptied: 410309 bytes
->Google Chrome cache emptied: 499467696 bytes
->Flash cache emptied: 65152 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 711240 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2139390 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 139230 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 14442289 bytes
Process complete!


#14 Cyrus not the Virus

Cyrus not the Virus
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 02 July 2014 - 05:51 AM

This is the Security Check by Screen31 checkup.txt

 

 Results of screen317's Security Check version 0.99.85  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Trend Micro Client/Server Security Agent Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 McAfee SiteAdvisor    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 TuneUp Utilities    
 TuneUp Utilities Language Pack (en-GB) 
 TuneUp Utilities    
 Java 7 Update 60  
 Adobe Flash Player 14.0.0.125  
 Adobe Reader XI  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Trend Micro OfficeScan Client pccntmon.exe 
 Trend Micro Client Server Security Agent ntrtscan.exe  
 Trend Micro Client Server Security Agent HostedAgent svcGenericHost.exe 
 Trend Micro Client Server Security Agent HostedAgent HostedAgent.exe 
 Trend Micro Client Server Security Agent tmlisten.exe  
 Trend Micro BM TMBMSRV.exe  
 Trend Micro Client Server Security Agent TmProxy.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 6% 
````````````````````End of Log`````````````````````` 


#15 Cyrus not the Virus

Cyrus not the Virus
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 02 July 2014 - 05:54 AM

MiniToolBox is very good but something is preventing some errors being  shown on this log as the errors were being shown on my screen.

 

MiniToolBox by Farbar  Version: 20-06-2014
Ran by CCC (administrator) on 30-06-2014 at 20:32:17
Running from "C:\Users\CCC\Downloads"
Microsoft Windows 7 Home Basic  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/30/2014 03:32:32 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16921 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 190c
 
Start Time: 01cf9435311bbee1
 
Termination Time: 53
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (06/22/2014 08:29:06 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16921 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1770
 
Start Time: 01cf8e154fc979a1
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (06/19/2014 06:04:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: OneClick.exe, version: 9.0.6000.20, time stamp: 0x4de53699
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002dfe4
Faulting process id: 0x1a4c
Faulting application start time: 0xOneClick.exe0
Faulting application path: OneClick.exe1
Faulting module path: OneClick.exe2
Report Id: OneClick.exe3
 
Error: (06/18/2014 06:00:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: sftservice.EXE, version: 1.0.82.72, time stamp: 0x4e45499a
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0x73c
Faulting application start time: 0xsftservice.EXE0
Faulting application path: sftservice.EXE1
Faulting module path: sftservice.EXE2
Report Id: sftservice.EXE3
 
Error: (06/17/2014 03:24:47 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16921 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 8c4
 
Start Time: 01cf89fcf30d38cc
 
Termination Time: 10
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (06/14/2014 04:17:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: FutureDiGital Internet.exe, version: 1.0.0.1, time stamp: 0x49152ef7
Faulting module name: NDISAPI.dll_unloaded, version: 0.0.0.0, time stamp: 0x4b206da1
Exception code: 0xc0000005
Fault offset: 0x02f3fa40
Faulting process id: 0x1578
Faulting application start time: 0xFutureDiGital Internet.exe0
Faulting application path: FutureDiGital Internet.exe1
Faulting module path: FutureDiGital Internet.exe2
Report Id: FutureDiGital Internet.exe3
 
 
Error: (06/14/2014 03:51:48 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16866 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 72c
 
Start Time: 01cf87a5491fdd8e
 
Termination Time: 16
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (06/08/2014 01:39:19 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c28
 
Start Time: 01cf82bc144dd9da
 
Termination Time: 2450
 
Application Path: C:\windows\Explorer.EXE
 
Report Id: 104121f8-eecf-11e3-972d-001e101f50a4
 
Error: (06/06/2014 09:17:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: McChHost.exe, version: 3.7.0.128, time stamp: 0x535937af
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002dfe4
Faulting process id: 0xc68
Faulting application start time: 0xMcChHost.exe0
Faulting application path: McChHost.exe1
Faulting module path: McChHost.exe2
Report Id: McChHost.exe3
 
Error: (05/31/2014 09:28:21 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16866 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9d0
 
Start Time: 01cf7cd3b17e9299
 
Termination Time: 11
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
 
System errors:
=============
Error: (06/30/2014 07:39:34 PM) (Source: Service Control Manager) (User: )
Description: Adobe Acrobat Update Service1
 
Error: (06/30/2014 07:35:23 PM) (Source: Service Control Manager) (User: )
Description: 30000SftService
 
Error: (06/30/2014 07:34:53 PM) (Source: Service Control Manager) (User: )
Description: 30000SftService
 
Error: (06/30/2014 06:30:03 PM) (Source: Service Control Manager) (User: )
Description: 30000SftService
 
Error: (06/30/2014 06:29:32 PM) (Source: Service Control Manager) (User: )
Description: 30000SftService
 
Error: (06/30/2014 02:36:45 PM) (Source: Service Control Manager) (User: )
Description: Windows Update
 
Error: (06/30/2014 02:31:35 PM) (Source: Service Control Manager) (User: )
Description: 30000SftService
 
Error: (06/30/2014 02:31:04 PM) (Source: Service Control Manager) (User: )
Description: 30000SftService
 
Error: (06/28/2014 08:12:23 PM) (Source: Service Control Manager) (User: )
Description: 30000SftService
 
Error: (06/28/2014 08:11:53 PM) (Source: Service Control Manager) (User: )
Description: 30000SftService
 
 
Microsoft Office Sessions:
=========================
Error: (06/30/2014 03:32:32 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16921190c01cf9435311bbee153C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (06/22/2014 08:29:06 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16921177001cf8e154fc979a10C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (06/19/2014 06:04:51 PM) (Source: Application Error)(User: )
Description: OneClick.exe9.0.6000.204de53699ntdll.dll6.1.7601.18247521ea8e7c00000050002dfe41a4c01cf8b07ffd67141C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exeC:\windows\SysWOW64\ntdll.dll26caf2b8-f799-11e3-9e8b-001e101f7fb6
 
Error: (06/18/2014 06:00:57 PM) (Source: Application Error)(User: )
Description: sftservice.EXE1.0.82.724e45499antdll.dll6.1.7601.18247521ea8e7c00000050002e3be73c01cf8adc2e721502C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\windows\SysWOW64\ntdll.dll70d8ec5a-f6cf-11e3-bf13-9439e5d9d965
 
Error: (06/17/2014 03:24:47 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.169218c401cf89fcf30d38cc10C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (06/14/2014 04:17:15 PM) (Source: Application Error)(User: )
Description: FutureDiGital Internet.exe1.0.0.149152ef7NDISAPI.dll_unloaded0.0.0.04b206da1c000000502f3fa40157801cf87a4f9075016C:\Program Files (x86)\FutureDiGital Internet\FutureDiGital Internet.exeNDISAPI.dll4a4ef5d2-f39c-11e3-9e92-001e101f8aaa
 
Error: (06/14/2014 03:51:48 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.1686672c01cf87a5491fdd8e16C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (06/08/2014 01:39:19 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567c2801cf82bc144dd9da2450C:\windows\Explorer.EXE104121f8-eecf-11e3-972d-001e101f50a4
 
Error: (06/06/2014 09:17:03 PM) (Source: Application Error)(User: )
Description: McChHost.exe3.7.0.128535937afntdll.dll6.1.7601.18247521ea8e7c00000050002dfe4c6801cf81894c2a5788C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exeC:\windows\SysWOW64\ntdll.dlld9407a3d-ed7c-11e3-b7b0-001e101fe70e
 
Error: (05/31/2014 09:28:21 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.168669d001cf7cd3b17e929911C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
 
 
=========================== Installed Programs ============================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell Driver Download Manager (HKCU\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DiGi Internet (HKLM-x32\...\DiGi Internet) (Version: 11.300.05.08.311 - Huawei Technologies Co.,Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.190 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Trend Micro Client/Server Security Agent (HKLM-x32\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 3.5.1163 - Trend Micro)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.6000.20 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.6000.20 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-GB) (x32 Version: 9.0.6000.20 - TuneUp Software) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7600 - Broadcom Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
========================= Memory info: ===================================
 
Percentage of memory in use: 61%
Total physical RAM: 1956.27 MB
Available physical RAM: 762.63 MB
Total Pagefile: 3912.54 MB
Available Pagefile: 2607.76 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.7 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:198.93 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\CCC-PC
 
Administrator            CCC                      Guest                    
 
 
**** End of log ****

Edited by Cyrus not the Virus, 02 July 2014 - 06:01 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users