Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware from Youtube Video Downloader


  • This topic is locked This topic is locked
10 replies to this topic

#1 rtan9897

rtan9897

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 14 January 2014 - 03:55 AM

Hello there,

 

I downloaded a piece of software recently to download YouTube videos and discovered that it was malware, so I uninstalled it.

 

Ever since then, my internet browsers have been malfunctioning. Youtube videos no longer play even when I turn off add-ons such as BetterPrivacy and AdBlock Plus. Sometimes, the browser stops connecting to webpages saying "you cannot connect to the server" until I restart the computer.

 

I'm sorry but I don't remember what the name of the Malware is.

 

DDS.txt log:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.45.2
Run by Richard Chen Temp Lo at 0:46:08 on 2014-01-14
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8076.6358 [GMT -8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Toshiba\Teco\TecoService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\ThpSrv.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba13.msn.com
uWindow Title = Internet Explorer provided by TOSHIBA
uDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = hxxp://toshiba13.msn.com
mWindow Title = Internet Explorer provided by TOSHIBA
mDefault_Page_URL = hxxp://toshiba13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
uRun: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{287EC42B-F913-4358-BEC2-6DE84A67ACFB} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B1DB8DF8-0499-4F98-B6FF-323042E662D0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B1DB8DF8-0499-4F98-B6FF-323042E662D0}\4516E6D27457563747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B1DB8DF8-0499-4F98-B6FF-323042E662D0}\5313836716C656E6369616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B1DB8DF8-0499-4F98-B6FF-323042E662D0}\641696276696870234166656 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{B1DB8DF8-0499-4F98-B6FF-323042E662D0}\E45445745414258363 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\Jaksta\AC\x86\jaudcap.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://toshiba13.msn.com
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-mDefault_Page_URL = hxxp://toshiba13.msn.com
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound 3D] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip" /h
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0m6z1vxe.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Richard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-12-07 01:57; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0m6z1vxe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-9-21 645952]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\Drivers\thpdrv.sys [2012-7-28 48512]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\Drivers\Thpevm.sys [2012-6-25 18304]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2012-9-21 499096]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-9-21 129856]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-21 166720]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-9-24 231752]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe [2012-9-10 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [2012-9-10 126392]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-8-2 390672]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\Teco\TecoService.exe [2012-8-24 291240]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-21 365376]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-11-20 3674864]
R3 FwLnk;FwLnk Driver;C:\windows\System32\Drivers\FwLnk.sys [2012-9-21 9216]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-12-27 169752]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-10-10 449528]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2012-8-9 25568]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-7-13 103936]
R3 NETwNe64;@oem40.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2013-10-31 3346912]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\windows\System32\Drivers\RtsP2Stor.sys [2012-9-21 269968]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-16 43832]
R3 TMachInfo;TMachInfo;C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-7-31 53864]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2012-7-28 458152]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2012-8-9 35296]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-11-20 284912]
S3 usb3Hub;USB-IF USB 3.0 Hub;C:\windows\System32\Drivers\usb3Hub.sys [2012-8-9 48096]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\Drivers\xHCIPort.sys [2012-8-9 188384]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
2014-01-13 19:34:35    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6829D6DC-15B0-468B-AFA2-E6FEF12DD6A2}\mpengine.dll
2014-01-13 11:00:00    10315576    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-01-07 08:45:49    --------    d-----w-    C:\ProgramData\Oracle
2014-01-07 08:45:34    96168    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-31 07:42:30    --------    d-----w-    C:\Users\Richard\AppData\Roaming\SomePDF
2013-12-31 07:42:28    --------    d-----w-    C:\Program Files (x86)\SomePDF
2013-12-30 09:00:05    --------    d-----w-    C:\Users\Richard\AppData\Local\Days of Wonder
2013-12-29 20:34:08    --------    d-----r-    C:\Users\Richard\Google Drive
2013-12-29 20:33:08    --------    d-----w-    C:\Users\Richard\AppData\Local\Google
2013-12-28 07:14:16    --------    d-----w-    C:\AdwCleaner
2013-12-28 05:24:17    --------    d-----w-    C:\Users\Richard\AppData\Local\Freecorder 8 Video
2013-12-28 05:24:14    --------    d-----w-    C:\Users\Richard\AppData\Roaming\Freecorder 8 Video
2013-12-28 05:13:41    --------    d-----w-    C:\Users\Richard\AppData\Local\Jaksta_Technologies_Pty_L
2013-12-28 05:12:08    --------    d-----w-    C:\windows\Jaksta
2013-12-28 05:11:58    --------    d-----w-    C:\Program Files (x86)\Applian Technologies
2013-12-28 05:11:26    --------    d-----w-    C:\Program Files\Freecorder extension x64
2013-12-28 04:34:31    --------    d-----w-    C:\New folder
2013-12-25 07:20:44    --------    d-----w-    C:\ProgramData\IsolatedStorage
2013-12-24 20:18:49    --------    d-----w-    C:\Program Files (x86)\Cisco
2013-12-24 20:15:41    --------    d-----w-    C:\Program Files (x86)\SystemRequirementsLab
2013-12-24 20:10:06    --------    d-----w-    C:\Users\Richard\AppData\Local\ElevatedDiagnostics
2013-12-24 20:01:34    --------    d-----w-    C:\windows\LastGood.Tmp
.
==================== Find3M  ====================
.
2013-12-04 00:53:54    78304    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53:54    694240    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-23 06:43:58    420864    ----a-w-    C:\windows\System32\WMPhoto.dll
2013-11-23 05:05:01    368640    ----a-w-    C:\windows\SysWow64\WMPhoto.dll
2013-11-21 02:01:02    4260592    ----a-w-    C:\windows\System32\wlihvui.dll
2013-11-21 02:01:00    2432752    ----a-w-    C:\windows\System32\iwmssvc.dll
2013-11-19 10:21:41    267936    ------w-    C:\windows\System32\MpSigStub.exe
2013-11-06 23:18:57    4036608    ----a-w-    C:\windows\System32\win32k.sys
2013-11-01 05:38:21    312320    ----a-w-    C:\windows\System32\msieftp.dll
2013-11-01 03:49:24    273408    ----a-w-    C:\windows\SysWow64\msieftp.dll
2013-10-31 14:16:56    3346912    ----a-w-    C:\windows\System32\drivers\NETwew00.sys
2013-10-25 06:19:22    2241536    ----a-w-    C:\windows\System32\wininet.dll
2013-10-25 06:19:12    915968    ----a-w-    C:\windows\System32\uxtheme.dll
2013-10-25 06:17:57    3959808    ----a-w-    C:\windows\System32\jscript9.dll
2013-10-25 04:45:11    1767936    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-10-25 04:43:42    2877952    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-10-19 05:45:45    62976    ----a-w-    C:\windows\System32\imagehlp.dll
2013-10-19 04:04:07    59392    ----a-w-    C:\windows\SysWow64\imagehlp.dll
.
============= FINISH:  0:47:26.27 ===============
 

 

Thank you for your help.

 

Richard

Attached Files



BC AdBot (Login to Remove)

 


#2 rtan9897

rtan9897
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 14 January 2014 - 04:37 AM

The malware is called "Freecorder".



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 PM

Posted 19 January 2014 - 08:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520788 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 PM

Posted 24 January 2014 - 08:05 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

 

Mod Edit:  Topic reopened per PM request by OP - Hamluis.


Edited by hamluis, 28 January 2014 - 03:00 PM.


#5 rtan9897

rtan9897
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 28 January 2014 - 11:55 PM

Hello HelpBot,

 

Yes, I still need help. I was asked by Louis not to post a DDS since I already posted one.

 

I don't have my original Windows 8 CD.

 

Thanks,

Richard



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 29 January 2014 - 04:48 PM

Hello Richard.

Sorry for the delay. Please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#7 rtan9897

rtan9897
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 29 January 2014 - 10:39 PM

Thanks for your help!

 

Here is the FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Richard Chen Temp Lo (administrator) on DURRUTI on 29-01-2014 19:36:04
Running from C:\Users\Richard\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-27] ()
HKCU\...\Run: [NETGEARGenie] - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()
HKCU\...\Run: [GarenaPlus] - "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815464 2014-01-07] (Valve Corporation)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
MountPoints2: {3228f149-4afc-11e3-be9e-00266c2ef4de} - "F:\TL_Bootstrap.exe"
MountPoints2: {fefeaaa2-5ce2-11e2-be7c-00266c2ef4de} - "G:\iStudio.exe"
AppInit_DLLs: C:\windows\Jaksta\AC\x64\jaudcap.dll => C:\windows\Jaksta\AC\x64\jaudcap.dll [311584 2013-12-20] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\windows\Jaksta\AC\x86\jaudcap.dll => C:\windows\Jaksta\AC\x86\jaudcap.dll [264480 2013-12-20] (Jaksta Technologies Pty Ltd)
Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope {8747579D-2F3F-4B16-B0BA-042FB09E7551} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM - {8747579D-2F3F-4B16-B0BA-042FB09E7551} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {8747579D-2F3F-4B16-B0BA-042FB09E7551} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKCU - DefaultScope {8747579D-2F3F-4B16-B0BA-042FB09E7551} URL =
SearchScopes: HKCU - {8747579D-2F3F-4B16-B0BA-042FB09E7551} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0m6z1vxe.default
FF DefaultSearchEngine: DuckDuckGo
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Richard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0m6z1vxe.default\searchplugins\duckduckgo.xml
FF Extension: EPUBReader - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0m6z1vxe.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-03]
FF Extension: DownloadHelper - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0m6z1vxe.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: Firebug - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0m6z1vxe.default\Extensions\firebug@software.joehewitt.com.xpi [2013-08-18]
FF Extension: DuckDuckGo Plus - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0m6z1vxe.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-07-11]
FF Extension: Advertising Cookie Opt-out - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0m6z1vxe.default\Extensions\optout@google.com.xpi [2013-09-20]
FF Extension: Adblock Plus - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0m6z1vxe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-07]
FF Extension: BetterPrivacy - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0m6z1vxe.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-12-29]

==================== Services (Whitelisted) =================

U2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
U2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-24] (NETGEAR)
U2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe [123320 2012-07-23] (Symantec Corporation)
U2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
U2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
U3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation)
U3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] ()
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3346912 2013-10-31] (Intel Corporation)
U3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc.)
U3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
U3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)
U3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
U3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-29 19:36 - 2014-01-29 19:36 - 00014932 _____ C:\Users\Richard\Desktop\FRST.txt
2014-01-29 19:35 - 2014-01-29 19:36 - 00000000 ____D C:\FRST
2014-01-29 19:35 - 2014-01-29 19:35 - 02079744 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2014-01-17 12:15 - 2013-12-06 22:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-01-17 12:15 - 2013-12-06 22:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-17 12:15 - 2013-12-06 21:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-01-17 12:15 - 2013-12-06 21:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 21:46 - 2013-10-30 21:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-01-16 21:46 - 2013-10-30 21:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-01-16 21:46 - 2013-10-30 20:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-01-16 21:46 - 2013-10-30 19:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-01-16 21:46 - 2013-10-27 21:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-01-16 21:46 - 2013-10-27 20:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-01-16 21:46 - 2013-10-13 12:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2014-01-16 21:46 - 2013-08-26 21:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-01-16 21:46 - 2013-08-26 21:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-01-16 21:46 - 2013-08-26 14:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-01-16 21:46 - 2013-08-26 14:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-01-14 00:47 - 2014-01-14 00:47 - 00016827 _____ C:\Users\Richard\Desktop\dds.txt
2014-01-14 00:47 - 2014-01-14 00:47 - 00006104 _____ C:\Users\Richard\Desktop\attach.txt
2014-01-14 00:45 - 2014-01-14 00:45 - 00688992 ____R (Swearware) C:\Users\Richard\Desktop\dds.com
2014-01-07 00:45 - 2014-01-07 00:45 - 00000000 ____D C:\ProgramData\Oracle
2014-01-07 00:45 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-07 00:45 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-07 00:45 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-07 00:45 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-07 00:44 - 2014-01-07 00:45 - 00005521 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-07 00:43 - 2014-01-07 00:43 - 00915368 _____ (Oracle Corporation) C:\Users\Richard\Desktop\jxpiinstall.exe
2013-12-30 23:42 - 2013-12-30 23:42 - 00000000 ____D C:\Users\Richard\AppData\Roaming\SomePDF
2013-12-30 23:42 - 2013-12-30 23:42 - 00000000 ____D C:\Program Files (x86)\SomePDF
2013-12-30 01:00 - 2013-12-30 01:00 - 00000000 ____D C:\Users\Richard\AppData\Local\Days of Wonder

==================== One Month Modified Files and Folders =======

2014-01-29 19:36 - 2014-01-29 19:36 - 00014932 _____ C:\Users\Richard\Desktop\FRST.txt
2014-01-29 19:36 - 2014-01-29 19:35 - 00000000 ____D C:\FRST
2014-01-29 19:35 - 2014-01-29 19:35 - 02079744 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2014-01-29 19:34 - 2012-12-26 22:16 - 01861941 _____ C:\windows\WindowsUpdate.log
2014-01-29 19:34 - 2012-07-26 00:12 - 00000000 ____D C:\windows\system32\sru
2014-01-29 19:33 - 2013-12-29 12:34 - 00000000 ___RD C:\Users\Richard\Google Drive
2014-01-29 19:33 - 2013-12-29 12:33 - 00000938 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 09:14 - 2012-12-27 00:10 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-29 09:13 - 2012-12-26 23:17 - 00000000 ____D C:\Users\Richard\AppData\Local\CrashDumps
2014-01-29 08:48 - 2013-12-29 12:33 - 00000942 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 08:40 - 2012-12-26 22:26 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3829054314-2939892797-2231541473-1001
2014-01-29 08:40 - 2012-07-25 23:28 - 00848230 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-29 08:35 - 2012-07-26 00:12 - 00000000 ____D C:\windows\AUInstallAgent
2014-01-28 22:51 - 2013-08-09 21:16 - 00000000 ____D C:\Users\Richard\AppData\Local\Paint.NET
2014-01-28 20:18 - 2012-07-25 23:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-28 20:17 - 2012-07-25 21:26 - 00524288 ___SH C:\windows\system32\config\BBI
2014-01-27 12:11 - 2012-07-26 00:12 - 00000000 ____D C:\windows\rescache
2014-01-26 22:50 - 2012-12-27 00:07 - 00000000 ____D C:\Users\Richard\AppData\Local\PMB Files
2014-01-26 22:50 - 2012-12-27 00:07 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-24 20:21 - 2013-01-16 21:16 - 00000000 ____D C:\Users\Richard\SkyDrive\My Documents\IBT
2014-01-23 08:48 - 2013-01-16 21:16 - 00000000 ____D C:\Users\Richard\SkyDrive\My Documents\Larkspur
2014-01-21 00:24 - 2013-01-16 15:51 - 00000000 ____D C:\Users\Richard\AppData\Roaming\vlc
2014-01-20 21:20 - 2012-07-26 00:12 - 00000000 ____D C:\windows\system32\NDF
2014-01-20 21:16 - 2012-07-26 00:12 - 00000000 ____D C:\windows\WinStore
2014-01-19 23:46 - 2013-02-16 23:38 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-18 23:33 - 2013-02-09 00:00 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-01-18 09:18 - 2013-07-15 10:06 - 00000000 ____D C:\windows\system32\MRT
2014-01-18 09:16 - 2012-12-28 19:13 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-14 00:47 - 2014-01-14 00:47 - 00016827 _____ C:\Users\Richard\Desktop\dds.txt
2014-01-14 00:47 - 2014-01-14 00:47 - 00006104 _____ C:\Users\Richard\Desktop\attach.txt
2014-01-14 00:45 - 2014-01-14 00:45 - 00688992 ____R (Swearware) C:\Users\Richard\Desktop\dds.com
2014-01-14 00:29 - 2012-12-26 22:17 - 00000000 ____D C:\Users\Richard\AppData\Local\VirtualStore
2014-01-09 01:30 - 2013-08-02 00:56 - 00000000 ____D C:\ProgramData\CyberLink
2014-01-09 00:02 - 2013-11-14 21:39 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 00:02 - 2013-11-14 21:39 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-08 23:20 - 2013-08-02 00:56 - 00000000 ____D C:\Users\Richard\AppData\Roaming\CyberLink
2014-01-08 23:18 - 2013-08-02 00:56 - 00000000 ____D C:\Users\Richard\SkyDrive\My Documents\CyberLink
2014-01-08 23:18 - 2013-08-02 00:56 - 00000000 ____D C:\Users\Public\CyberLink
2014-01-07 00:45 - 2014-01-07 00:45 - 00000000 ____D C:\ProgramData\Oracle
2014-01-07 00:45 - 2014-01-07 00:44 - 00005521 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-07 00:45 - 2013-03-19 09:17 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-07 00:43 - 2014-01-07 00:43 - 00915368 _____ (Oracle Corporation) C:\Users\Richard\Desktop\jxpiinstall.exe
2014-01-06 22:51 - 2013-01-16 15:51 - 00000000 ____D C:\Users\Richard\AppData\Roaming\dvdcss
2014-01-06 20:34 - 2013-01-02 01:54 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Azureus
2013-12-30 23:42 - 2013-12-30 23:42 - 00000000 ____D C:\Users\Richard\AppData\Roaming\SomePDF
2013-12-30 23:42 - 2013-12-30 23:42 - 00000000 ____D C:\Program Files (x86)\SomePDF
2013-12-30 01:00 - 2013-12-30 01:00 - 00000000 ____D C:\Users\Richard\AppData\Local\Days of Wonder
2013-12-30 00:59 - 2013-07-11 23:00 - 00000000 ____D C:\ProgramData\Package Cache

Some content of TEMP:
====================
C:\Users\Richard\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Richard\AppData\Local\Temp\bassmod.dll
C:\Users\Richard\AppData\Local\Temp\bitool.dll
C:\Users\Richard\AppData\Local\Temp\dotnetfx 3.5 sp1.exe
C:\Users\Richard\AppData\Local\Temp\FreemakeVideoDownloader_3.5.0.7.exe
C:\Users\Richard\AppData\Local\Temp\i4jdel0.exe
C:\Users\Richard\AppData\Local\Temp\i4jdel1.exe
C:\Users\Richard\AppData\Local\Temp\i4jdel2.exe
C:\Users\Richard\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Richard\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Richard\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Richard\AppData\Local\Temp\mp3el.exe
C:\Users\Richard\AppData\Local\Temp\mpsetup.exe
C:\Users\Richard\AppData\Local\Temp\Paint.NET.3.5.11.Install.exe
C:\Users\Richard\AppData\Local\Temp\Quarantine.exe
C:\Users\Richard\AppData\Local\Temp\switchsetup.exe
C:\Users\Richard\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Richard\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Richard\AppData\Local\Temp\WiseUpdX.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-27 03:02

==================== End Of Log ============================

 

Here is addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by Richard Chen Temp Lo at 2014-01-29 19:37:04
Running from C:\Users\Richard\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7 Grand Steps 0.8.0.62 (x32 Version:  - )
7-Zip 9.22beta (x32 Version:  - )
ActiveState Komodo Edit 8.0.0 (x32 Version: 8.0.0 - ActiveState Software Inc.)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.1.7 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.6 - Atheros Communications Inc.)
Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)
Audio Track Editor (x32 Version: 4.20.0000 - Magic Software)
AVS Audio Editor 7.2 (x32 Version: 7.2.1.487 - Online Media Technologies Ltd.)
AVS Screen Capture version 2.0.1 (x32 Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (x32 Version:  - Online Media Technologies Ltd.)
AVS Video Editor 6 (x32 Version:  - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (x32 Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (x32 Version:  - Online Media Technologies Ltd.)
BioShock (x32 Version:  - 2K Boston)
CDisplayEx 1.9.15 (Version:  - cdisplayex.com)
Chainsaw Warrior (x32 Version:  - Auroch Digital)
Conquest of Elysium 3 (x32 Version:  - Illwinter Game Design)
ConvertHelper 2.2 (x32 Version:  - DownloadHelper)
CyberLink PowerDirector 11 (Version: 11.0.0.3230 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (x32 Version: 11.0.0.3230 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Demigod (x32 Version:  - Gas Powered Games)
DivX Pro 6.8.0 VFW (x32 Version: 6.8.0.14 - )
Dungeons of Dredmor (x32 Version:  - )
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0 (x32 Version:  - Fengtao Software Inc.)
DVDFab 9.0.2.8 (01/03/2013) Qt (x32 Version:  - Fengtao Software Inc.)
Eador. Masters of the Broken World (x32 Version:  - Snowbird Games)
Elder Sign: Omens (x32 Version:  - )
FBReader for Windows (x32 Version:  - )
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
FormatFactory 3.0.1 (x32 Version: 3.0.1 - Free Time)
Fraps (x32 Version:  - )
Freecorder 8 Applications (8.0.1.26) (x32 Version: 8.0.1.26 - Applian Technologies)
Freecorder extension for Firefox (x32 Version: 7.0.0.13 - Applian Technologies, Inc.)
Freecorder extension x64 (x32 Version: 7.0.0.13 - Applian Technologies Inc.)
FTL: Faster Than Light (x32 Version:  - )
GameRanger (HKCU Version:  - GameRanger Technologies)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Gunpoint (x32 Version:  - )
Hammerfight (x32 Version:  - KranX Productions)
Hammerwatch (x32 Version:  - )
Hotline Miami (x32 Version:  - )
Intel® Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel® Processor Graphics (x32 Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (x32 Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (x32 Version: 1.3 - Riot Games)
Left 4 Dead 2 (x32 Version:  - Valve)
Magicka (x32 Version:  - Arrowhead Game Studios)
Mass Effect 2 (x32 Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (x32 Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (x32 Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
MixPad (x32 Version:  - NCH Software)
Monaco (x32 Version:  - )
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
NETGEAR Genie (x32 Version: 2.2.27.1  - NETGEAR Inc.)
Newblue Art Effects for PowerDirector (Version: 2.0 - NewBlue)
Norton PC Checkup (x32 Version: 2.0.18.15 - Symantec Corporation)
Norton Security Dashboard (x32 Version: 1.1.1.9 - Symantec Corporation)
NVIDIA PhysX (x32 Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (x32 Version:  - )
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)
Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (x32 Version: 2.6.0.8 - Pando Networks Inc.)
Papers, Please (x32 Version:  - 3909)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Postmortem: one must die (Extended Cut) (x32 Version:  - )
QuickTime (x32 Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Rhapsody (x32 Version:  - )
Sang-Froid - Tales of Werewolves (x32 Version:  - Artifice Studio)
Scribus 1.4.2 (64bit) (Version: 1.4.2 - The Scribus Team)
Shadowrun Returns (x32 Version:  - Harebrained Schemes)
Small World 2 (x32 Version:  - Days of Wonder)
Solstice Arena (x32 Version:  - Zynga)
Some PDF Images Extract 2.0 (x32 Version:  - SomePDF.com)
Spectromancer: Gathering of Power (x32 Version:  - Apus Software)
SRS Premium Sound Control Panel (Version: 1.12.5000 - SRS Labs, Inc.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Switch Sound File Converter (x32 Version:  - NCH Software)
Synaptics Pointing Device Driver (Version: 16.2.10.5 - Synaptics Incorporated)
System Requirements Lab for Intel (x32 Version: 4.5.15.0 - Husdawg, LLC)
TOSHIBA Application Installer (x32 Version: 9.0.1.4 - TOSHIBA)
Toshiba Book Place (x32 Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA HDD Protection (Version: 2.5.1.1 - Toshiba Corporation)
TOSHIBA Password Utility (x32 Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (x32 Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (x32 Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (x32 Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (x32 Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (x32 Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (x32 Version: 1.1.6 - TOSHIBA)
TurboTax 2012 (x32 Version: 2012.0 - Intuit, Inc)
TurboTax 2012 wcaiper (x32 Version: 012.000.1430 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
VLC media player 2.0.5 (x32 Version: 2.0.5 - VideoLAN)
Vuze (Version: 5.0.0.0 - Azureus Software, Inc.)
WampServer 2.4 (x32 Version:  - Hervé Leclerc (HeL))
Warhammer 40000 - Dawn of War II Gold Edition (x32 Version:  - )
WavePad Sound Editor (x32 Version:  - NCH Software)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies)
Zafehouse: Diaries (x32 Version:  - Screwfly)
微软拼音简捷 2012 流行词汇更新 (KB2723161) (x32 Version: 15.0.1143 - Microsoft)

==================== Restore Points  =========================

07-01-2014 08:43:56 Installed Java 7 Update 45
14-01-2014 11:07:44 Scheduled Checkpoint
18-01-2014 17:15:04 Windows Modules Installer
26-01-2014 03:48:33 Scheduled Checkpoint

==================== Hosts content: ==========================

2012-07-25 21:26 - 2013-07-22 20:23 - 00000851 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {08684AA4-8988-4895-B947-66651CE33336} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {28BC1939-0B0C-4B92-8481-0EE591521BC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29] (Google Inc.)
Task: {45F851D4-592E-4E03-BD73-78068206078E} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {4884884B-EDE8-4D17-8C0E-E9B674C7C325} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\WSCStub.exe
Task: {76955EB7-E03C-4E1F-B320-3B204D6B25D6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B57F3C14-0467-42FE-B760-8B0DC0B80F61} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D5B02235-B36B-4B23-8F1A-6A92C530C907} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {E2484809-56E3-469C-BAD7-3B3A3434FA0B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {E77BE94C-5A72-4FE1-8DDF-E4EA8739A271} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED6D4A30-9469-4B58-A2F4-AB11FCDAEB23} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {FB295971-930A-47F5-A974-9D63EE3BD60E} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {FDA10064-615F-40FF-9A87-A3FB7D29D891} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-25 23:58 - 2012-07-25 23:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 17:38 - 2012-07-18 17:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 18:13 - 2012-08-13 18:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2012-08-06 05:36 - 2012-08-06 05:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-21 21:53 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-11-15 13:58 - 2013-12-19 23:32 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-29 19:33 - 2014-01-29 19:33 - 00098816 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\win32api.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00110080 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\pywintypes27.dll
2014-01-29 19:33 - 2014-01-29 19:33 - 00364544 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\pythoncom27.dll
2014-01-29 19:33 - 2014-01-29 19:33 - 00044032 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\_socket.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 01153024 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\_ssl.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00320512 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\win32com.shell.shell.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00711680 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\_hashlib.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 01175040 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\wx._core_.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00805888 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\wx._gdi_.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00811008 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\wx._windows_.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 01062400 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\wx._controls_.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00735232 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\wx._misc_.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00128512 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\_elementtree.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00127488 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\pyexpat.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00557056 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\pysqlite2._sqlite.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00087040 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\_ctypes.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00119808 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\win32file.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00108544 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\win32security.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00018432 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\win32event.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00038912 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\win32inet.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00122368 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\wx._wizard.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00026624 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\_multiprocessing.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00070656 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\wx._html2.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00010240 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\select.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00686080 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\unicodedata.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00025600 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\win32pdh.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00521680 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\windows._lib_cacheinvalidation.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00011264 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\win32crypt.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00024064 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\win32pipe.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00035840 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\win32process.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00017408 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\win32profile.pyd
2014-01-29 19:33 - 2014-01-29 19:33 - 00022528 _____ () C:\Users\Richard\AppData\Local\Temp\_MEI59722\win32ts.pyd

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 8076.21 MB
Available physical RAM: 6380.66 MB
Total Pagefile: 9292.21 MB
Available Pagefile: 7489 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI10651900F) (Fixed) (Total:688.25 GB) (Free:250.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
==================== End Of Log ============================

 



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 31 January 2014 - 06:08 PM

Ok.
 
 

Step 1
 
Please uninstall some programs:

  • Open the Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    Freecorder 8 Applications
    Freecorder extension for Firefox
    Freecorder extension x64

  • Reboot your computer.

 

 

Step 2
 
Please download Malwarebytes Anti-Malware and save it to your Desktop.

  • Execute the downloaded setup to install MBAM on your computer.
  • Start MBAM with administator privileges.
  • Open the tab Update and click on Check for Updates.
  • Open the tab Scanner, select Perform Quick Scan and press the Scan button.
  • When the scan is finished click on Show results.
  • Make sure that all the malware found is checked and click on Remove selected. Allow a reboot if one is required.
  • When finished MBAM shows a log file. (It can also be found under the Logs tab.)
    Please copy and paste the contents of this log file in your next reply.

 

 

Step 3
 
Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
  • Note: Do not forget to re-enable your antivirus application after running the above scan!


#9 rtan9897

rtan9897
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 07 February 2014 - 04:46 PM

Here are the two logs.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.07.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Richard Chen Temp Lo :: DURRUTI [administrator]

2/7/2014 1:08:33 AM
mbam-log-2014-02-07 (01-08-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280833
Time elapsed: 18 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Users\Richard\AppData\Local\Temp\dLIkVPWy.exe.part (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Richard\AppData\Local\Temp\H4XGEJ_2.exe.part (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Richard\AppData\Local\Temp\mjI0I58G.exe.part (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Richard\AppData\Local\Temp\rOWDuMQV.exe.part (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Richard\AppData\Local\Temp\ZemwPmyl.exe.part (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Richard\AppData\Local\Temp\nsb35B.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Richard\AppData\Local\Temp\nsp1211.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Richard\Local Settings\Temporary Internet Files\Content.IE5\KYE4LUMV\bi_downloader[1].exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.

(end)
 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freecorder extension\AddonsFramework.dll.vir    Win32/Toolbar.Besttoolbars.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\MixPad\mixpad.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\MixPad\mixpadsetup_v3.29.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Switch\switch.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Switch\switchsetup_v4.43.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepad.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.40.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Downloads\Games\Dominions 3\DTLite4413-0173.exe    Win32/OpenCandy potentially unsafe application
C:\Downloads\Programs\cnet2_XeroBank_Installer_exe.exe    a variant of Win32/InstallCore.D potentially unwanted application
C:\Downloads\Programs\DAEMONToolsPro520-0348.exe    Win32/OpenCandy potentially unsafe application
C:\Downloads\Programs\DTLite4461-0328.exe    Win32/DownWare.L potentially unwanted application
C:\Downloads\Programs\FFSetup3.0.1.1.zip    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Downloads\Programs\freecorder8-setup.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Downloads\Programs\FreemakeVideoDownloaderSetup.exe    Win32/OpenCandy potentially unsafe application
C:\Downloads\Programs\FreeTrimMP3.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Downloads\Programs\FreeYouTubeDownloaderInstaller.exe    Win32/Somoto.A potentially unwanted application
C:\Downloads\Programs\GOMPLAYERENSETUP.EXE    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Downloads\Programs\installer_intervideo_windvd_10_(2010)_English.exe    Win32/Toggle potentially unwanted application
C:\Downloads\Programs\Nero-8.2.8.0_eng_trial.exe    Win32/Toolbar.AskSBar potentially unwanted application
C:\Downloads\Programs\nero_6.3.1.20+Keygen+plugin.pt-br.www.614uc0.tk.rar    a variant of Generik.FWDGMIV trojan
C:\Downloads\Programs\SoftonicDownloader_for_videopad-video-editor.exe    Win32/SoftonicDownloader.A potentially unwanted application
C:\Downloads\Programs\wpsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Downloads\Programs\Adobe Photoshop CS2 ISO + Keygen\keygen\keygen_photoshop_cs2.rar    a variant of Win32/Keygen.CW potentially unsafe application
C:\Downloads\Programs\nero_6.3.1.20+Keygen+plugin.pt-br.www.614uc0.tk\trz7ABB.tmp    a variant of Generik.FWDGMIV trojan
C:\Downloads\Vuze Downloads\AVS.Video.Editor.v6.1.2.211.Multilingual.mundomanuales.com.rar    a variant of Win32/HackTool.Patcher.T potentially unsafe application
C:\Downloads\Vuze Downloads\AVS.Video.Editor.v6.1.2.211.Multilingual.mundomanuales.com\AVS.Video.Editor.v6.1.2.211.Multilingual.mundomanuales.com\avs4you.all.products.activator.2011.(v1.1)-mpt.exe    a variant of Win32/HackTool.Patcher.T potentially unsafe application
C:\Downloads\Vuze Downloads\AVS.Video.Editor.v6.1.2.211.Multilingual.mundomanuales.com\AVS.Video.Editor.v6.1.2.211.Multilingual.mundomanuales.com\avs4you.all.products.activator.2011.(v1.1).rar    a variant of Win32/HackTool.Patcher.T potentially unsafe application
C:\Downloads\Vuze Downloads\Nero 7.10.1.0 By M3ZKAL\Nero 7.10.1.0.exe    Win32/Toolbar.AskSBar potentially unwanted application
C:\Program Files\Vuze\bunndle.zip    a variant of Win32/Bunndle potentially unsafe application
C:\Program Files (x86)\AVS4YOU\avs4you.all.products.activator.2011.(v1.1)-mpt.exe    a variant of Win32/HackTool.Patcher.T potentially unsafe application
C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\avs4you.all.products.activator.2011.(v1.1)-mpt.exe    a variant of Win32/HackTool.Patcher.T potentially unsafe application
C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1AYTG38\BiTool[1].dll    Win32/Somoto.B potentially unwanted application
C:\Users\Richard\AppData\Local\Temp\AskPIP_FF_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Richard\AppData\Local\Temp\bitool.dll    Win32/Somoto.B potentially unwanted application
C:\Users\Richard\AppData\Local\Temp\FreemakeVideoDownloader_3.5.0.7.exe    Win32/OpenCandy potentially unsafe application
C:\Users\Richard\AppData\Local\Temp\JScRqWZU.exe.part    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Richard\AppData\Local\Temp\mpsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Richard\AppData\Local\Temp\switchsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Richard\AppData\Local\Temp\Temp1_FFSetup3.0.1.1.zip\FFSetup3.0.1.1.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Richard\Desktop\cbsidlm-tr1_13-Video_Sound_Editor-SEO-10760734.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Richard\Downloads\BO_GPFE_FIX.rar    Win32/Packed.Autoit.C.Gen potentially unwanted application
C:\Users\Richard\Downloads\CDisplayExSetupWin64.exe    Win32/InstallMonetizer.AF potentially unwanted application
 



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 10 February 2014 - 04:15 AM

How is your computer running now? Do you still experience any symptoms?

#11 rtan9897

rtan9897
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 10 February 2014 - 01:24 PM

The main symptom that I am experiencing is that sometimes, after the laptop goes to sleep and I log into Windows 8 again, all the browsers lose the ability to connect to any webpage.

 

I don't have a predictable way of replicating the problem. It's not tied to the length of time the computer is asleep.


It started after I downloaded FreeCorder.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users