Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Think my computer is infected

  • This topic is locked This topic is locked
31 replies to this topic

#1 cooleyboy


  • Members
  • 16 posts
  • Local time:11:55 PM

Posted 24 July 2013 - 03:24 AM

I use Avast anti virus, but my computer got really slow lately. Especially my yahoo email, it takes a few tries before it opens. It seems to be getting slower daily. I've used Malwarebites Anti-Malware a few days ago and it did found some issues which I deleted. I also ran Adware Removal, the logs are here:

# AdwCleaner v2.306 - Logfile created 07/24/2013 at 00:36:54
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Basic Service Pack 1 (64 bits)
# User : Ryan - RYAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Ryan\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\Users\Public\Desktop\jZip.lnk
File Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\14cbsxjx.default\searchplugins\SearchResults.xml
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Program Files (x86)\Windows jZip Toolbar
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
Folder Deleted : C:\Users\Ryan\AppData\Local\jZip
Folder Deleted : C:\Users\Ryan\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Ryan\AppData\LocalLow\jZip
Folder Deleted : C:\Users\Ryan\AppData\LocalLow\jziptoolbar
Folder Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\14cbsxjx.default\extensions\{1e48c56f-08cd-43aa-a6ef-c1ec891551ab}
Folder Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\14cbsxjx.default\jziptoolbar

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIF0E7~1\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIF0E7~1\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\jZipMediabarTb
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\jZip 102 MediaBar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.jzip.com/ --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\14cbsxjx.default\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxp://search.jzip.com/");
Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q=");

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.


AdwCleaner[S1].txt - [5190 octets] - [24/07/2013 00:36:54]

########## EOF - C:\AdwCleaner[S1].txt - [5250 octets] ##########


then I ran junkware removal. the log is here:

Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Home Basic x64
Ran by Ryan on Wed 07/24/2013 at  0:43:40.60


~~~ Services


~~~ Registry Values


~~~ Registry Keys


~~~ Files


~~~ Folders

Successfully deleted: [Folder] "C:\Users\Ryan\appdata\locallow\datamngr"


~~~ FireFox

Successfully deleted: [File] C:\Users\Ryan\AppData\Roaming\mozilla\firefox\profiles\14cbsxjx.default\invalidprefs.js
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Emptied folder: C:\Users\Ryan\AppData\Roaming\mozilla\firefox\profiles\14cbsxjx.default\minidumps [74 files]


~~~ Event Viewer Logs were cleared



Scan was completed on Wed 07/24/2013 at  0:51:25.13
End of JRT log


What should I do next? My pages are still having issues loading. Not really sure what to do. thanks

BC AdBot (Login to Remove)


#2 ~Kal~


  • Members
  • 699 posts
  • Gender:Not Telling
  • Location:UK
  • Local time:07:55 AM

Posted 25 July 2013 - 12:19 PM

Hello Cooleyboy


Hello and welcome to Bleeping Computer! I'm Kal and I'll be helping you.

Please bear with me while I review your logs and get back to you with your next steps.

In the meantime, while we're working together there are a few things I'd like you to be aware of:

1. DO NOT run any tools or make any changes to your computer unless instructed to do so.

I'll ask you to run different tools in a specific order to ensure any malware is completely removed from your machine. Running any additional tools, attempting fixes yourself or installing/uninstalling programs etc may interfere with our removal process.

2. Do not attach logs or use code boxes; just copy and paste them into your replies, as it's easier for me to analyze the logs.

3. Please be sure to read my instructions carefully and follow the steps in the order I list them. If you run into any problems, please stop and let me know.

4. Even if things appear to be better, your computer may still be infected. Please continue to follow my instructions and reply back until I give you the "all clean".

If any of the instructions I provide aren't clear, or there's something you don't understand, please do ask.

If you are already being helped elsewhere (on this site or another forum) or have resolved the issue, please let me know so I can close this topic.




Please bear in mind I'm in the UK so our timezones may not always sync.
If I'm helping you and haven't replied within 24 hrs please send me a pm

#3 ~Kal~


  • Members
  • 699 posts
  • Gender:Not Telling
  • Location:UK
  • Local time:07:55 AM

Posted 25 July 2013 - 02:27 PM

Hello Cooleyboy
Thanks for waiting

I would like to see some more information about what is happening in your machine. Please perform the following scan:


Please download DDS by sUBs from one of the following links and save it to your desktop:


  • Double click on the DDS icon and allow it to run.
  • Click on Start.
  • Make sure both the dds.txt and attach.txt boxes are ticked
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open a logfile.
  • You can find the logfile on your desktop as well.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please copy and paste both logs into your next post


Also you mention that you have run malwarebytes and it cleared out a few things. I'd like to see the log from that scan, if you still have it. Logs can be found here:

 C:\ProgramData\Malwarebytes\Malwarebytes'Anti-Malware\Logs\mbam-log-yyyy-mm-dd (the date of the last scan you ran)

So in your next post I would like to see:


- The dds.txt and attach.txt logs

- A copy of he malwarebytes log if you still have it




Please bear in mind I'm in the UK so our timezones may not always sync.
If I'm helping you and haven't replied within 24 hrs please send me a pm

#4 cooleyboy

  • Topic Starter

  • Members
  • 16 posts
  • Local time:11:55 PM

Posted 25 July 2013 - 09:13 PM

DDS (Ver_2012-11-20.01)
Microsoft Windows 7 Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 6/18/2011 1:59:55 AM
System Uptime: 7/24/2013 12:37:53 AM (43 hours ago)
Motherboard: Acer |  | Aspire 5742
Processor: Intel® Core™ i3 CPU       M 380  @ 2.53GHz | CPU | 2533/1066mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 283 GiB total, 182.486 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
Service: aswNdis
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink ™ Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1692&SUBSYS_04871025&REV_01\4&14D14F08&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetLink ™ Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1692&SUBSYS_04871025&REV_01\4&14D14F08&0&00E0
Service: k57nd60a
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Viscosity Virtual Adapter V9.1
Device ID: ROOT\NET\0001
Manufacturer: Sparklabs
Name: Viscosity Virtual Adapter V9.1
PNP Device ID: ROOT\NET\0001
Service: visctap0901
==== System Restore Points ===================
RP196: 7/15/2013 11:15:02 PM - Windows Update
RP197: 7/16/2013 7:19:14 AM - Windows Update
RP198: 7/16/2013 5:12:21 PM - Windows Update
RP199: 7/16/2013 9:42:21 PM - Removed Facebook Messenger 2.1.4814.0
RP200: 7/20/2013 1:32:48 AM - Windows Update
RP201: 7/23/2013 7:40:52 AM - Windows Update
==== Installed Programs ======================
 Update for Microsoft Office 2007 (KB2508958)
Acer Backup Manager
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Airport Mania First Flight
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Backup Manager Basic
Bluetooth Win7 Suite (64)
Broadcom Gigabit NetLink Controller
Canon MP250 series MP Drivers
CyberLink PowerDVD 9
Dream Day First Home
eBay Worldwide
eSobi v2
Facebook Video Calling
Google Chrome
Google Drive
Google Update Helper
Identity Card
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java™ 6 Update 37
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version
Mavis Beacon Teaches Typing Platinum 20
McAfee Security Scan Plus
Merriam Websters Spell Jam
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MyWinLocker Suite
Norton DNS
Norton Online Backup
NTI Media Maker 9
OpenOffice.org 3.3
Picasa 3
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Riverpoint Writer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype™ 5.10
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 1.6.0_37
Run by Ryan at 19:10:56 on 2013-07-25
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.1.1033.18.2807.1063 [GMT -7:00]
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\WiTopia\WiTopiaService.exe
C:\Program Files (x86)\Norton DNS\NortonDNSSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Norton DNS\NortonDNSTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://acer.msn.com
uProxyOverride = 192.168.*.*;<local>
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [cdloader] "C:\Users\Ryan\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Ryan\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NORTON~1.LNK - C:\Program Files (x86)\Norton DNS\NortonDNSTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer =
TCP: Interfaces\{1E67DAD3-A18A-4B11-9320-451F25707871} : NameServer =,
TCP: Interfaces\{1E67DAD3-A18A-4B11-9320-451F25707871} : DHCPNameServer =
TCP: Interfaces\{1E67DAD3-A18A-4B11-9320-451F25707871}\2656C667564656275686F64756C61607162747D656E64737F575966496 : DHCPNameServer =
TCP: Interfaces\{1E67DAD3-A18A-4B11-9320-451F25707871}\358696E6970516E64616D27657563747 : DHCPNameServer =
TCP: Interfaces\{1E67DAD3-A18A-4B11-9320-451F25707871}\9516E676 : NameServer =,
TCP: Interfaces\{1E67DAD3-A18A-4B11-9320-451F25707871}\9516E676 : DHCPNameServer =
TCP: Interfaces\{1E67DAD3-A18A-4B11-9320-451F25707871}\A6279716E6 : NameServer =,
TCP: Interfaces\{1E67DAD3-A18A-4B11-9320-451F25707871}\A6279716E6 : DHCPNameServer =
TCP: Interfaces\{1E67DAD3-A18A-4B11-9320-451F25707871}\B69627368626562776 : NameServer =,
TCP: Interfaces\{1E67DAD3-A18A-4B11-9320-451F25707871}\B69627368626562776 : DHCPNameServer =
TCP: Interfaces\{1E67DAD3-A18A-4B11-9320-451F25707871}\C696E6B637973713 : DHCPNameServer =
TCP: Interfaces\{36BDEC7F-81ED-4945-BB79-96D02DE3FA7A} : NameServer =,
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\14cbsxjx.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Ryan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Ryan\AppData\Local\Google\Update\\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
============= SERVICES / DRIVERS ===============
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-11-12 22600]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-15 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-15 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-5 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-7-5 378944]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-7-5 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-7-5 80816]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-2-22 76448]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-5 46808]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-2-24 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-3-27 867712]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-24 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-17 701512]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 Norton DNS;Norton DNS;C:\Program Files (x86)\Norton DNS\NortonDNSSvc.exe [2010-10-13 97664]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-24 2320920]
R2 WiTopiaService;WiTopia Service;C:\Program Files\WiTopia\WiTopiaService.exe [2012-2-7 60528]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-2-22 28832]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-2-24 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-2-24 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-2-24 287232]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-17 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2013-4-24 255376]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-2-22 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-2-22 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-2-22 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-2-22 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-2-22 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-2-22 280224]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-24 243712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 visctap0901;Viscosity Virtual Adapter V9.1;C:\Windows\System32\drivers\visctap0901.sys [2012-2-7 38368]
=============== Created Last 30 ================
2013-07-25 20:54:06 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC790930-630F-47D0-BDE8-3BC3982C9EE3}\offreg.dll
2013-07-24 07:43:35 -------- d-----w- C:\Windows\ERUNT
2013-07-23 14:41:48 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC790930-630F-47D0-BDE8-3BC3982C9EE3}\mpengine.dll
2013-07-17 13:21:12 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes
2013-07-17 13:20:41 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-17 13:20:39 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-17 13:20:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-17 13:20:23 -------- d-----w- C:\Users\Ryan\AppData\Local\Programs
2013-07-16 14:31:58 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-16 14:31:55 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-16 06:22:35 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-16 06:22:34 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-16 06:22:34 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-16 06:22:34 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-16 06:22:33 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-16 06:22:33 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-16 06:22:32 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-16 06:22:31 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-16 06:22:30 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-16 06:22:29 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-16 06:22:28 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-16 06:21:45 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-16 06:21:36 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-16 06:21:34 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-16 06:20:32 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-16 06:20:31 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
==================== Find3M  ====================
2013-07-02 02:04:55 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-07-02 02:04:55 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-06-12 17:48:07 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-12 17:48:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:59:06 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
============= FINISH: 19:11:26.33 ===============

#5 cooleyboy

  • Topic Starter

  • Members
  • 16 posts
  • Local time:11:55 PM

Posted 25 July 2013 - 09:32 PM

Malwarebytes Anti-Malware (Trial)

Database version: v2013.07.25.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Ryan :: RYAN-PC [administrator]

Protection: Enabled

7/25/2013 7:16:28 PM
mbam-log-2013-07-25 (19-16-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226738
Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)


#6 cooleyboy

  • Topic Starter

  • Members
  • 16 posts
  • Local time:11:55 PM

Posted 25 July 2013 - 09:34 PM

This is the old MalwareBytes log:


Malwarebytes Anti-Malware (Trial)

Database version: v2013.07.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Ryan :: RYAN-PC [administrator]

Protection: Enabled

7/17/2013 6:23:57 AM
mbam-log-2013-07-17 (06-23-57).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 388422
Time elapsed: 1 hour(s), 12 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 25
C:\Program Files (x86)\Funshion Online (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\icon (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\backup (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\Baiduflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\Baiduflash\subflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\Cacheflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\flash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\flashNew (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\flashStamp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\control (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\download (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\historyTorrent (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\007:大破天幕危机 (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\总统杀局-MP4 (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\泰迪熊(120720) (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\罪孽 (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\随波逐流-MP4 (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\Seed (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update (PUP.Funshion) -> Quarantined and deleted successfully.

Files Detected: 117
C:\Users\Ryan\Downloads\FunshionInstall2.4.5.9.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\download\FunshionInstall2.6.1.11.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\download\FunshionInstall2.6.1.17.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\download\FunshionInstall2.6.1.25_kuwo.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\fpsrv.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunShion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionGame2.ico (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.diagnose (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\Funshop2.ico (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\history.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\Cacheflash\blankFs.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\Cacheflash\donghuanew_18.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\flash\DC996574_2866_7E4D_83BF_B1977BBD144B.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\flashNew\0C3909F2_1365_4A4B_A10D_2ED3CB0BC505.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\flashNew\BEAAF34F_637A_F7DE_C7A6_1469171000B8.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\flashNew\DCC0394D_CA46_D7AA_1C0C_DDD3187B2423.date1374034603.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\flashNew\DD586AF9_7C9B_5609_8555_78653CF48F7D.date1373954518.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\flashStamp\c.c (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\10A122B7_05BA_90B1_D88E_1927818D7199.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\10B53C56_F458_8603_FA6D_B68A03B3BFA1.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\12A2E8B7_BE62_0ED5_3F7C_8D7AF0DABE55.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\13D25498_FCE2_2810_4081_81E2CD882773.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\15152D52_AF41_EA6C_D5C5_4EFC91AA18B8.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\1701386C_14E9_99E9_B51F_FE767FDC988E.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\19179C1A_9A37_F492_1760_8578E7A260A6.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\1C932350_3AB9_3ECF_9BC0_45C93CA975E9.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\1F1479D1_3BFE_18C6_647B_9FE2EC029905.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\2CA02E42_717A_7DEC_4B88_CFF6DE8A70F3.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\3313503D_7145_B121_E533_2D791BF284B3.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\33514563_A4E3_74FF_F2F6_E071F767E8B9.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\3AC61048_6355_7227_DC62_62A957EBEE09.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\3ACA25D7_28ED_2186_A883_6A82A9DE7DE9.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\3EB85411_CC5D_DCCE_02B9_4855BA128DBD.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\41579E70_E136_F44B_50E7_823A22437977.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\43A7EDD4_1685_9E7F_055E_73B211914B35.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\47C2CAE1_8CE8_36F8_3E65_F4ECAF2C14B9.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\57BE4633_D1DB_0F73_C5E5_03FF6A08E931.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\5AF266D2_D29C_E695_38ED_70C47D894B84.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\5FF7DD88_5641_E112_0AAA_B6B2331C9DCB.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\661B3E80_D08B_FB29_C772_D9AF81A83128.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\689EAFF2_38CD_436B_ACD1_40E8F5BE9627.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\6AFFB4CC_FE31_019E_4BD2_18BC6902CBF2.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\7A9FD81F_C1D4_C508_55AE_F93818D410F2.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\7CF18629_8575_0DA8_AFB6_B7CB8F9A4494.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\7D9C0386_766E_C8F4_9306_9E656913FA3F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\7EFC6B37_F829_0C27_0135_E0B08A8A765A.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\81CB9AA7_C215_FE29_5647_DE377BF9A56F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\828E04DD_2B63_80D7_5D68_1B249391C503.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\84CD8266_F58A_DCD6_07F2_420D423FCEE6.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\85AAE684_5CC7_84D9_B4CA_D91A15DF0DFD.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\85F27B90_2EE7_BE5D_E634_B20DBE7673CA.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\8F78BFAB_3EC5_3103_5E2A_767891577619.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\9358F874_04C5_68DD_462C_099E68F662A1.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\9820E0FF_C3FF_70F6_5DC8_E7CE06225FBA.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\9EB23085_7D43_50A0_BBEF_C0E8BCF3122A.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\A1D95BB2_BEBC_AA3C_F99F_4AAA0010CDCB.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\A21EE661_FCB4_DA4E_7C59_E5D3275C10D2.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\A5751CF9_E98E_788C_B2D0_D5E359C2C356.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\ADE8AFE3_3CDC_41F3_414E_25C2CA16D33F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\AE2A7C1B_9758_116B_1477_5F3E10ACE5F3.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\B3381750_E20B_FAC8_4979_8C9FBAC15371.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\B57D4C17_E78E_8E67_2153_45B726728733.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\C1C02D49_4B3A_4AC8_FFD0_35D107F5141B.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\C7C50D91_FFB3_5D28_4072_FD48EDA1AE28.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\D88A6452_952D_549A_8176_94EFBB91A5F4.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\DE855470_7B06_8E5A_2ABE_CD04C7005FC3.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\E3F28AE4_04E1_9C4D_A22E_83ED800A02E1.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\EC1DCBC3_0FF0_164F_46A6_86E355E9DCF7.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\F1E66A0B_380C_1F03_D41A_371A7A96D56B.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\F2061921_4526_2152_FC38_1D2F0B176011.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\cache\popwind\FAA5C423_CDAD_56DD_3A2C_CA7353647261.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\control\1347549141_1347549140_.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\control\1347549141_1347549140_.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\control\1353682991_1353682990_.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\control\1353682991_1353682990_.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\control\1365919278_1365919277_.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\control\1365919278_1365919277_.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\control\1368686115_1368686114_.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\control\1368686115_1368686114_.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\ini\httpfile.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\ini\temp_config.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\Install Latest Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\Start Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\007:大破天幕危机\007:大破天幕危机A.mp4 (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\007:大破天幕危机\007:大破天幕危机B.mp4 (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\总统杀局-MP4\总统杀局A.mp4 (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\总统杀局-MP4\总统杀局B.mp4 (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\泰迪熊(120720)\泰迪熊.mp4.fc! (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\罪孽\罪孽.rmvb.fc! (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\随波逐流-MP4\随波逐流A.mp4 (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\随波逐流-MP4\随波逐流B.mp4.fc! (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\media\随波逐流-MP4\随波逐流C.mp4.fc! (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\Seed\18524595_1298539785_405.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\Seed\2332025_1280746791_324.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\Seed\23623226_1316226373_295.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\Seed\24272712_1321264521_619.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\Seed\24570037_1318314775_867.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\Seed\24570037_1318472265_513.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\Seed\24570037_1320393163_873.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\Seed\24570037_1322726366_138.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\Seed\24570037_1324521681_365.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update\AdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update\ad_bsapi.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update\ad_define.fai (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update\ad_define.fai.bak (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update\ad_material.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update\flashParam.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update\flashParam.txt.bak (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update\localad.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update\Pop Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update\popwind.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update\StampPolicy.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Ryan\funshion\update\updatexmlfile.txt (PUP.Funshion) -> Quarantined and deleted successfully.


#7 ~Kal~


  • Members
  • 699 posts
  • Gender:Not Telling
  • Location:UK
  • Local time:07:55 AM

Posted 27 July 2013 - 02:45 AM

Hi Cooleyboy

Thanks for posting the logs. I'm not seeing any signs of malware in your dds log but I'd like to do an online scan just to double check that.

1. Run an online scan with ESET

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Please copy any log ESET makes into your next reply.


2. Some questions

I can see from your logs that you are running a number of toolbars and plugins in your firefox browser, especially security related ones like Avast web rep and McAfee Security Scan Plus.

It may be that the active plugins are slowing your browser down. Can I check with you:

- Is McAfee Security Scan Plus something that you intentionally downloaded, and use?
- Is the slowness you're having on the PC in general or just when on the internet?
- Are you having the same slowness on all browsers or is it just Firefox?

Lets try disabling some plug ins, see if that makes any difference to your speed. Follow the instructions below and try disabling plug ins that you know you don't need (you can always re-enable them if there are problems later)

3. How to disable plugins in Firefox

Note: Disabling a plugin will turn it off without removing it

  • Open a new tab or window in Firefox
  • On the menu bar, click on the Tools menu, and then click Add-ons. The Add-ons Manager tab will open.
  • In the Add-ons Manager tab, select the Plugins panel.
  • Select the plugin(s) you wish to disable, and select Disable.
  • To re-enable the plugin, find it in the list of Plugins and select Enable in its drop-down menu.

Does that make any difference?


So in your next post, please include:


- the ESET log

- answers to the questions I asked above

- let me know whether disabling any plug ins has improved your speed

Many thanks




Please bear in mind I'm in the UK so our timezones may not always sync.
If I'm helping you and haven't replied within 24 hrs please send me a pm

#8 cooleyboy

  • Topic Starter

  • Members
  • 16 posts
  • Local time:11:55 PM

Posted 27 July 2013 - 10:52 PM

Did the esset scan. here is the log:


C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLVK90BP\stubinst_pkg_en-eu[1].cab Win32/OpenCandy application deleted - quarantined
C:\Users\Ryan\AppData\Local\Temp\nscB393.tmp.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Ryan\AppData\Local\Temp\SetupDataMngr_jZip.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\Ryan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-eu.cab Win32/OpenCandy application deleted - quarantined
C:\Users\Ryan\Downloads\jZipV1.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

deleted all of them.

#9 cooleyboy

  • Topic Starter

  • Members
  • 16 posts
  • Local time:11:55 PM

Posted 27 July 2013 - 11:19 PM

I deleted the McAfee security scan and an older version of Java using Revoinstaller.  Disabled add-ons in ff, but still takes about 5 minutes to load a page all the way. tooooo sloooooow. what do you think?

#10 ~Kal~


  • Members
  • 699 posts
  • Gender:Not Telling
  • Location:UK
  • Local time:07:55 AM

Posted 28 July 2013 - 11:48 AM

Hi Cooleyboy


How long have you had this slowness for? Did anything happen before it started ie an update to firefox or anything similar?


What malwarebytes and eset are finding on your computer is adware and nuisance programmes which can hog a lot of resources. You do not appear to be infected, so that leads me to think that the slowness you're having is a problem either with firefox itself or perhaps with your ISP.


Are you having the same problems with other browsers? Try another browser and see what happens. Internet Explorer, or if you don't like IE try Chrome. I'm not suggesting you change your browser from firefox but this is to see whether the problem occurs beyond firefox.


To troubleshoot firefox, we can try starting it in safe mode (note, this is not Windows safe mode, there is no need to reboot your computer). Firefox safe mode temporarily resets some settings, disables add ons, themes etc, so it might help to pinpoint where the problem could be. Instructions on how to do that and what to look for once in safe mode are here. If firefox runs better in safe mode, then we can start narrowing down the culprit a bit more.


Another thing to try might be to reset firefox - instructions on how to do this are here on the mozilla site. Resetting firefox should keep all your bookmarks and passwords although it will wipe any extensions and themes etc that you have loaded. Personally, I would backup my bookmarks first, just in case:

  • In the 'bookmarks' tab at the top of the screen, click on 'show all bookmarks'
  • Click on the 'import and backup' button.
  • Backup and save to a location of your choice (to restore if you need to, click 'import and backup', 'restore', 'chose file - if it isn't already showing in the list - and then browse to where you saved them)

Let me know how you get on, especially if the problem persists in another browser, and whether things are the same in safe mode.




Please bear in mind I'm in the UK so our timezones may not always sync.
If I'm helping you and haven't replied within 24 hrs please send me a pm

#11 cooleyboy

  • Topic Starter

  • Members
  • 16 posts
  • Local time:11:55 PM

Posted 29 July 2013 - 09:27 AM

Well, I do live in China, so there is the great "firewall" here, but I don't experience the same issues on other browsers like IE so I might have to agree that Firefox is the issue. I will attempt to reset it and see what happens. I am away from my laptop for a few days, so it will take a few days to respond.  I'll let you know. Thanks!!

#12 ~Kal~


  • Members
  • 699 posts
  • Gender:Not Telling
  • Location:UK
  • Local time:07:55 AM

Posted 03 August 2013 - 05:00 AM

Hi Cooleyboy, are you still with us? If you have resolved your problem, please let us know. If I don't hear from you within 2 days this topic will be closed.

Please bear in mind I'm in the UK so our timezones may not always sync.
If I'm helping you and haven't replied within 24 hrs please send me a pm

#13 cooleyboy

  • Topic Starter

  • Members
  • 16 posts
  • Local time:11:55 PM

Posted 03 August 2013 - 08:48 PM

I just returned from a trip. Now that I am home, I can look into your suggestions.

#14 cooleyboy

  • Topic Starter

  • Members
  • 16 posts
  • Local time:11:55 PM

Posted 03 August 2013 - 09:12 PM

okay, the safe mode didn't do much for me. So I will definitely try the reset.

#15 cooleyboy

  • Topic Starter

  • Members
  • 16 posts
  • Local time:11:55 PM

Posted 03 August 2013 - 09:23 PM

Nope, nada. Still sloooooow after the reset. any other ideas? thanks!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users