Kguanz
Honorary Members-
Posts
22 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Kguanz
-
thank a lot! After i install all the updates and reboot it show a Microsoft .NET Framework error See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box. ************** Exception Text **************System.Runtime.InteropServices.COMException (0x80040154): Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)) at System.Windows.Forms.UnsafeNativeMethods.CoCreateInstance(Guid& clsid, Object punkOuter, Int32 context, Guid& iid) at System.Windows.Forms.AxHost.CreateWithoutLicense(Guid clsid) at System.Windows.Forms.AxHost.CreateWithLicense(String license, Guid clsid) at System.Windows.Forms.AxHost.CreateInstanceCore(Guid clsid) at System.Windows.Forms.AxHost.CreateInstance() at System.Windows.Forms.AxHost.GetOcxCreate() at System.Windows.Forms.AxHost.TransitionUpTo(Int32 state) at System.Windows.Forms.AxHost.CreateHandle() at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible) at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible) at System.Windows.Forms.Control.CreateControl() at System.Windows.Forms.Control.WmShowWindow(Message& m) at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.ScrollableControl.WndProc(Message& m) at System.Windows.Forms.ContainerControl.WndProc(Message& m) at System.Windows.Forms.Form.WmShowWindow(Message& m) at System.Windows.Forms.Form.WndProc(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) ************** Loaded Assemblies **************mscorlib Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5472 (Win7SP1GDR.050727-5400)----------------------------------------AsusWSPanel Assembly Version: 1.0.0.0 Win32 Version: 1.0.0.0----------------------------------------System Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)----------------------------------------System.Windows.Forms Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5468 (Win7SP1GDR.050727-5400)----------------------------------------System.Drawing Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)----------------------------------------System.Xml Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5476 (Win7SP1GDR.050727-5400)----------------------------------------System.Management Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5420 (Win7SP1.050727-5400)----------------------------------------AxInterop.ShockwaveFlashObjects Assembly Version: 1.0.0.0 Win32 Version: 1.0.0.0----------------------------------------Interop.ShockwaveFlashObjects Assembly Version: 1.0.0.0 Win32 Version: 1.0.0.0---------------------------------------- ************** JIT Debugging **************To enable just-in-time (JIT) debugging, the .config file for thisapplication or computer (machine.config) must have thejitDebugging value set in the system.windows.forms section.The application must also be compiled with debuggingenabled. For example: <configuration> <system.windows.forms jitDebugging="true" /></configuration> When JIT debugging is enabled, any unhandled exceptionwill be sent to the JIT debugger registered on the computerrather than be handled by this dialog box. What does this mean?
-
downloaded and scanned ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x64Ran by Lai on Mon 18/11/2013 at 21:32:57.74~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 18/11/2013 at 21:36:51.24End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
report from security check Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 10.1.6 Adobe Reader out of Date! Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Next step will be?
-
report from adwcleaner # AdwCleaner v3.012 - Report created 16/11/2013 at 15:31:23# Updated 11/11/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Lai - LAI-PC# Running from : C:\Users\Lai\Desktop\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16736 -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\Lai\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1294 octets] - [15/11/2013 00:04:32]AdwCleaner[R1].txt - [1413 octets] - [16/11/2013 15:30:21]AdwCleaner[s0].txt - [329 octets] - [15/11/2013 00:07:34]AdwCleaner[s1].txt - [1350 octets] - [16/11/2013 15:31:23] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1410 octets] ##########
-
i managed to run the combofix. however when i tried to clean with the adwcleaner, my whole computer just hanged. ComboFix 13-11-11.01 - Lai 14/11/2013 23:57:36.4.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8157.5944 [GMT 8:00]Running from: c:\users\Lai\Downloads\ComboFix.exeCommand switches used :: c:\users\Lai\Downloads\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll""c:\users\All Users\Microsoft\Media Tools\MediaIconsOverlays.dll""d:\pro evolution soccer 2013\rld.dll"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\x264 Video Codecc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_kernelDeint.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_liba52.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_libdts.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_libfaad2.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_libmad.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_samplerate.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_unrar.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_vfw.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_vfw.dll.manifestc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_wmv9.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ffdshow.axc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ffdshow.ax.manifestc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ffdshow_license_source_and_credits.txtc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ffmpeg.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ffmpegmt.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\libavcodec.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\libmpeg2_ff.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\libmplayer.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\openIE.jsc:\program files (x86)\x264 Video Codec\Filters\FFDShow\TomsMoComp_ff.dllc:\program files (x86)\x264 Video Codec\Filters\FLVSplitter.axc:\program files (x86)\x264 Video Codec\Filters\Haali\avi.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\avs.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\avss.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\cue2xml.jsc:\program files (x86)\x264 Video Codec\Filters\Haali\dsmux.exec:\program files (x86)\x264 Video Codec\Filters\Haali\dxr.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\gdsmux.exec:\program files (x86)\x264 Video Codec\Filters\Haali\mkunicode.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\mkv2vfr.exec:\program files (x86)\x264 Video Codec\Filters\Haali\mkx.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\mkzlib.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\mmdinfo.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\mmfinfo.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\mp4.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\ogm.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\splitter.axc:\program files (x86)\x264 Video Codec\Filters\Haali\ts.dllc:\program files (x86)\x264 Video Codec\Filters\Mpeg2DecFilter.axc:\program files (x86)\x264 Video Codec\Filters\vsfilter.dllc:\program files (x86)\x264 Video Codec\Filters\WavPackDSDecoder.axc:\program files (x86)\x264 Video Codec\Filters\WavPackDSSplitter.axc:\program files (x86)\x264 Video Codec\main.icoc:\program files (x86)\x264 Video Codec\Uninstall.exec:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dllc:\users\All Users\Microsoft\Media Tools\MediaIconsOverlays.dllc:\windows\PFRO.logd:\pro evolution soccer 2013\rld.dll..((((((((((((((((((((((((( Files Created from 2013-10-14 to 2013-11-14 )))))))))))))))))))))))))))))))..2013-11-14 16:00 . 2013-11-14 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-14 15:53 . 2013-11-14 15:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD6B067A-BE6A-4587-8E11-BF301986BC41}\offreg.dll2013-11-13 15:31 . 2013-11-13 15:31 -------- d-----w- c:\users\Lai\AppData\Roaming\Malwarebytes2013-11-13 15:31 . 2013-11-13 15:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-11-13 15:31 . 2013-11-13 15:31 -------- d-----w- c:\programdata\Malwarebytes2013-11-13 15:31 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-12 14:57 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD6B067A-BE6A-4587-8E11-BF301986BC41}\mpengine.dll2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA}]c:\users\Lai\funshion\funshiontools\FunshionHelper.dll [bU].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096]"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688]"AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064]"OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848]"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]"iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer4"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x]R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S1 GizmoDrv;Gizmo Device Driver; [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-11-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28].2013-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]"ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-11-15 00:01:52ComboFix-quarantined-files.txt 2013-11-14 16:01ComboFix2.txt 2013-11-13 15:28ComboFix3.txt 2013-11-13 13:21ComboFix4.txt 2013-11-12 15:05.Pre-Run: 9,663,119,360 bytes freePost-Run: 9,599,078,400 bytes free.- - End Of File - - 8E217C2BAC3F87F39CFA5B8E59A4AE1A
-
here is the log from ESET C:\Program Files (x86)\x264 Video Codec\Filters\Haali\mmdinfo.dll Win32/Sathurbot.A trojanC:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll Win32/Sathurbot.A trojanC:\Users\All Users\Microsoft\Media Tools\MediaIconsOverlays.dll Win32/Sathurbot.A trojanD:\Pro Evolution Soccer 2013\rld.dll Win32/HackTool.Crack.BB application
-
Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.13.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Lai :: LAI-PC [administrator] Protection: Enabled 13/11/2013 11:33:29 PM mbam-log-2013-11-13 (23-33-29).txt Scan type: Full scan (C:\|D:\|E:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 375136 Time elapsed: 27 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCR\fsp (PUP.Funshion) -> Quarantined and deleted successfully. HKCR\Funshion Task (PUP.Funshion) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (PUP.Funshion) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 23 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\Baiduflash (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\Baiduflash\subflash (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\Cacheflash (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flash (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashStamp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\playhome (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\download (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\screensave (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\Seed (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\serv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\Shortcut (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update (PUP.Funshion) -> Quarantined and deleted successfully. Files Detected: 577 C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\Funshion.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\funshionplugin2.dll.vir (PUP.Funshion) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\FunshionService.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\FunshionUpgrade.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\LangResEnAmerican.dll.vir (PUP.Funshion) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\Funshion\RunningFunshionUpgrade.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion Use Help.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\FunshionDoctor.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Pop Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Uninstall Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Update History.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\1363420162_2064350_macross_1361525818_471.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\1363438846_20749013_macross_1363329136_16.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\1363498040_5581113_23623226_1322028705_208.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\1365217016_3935047_17239948_1264675482_871.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\1366180380_81905749_macross_1366133203_904.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\bbinfo.txt (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\crash_dump.dmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\favorites.fav (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\install.ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\platFormGuid.txt (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\Cacheflash\donghuanew_18.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flash\DC996574_2866_7E4D_83BF_B1977BBD144B.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20130716103038-11026092.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20130906193301-5462519.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20130913202220-19579442.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20130913202629-4821602.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20130918140301-4648194.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20130929114730-15749654.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131008170532-11231835.date1384172771.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131015104921-10110637.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131023173205-13521504.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131024113636-12006585.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131025164031-7897512.date1384172771.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131025181946-7677452.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131030161306-18536717.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131031111844-489203.date1383657600.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131101170904-9172355.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131101171038-13184189.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131101211132-3104178.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131104181904-16778194.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131105174811-79082.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131106183427-19467690.date1384055152.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131106191017-1319084.date1384055152.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131107151129-7548167.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131108164517-19872477.date1384172771.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131111105556-2158030.date1384348125.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131112164907-15472585.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131113162557-14597334.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\playhome\CDC31C17_EDDD_5D25_B71A_0C33B6C566A4.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\playhome\playHome.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\0129141E_970B_C5A1_3F83_C64D2BA24D39.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\01472DBC_2B4D_59E2_941C_110E54377794.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\05E42111_E40F_12F8_A97A_263830365919.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\08602883_07F1_9025_36A5_D01502E607F7.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\08A5EF52_7B9C_6F68_B330_D9471E782147.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\0F4D2788_9530_1F58_BE6A_AE55A2902BB6.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\1121F650_6110_8968_9C82_270CFB3F5B93.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\12D8B180_DF8E_9695_2C45_63DFEE961EE0.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\15332EF0_3B0B_0E8A_2F98_F9843DF4A96E.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\17262EF7_C830_C548_A3D3_5D1B60F69321.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\1C932350_3AB9_3ECF_9BC0_45C93CA975E9.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\22DAE398_9262_0E9D_B51E_16FD9CD5F3FB.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\257AE7CF_5084_7B42_FD32_9FCB606F40BF.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\2985417B_F875_2A19_AFF1_A1FACF97979E.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\29B40C18_FC24_D06D_ABB8_22F31B2C3664.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\2A1A4254_29F0_81A3_078C_60D890C4AFE6.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\2C930878_0495_DF0C_597D_D386ED7D052A.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\2F32544B_0D5B_0463_DE40_BF67F90E75AC.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\33AF91AD_F4FD_19EF_F427_025EC1F7407E.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\361341AC_9536_D8A7_85F3_425D426480F8.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\41579E70_E136_F44B_50E7_823A22437977.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\42717DF6_E097_38B0_A542_04DBA727696C.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\449FD60F_AD69_B650_EC87_54FDC8AF7252.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\46480AC1_9DEB_5C3F_4C3B_13577020CD37.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\468A1698_CA52_0C0F_871A_5F1BCA8C7A4B.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\487BA671_37CD_5283_E281_CE52FCF21BC1.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\4BC3EB4E_AB5D_8FA4_6975_4A9DDB5CD94B.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\4BE0B011_2391_30EE_9CD4_15BDF0D81A49.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\51DA13BB_82A3_7E57_C589_EF6FC194BA49.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\52D6C3AC_2B7D_6B09_8E00_083D9EA375DC.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\5722F2BC_4365_7523_0476_FCAC8FC00A71.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\5AEA230C_F746_3DEE_687C_80FE613D7815.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\5AF83C59_2812_9DC2_9E93_DB608FB9651F.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\5D5CA900_85B9_7FE7_B01F_F82BA948D045.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\5E0636F0_BAA3_D81A_ED73_3F302360C03A.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\60B6563F_4B90_699B_8FB7_E3963A424CF4.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\61A266AA_2DD7_72B7_5E7E_A68BC5688EEE.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\64472E0A_A021_66C0_7A5F_B1C70313866F.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\66A45CFE_8D27_0C53_E8A0_1A161F64A072.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\68A5841C_AFEC_A546_7562_F75DAC4827E0.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\6B7E4A24_CCF4_1770_6516_556A78897556.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\6F349C71_636F_7F59_1824_C21C53F2E963.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\70EBC18A_C453_1307_522E_69B8D7F18DF5.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\72D632DD_A9FB_FC75_FE09_62C7160CBF6A.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\7920093E_94C8_D74D_281D_C61AB4C04C41.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\7A35F37A_6235_85EE_0E18_F9948AE19382.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\7DBFCEE4_AA01_5D47_DF29_C46FB06B3661.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\7EF8D0EE_A623_3C6F_8389_E4EB9332977D.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\860E40B9_BCF9_135E_3A45_A23B4F0A5E94.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\86F4DB4E_518B_8757_F485_99A870B83241.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\892E7EBF_1D3B_8CD1_62D9_EEE1C2511713.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\8A0F80F2_6677_B0FE_0E10_3EA3FD35660C.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\8AF3F64C_0E7E_B0BF_B295_FC5E747E7574.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\8D2055C0_FAFC_CFF8_8BF7_CFE780370297.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\8E1E19EC_A955_46A8_8C63_2111BF9F4423.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\8EBE42F3_F9F3_7707_2DCE_F264F7B91FCD.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\916994EB_F942_D48C_6370_3B4928BBF0FE.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\9661AB71_0011_D881_6BE9_E925846596ED.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\980F1BE5_12CA_CC61_9754_365A02BB5E8C.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\99047720_7DC0_F231_5137_E153F457E3D3.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\995B8284_22D5_EA2A_DDA0_AA0C4FBCF85F.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\99B48DAD_E5B6_3255_EC9D_141EA264AEC5.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\9A8F52D0_4EC0_2AB9_14F1_8D228EA16333.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\A138277C_3F32_559F_DEED_090D3F720678.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\A2650BE4_99B7_5E1B_4F97_C6DAA399834D.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\A2D84A58_8C00_814F_8D24_4159ED276FC0.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\AB7A72B1_C68A_28D6_CC7A_5182E9270160.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\ABCFBD64_A3AF_2656_1BA1_3907C68BE9DC.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\ADB497B9_54C8_0711_6207_6F257EB11360.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\AE6869EA_E06F_4769_1F19_6168746FE04D.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\B3381750_E20B_FAC8_4979_8C9FBAC15371.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\B80498BC_0044_D2B6_4F7F_14548A84B2A6.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\BAB74C6D_259A_E6DC_CB9C_69CF9069A910.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\BC1EE9DD_F090_22DB_CE56_805CD46D4A54.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\C2B31CA2_AFF1_5FFE_933B_6DF05681E779.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\C3A196F6_A079_9D5E_D09D_DE0906A62EE6.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\C797E28D_9A1B_6712_BD38_413EBBC3FF19.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\C897D86F_FE6C_23F5_B019_E8DDCA6A39B9.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\CE72F55C_5DC9_C928_F6EC_8B7C17FBC984.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\D41AE267_7341_D4E1_FC81_C31183136C87.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\D56973A3_93F5_B294_53CF_D83D958836A5.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\DA24F1D3_53B4_DDB9_07F5_788D0B9CCA50.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\DA9FD54F_D14C_28BF_8265_00AD158B2F5C.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\DF656585_8B5E_9C8B_AB64_92A2B28E2C91.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\E5F2D129_0886_E762_E694_8A48A94FC418.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\ED20B98C_DCFE_D7E9_3C2D_30ECF1EB69EC.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\EE24058F_FD8E_B121_6F30_9F6483611B5A.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\EF97DBFB_920C_BE41_BD9C_D66FF7F3158F.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\F1A4A8A2_682C_8729_CE59_8C11B48DFFB5.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\FA19F3B4_A945_756F_1D98_BFB396F5718A.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\FACC5957_3EC6_830C_66A0_02921E9D4588.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1362813158_1362813158_9094450_macross_1362737396_181.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1362813158_1362813158_9094450_macross_1362737396_181.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1362835584_1362835583_31519739_macross_1339553823_85.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1362835584_1362835583_31519739_macross_1339553823_85.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363261225_1363261225_27331_f7b1f9060b4a35e0ce6c42be2722ad179f37c44c.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363261225_1363261225_27331_f7b1f9060b4a35e0ce6c42be2722ad179f37c44c.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363348840_1363348840_33373_7e7ea8e4ccb3ff72fa1029ac8725eeb137bd3b67.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363348840_1363348840_33373_7e7ea8e4ccb3ff72fa1029ac8725eeb137bd3b67.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363418249_1363418249_151507_macross_1360308796_503.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363418249_1363418249_151507_macross_1360308796_503.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363418398_1363418398_300438_macross_1360916143_314.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363418398_1363418398_300438_macross_1360916143_314.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363420177_1363420162_2064350_macross_1361525818_471.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363420177_1363420162_2064350_macross_1361525818_471.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363438862_1363438846_20749013_macross_1363329136_16.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363438862_1363438846_20749013_macross_1363329136_16.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363545635_1363545634_46014278_macross_1361081407_923.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363545635_1363545634_46014278_macross_1361081407_923.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363693623_1363693623_70322_23623226_1322028711_312.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363693623_1363693623_70322_23623226_1322028711_312.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363778409_1363778408_115990_23623226_1322028701_742.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363778409_1363778408_115990_23623226_1322028701_742.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364045926_1364045926_8277824_macross_1363937575_32.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364045926_1364045926_8277824_macross_1363937575_32.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364084698_1364084685_3543379_macross_1362973225_680.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364084698_1364084685_3543379_macross_1362973225_680.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364084766_1364084766_3624653_e9952b5d1c1d52cdbfcfd2d7d2536ddad1b287ca.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364084766_1364084766_3624653_e9952b5d1c1d52cdbfcfd2d7d2536ddad1b287ca.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364084766_1364084766_3624798_macross_1362367221_482.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364084766_1364084766_3624798_macross_1362367221_482.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364376672_1364376672_133405_macross_1363848077_57.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364376672_1364376672_133405_macross_1363848077_57.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365154762_1365154761_70868795_macross_1364797764_944.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365154762_1365154761_70868795_macross_1364797764_944.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365213159_1365213159_77302_17239948_1264675398_138.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365213159_1365213159_77302_17239948_1264675398_138.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365213159_1365213159_77331_2abe3271a1366fef9c27d10ff14ae20d79e7ce89.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365213159_1365213159_77331_2abe3271a1366fef9c27d10ff14ae20d79e7ce89.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365217030_1365217016_3935047_17239948_1264675482_871.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365217030_1365217016_3935047_17239948_1264675482_871.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365855808_1365855794_143674_macross_1364046745_710.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365855808_1365855794_143674_macross_1364046745_710.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365855871_1365855855_205108_macross_1363577481_32.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365855871_1365855855_205108_macross_1363577481_32.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366032601_1366032596_20995342_macross_1355377191_422.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366032601_1366032596_20995342_macross_1355377191_422.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366032646_1366032646_21045472_macross_1354677924_309.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366032646_1366032646_21045472_macross_1354677924_309.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366034217_1366034217_22616285_macross_1355302230_786.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366034217_1366034217_22616285_macross_1355302230_786.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366036769_1366036768_25167827_macross_1355904611_877.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366036769_1366036768_25167827_macross_1355904611_877.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366038991_1366038988_27387303_macross_1358329412_436.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366038991_1366038988_27387303_macross_1358329412_436.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366111806_1366111805_13330737_macross_1358907370_158.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366111806_1366111805_13330737_macross_1358907370_158.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366113107_1366113107_14631908_macross_1360121301_44.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366113107_1366113107_14631908_macross_1360121301_44.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366115315_1366115310_16835040_macross_1360725369_913.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366115315_1366115310_16835040_macross_1360725369_913.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366162507_1366162493_64018353_macross_1361337904_542.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366162507_1366162493_64018353_macross_1361337904_542.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366172794_1366172779_74304537_macross_1361945763_749.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366172794_1366172779_74304537_macross_1361945763_749.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366174659_1366174658_76183582_macross_1363685635_812.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366174659_1366174658_76183582_macross_1363685635_812.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366178992_1366178992_80516825_macross_1364355195_17.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366178992_1366178992_80516825_macross_1364355195_17.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366180395_1366180380_81905749_macross_1366133203_904.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366180395_1366180380_81905749_macross_1366133203_904.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366358488_1366358487_9322576_4b3c646cfc3256f261566730e16886a78d8aaedc.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366358488_1366358487_9322576_4b3c646cfc3256f261566730e16886a78d8aaedc.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366358488_1366358488_9322808_18524595_1291278212_656.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366358488_1366358488_9322808_18524595_1291278212_656.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366426052_1366426052_76887208_20080446_1307007410_658.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366426052_1366426052_76887208_20080446_1307007410_658.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366433023_1366433023_5485486_456e078f9abc069db837ef160d0444843b8c874b.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366433023_1366433023_5485486_456e078f9abc069db837ef160d0444843b8c874b.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366464761_1366464748_37211129_macross_1366360363_324.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366464761_1366464748_37211129_macross_1366360363_324.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366464761_1366464760_37223184_f0b91976f5f00157f93c699b2deb2baa261b3782.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366464761_1366464760_37223184_f0b91976f5f00157f93c699b2deb2baa261b3782.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366514323_1366514321_27076_24272712_1324455068_244.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366514323_1366514321_27076_24272712_1324455068_244.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366981440_1366981434_162712_macross_1366967523_782.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366981440_1366981434_162712_macross_1366967523_782.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366981440_1366981440_168252_860715ed42edfe5fcfd358bb2288b762185e32e4.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366981440_1366981440_168252_860715ed42edfe5fcfd358bb2288b762185e32e4.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367134935_1367134921_46526_macross_1366958547_887.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367134935_1367134921_46526_macross_1366958547_887.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367586329_1367586319_3320801_macross_1367570641_246.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367586329_1367586319_3320801_macross_1367570641_246.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367641476_1367641465_36720_macross_1367593663_702.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367641476_1367641465_36720_macross_1367593663_702.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367661214_1367661210_19782013_macross_1367463152_264.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367661214_1367661210_19782013_macross_1367463152_264.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367661214_1367661214_19785618_e06c30783a6c7ad7fc5f22d1df052f2decac1d51.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367661214_1367661214_19785618_e06c30783a6c7ad7fc5f22d1df052f2decac1d51.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367682672_1367682672_41243617_macross_1338539137_384.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367682672_1367682672_41243617_macross_1338539137_384.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367727180_1367727180_6118080_24726995_1322032609_698.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367727180_1367727180_6118080_24726995_1322032609_698.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368189368_1368189368_50511_macross_1368172645_33.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368189368_1368189368_50511_macross_1368172645_33.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368244685_1368244685_55367165_macross_1368175043_851.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368244685_1368244685_55367165_macross_1368175043_851.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368796701_1368796701_105785_macross_1368705543_463.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368796701_1368796701_105785_macross_1368705543_463.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368933817_1368933816_34805_macross_1368779075_649.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368933817_1368933816_34805_macross_1368779075_649.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368935870_1368935870_2089373_macross_1338172555_376.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368935870_1368935870_2089373_macross_1338172555_376.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368936164_1368936164_2382880_5881262_1216799458_647.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368936164_1368936164_2382880_5881262_1216799458_647.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369236740_1369236740_1514898_macross_1368693515_202.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369236740_1369236740_1514898_macross_1368693515_202.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369236740_1369236740_1515241_d058b26036638b20fe4bdd37454f038e7efa3883.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369236740_1369236740_1515241_d058b26036638b20fe4bdd37454f038e7efa3883.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312892_1369312891_15151682_macross_1363852871_580.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312892_1369312891_15151682_macross_1363852871_580.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312900_1369312900_15160595_macross_1364456955_443.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312900_1369312900_15160595_macross_1364456955_443.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312910_1369312910_15170416_macross_1365068449_974.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312910_1369312910_15170416_macross_1365068449_974.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312937_1369312923_15184218_macross_1366877561_444.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312937_1369312923_15184218_macross_1366877561_444.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369378264_1369378249_9908483_macross_1367515213_627.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369378264_1369378249_9908483_macross_1367515213_627.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369378273_1369378273_9931989_macross_1368090222_861.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369378273_1369378273_9931989_macross_1368090222_861.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369400491_1369400491_32150151_macross_1369383569_320.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369400491_1369400491_32150151_macross_1369383569_320.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369417623_1369417622_158685_macross_1367485296_926.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369417623_1369417622_158685_macross_1367485296_926.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369450550_1369450550_459129_macross_1367478884_233.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369450550_1369450550_459129_macross_1367478884_233.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369488706_1369488706_38615088_7014043_1235466100_290.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369488706_1369488706_38615088_7014043_1235466100_290.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369488820_1369488820_38728917_7014043_1224486172_465.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369488820_1369488820_38728917_7014043_1224486172_465.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369492312_1369492312_42221198_macross_1356412837_703.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369492312_1369492312_42221198_macross_1356412837_703.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369539473_1369539459_89368100_macross_1368522002_285.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369539473_1369539459_89368100_macross_1368522002_285.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370077050_1370077050_14875617_macross_1369982659_488.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370077050_1370077050_14875617_macross_1369982659_488.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263803_1370263802_48380_5274aef4290adf13f8535d00756373a32c65dbe4.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263803_1370263802_48380_5274aef4290adf13f8535d00756373a32c65dbe4.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263803_1370263802_49005_macross_1360813863_420.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263803_1370263802_49005_macross_1360813863_420.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263816_1370263815_61528_macross_1360897310_670.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263816_1370263815_61528_macross_1360897310_670.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263821_1370263821_67667_macross_1361415948_633.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263821_1370263821_67667_macross_1361415948_633.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263833_1370263833_79235_macross_1361502662_119.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263833_1370263833_79235_macross_1361502662_119.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263854_1370263842_88851_macross_1362033818_301.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263854_1370263842_88851_macross_1362033818_301.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370763931_1370763931_85900213_macross_1370670422_787.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370763931_1370763931_85900213_macross_1370670422_787.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1371958069_1371958068_37880_macross_1359078393_59.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1371958069_1371958068_37880_macross_1359078393_59.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1371958176_1371958176_145343_heishehui1.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1371958176_1371958176_145343_heishehui1.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372396269_1372396269_107391_macross_1372311900_263.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372396269_1372396269_107391_macross_1372311900_263.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372402332_1372402332_6170335_18277256_1333009755_361.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372402332_1372402332_6170335_18277256_1333009755_361.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372526355_1372526355_56440902_macross_1372393380_495.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372526355_1372526355_56440902_macross_1372393380_495.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372908118_1372908117_29853797_macross_1371520367_102.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372908118_1372908117_29853797_macross_1371520367_102.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373105423_1373105422_15186980_75b9e557fb7bb6c2daa0e11d2c4c08b6e9a14f42.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373105423_1373105422_15186980_75b9e557fb7bb6c2daa0e11d2c4c08b6e9a14f42.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373105423_1373105423_15187326_macross_1372827190_382.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373105423_1373105423_15187326_macross_1372827190_382.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373108996_1373108989_18753052_18277256_1282188110_19.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373108996_1373108989_18753052_18277256_1282188110_19.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373108996_1373108996_18760422_206c2c8ea94a94064612e84f13bd5d8f9e58ace2.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373108996_1373108996_18760422_206c2c8ea94a94064612e84f13bd5d8f9e58ace2.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373212056_1373212056_1175091_macross_1369188502_878.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373212056_1373212056_1175091_macross_1369188502_878.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373948974_1373948974_472465_macross_1361867608_859.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373948974_1373948974_472465_macross_1361867608_859.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373983687_1373983682_5797634_macross_1373431926_525.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373983687_1373983682_5797634_macross_1373431926_525.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374126254_1374126240_125320_macross_1374030545_878.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374126254_1374126240_125320_macross_1374030545_878.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374164651_1374164651_27526_macross_1374124913_987.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374164651_1374164651_27526_macross_1374124913_987.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374207099_1374207099_125327_macross_1362559110_47.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374207099_1374207099_125327_macross_1362559110_47.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374941013_1374941013_246607_macross_1339408121_800.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374941013_1374941013_246607_macross_1339408121_800.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1375288309_1375288309_106307_macross_1375077181_233.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1375288309_1375288309_106307_macross_1375077181_233.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1375959178_1375959178_27853942_31459691_1332835019_474.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1375959178_1375959178_27853942_31459691_1332835019_474.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1376011481_1376011481_80157042_macross_1375679223_290.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1376011481_1376011481_80157042_macross_1375679223_290.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1376140125_1376140125_208801041_macross_1340964516_642.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1376140125_1376140125_208801041_macross_1340964516_642.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1376234196_1376234196_302872426_24570037_1314698723_324.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1376234196_1376234196_302872426_24570037_1314698723_324.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377072846_1377072846_48843807_macross_1375945657_197.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377072846_1377072846_48843807_macross_1375945657_197.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377409921_1377409921_155504111_5372255_1208327588_158.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377409921_1377409921_155504111_5372255_1208327588_158.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377409946_1377409946_155528445_24726995_1322032758_982.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377409946_1377409946_155528445_24726995_1322032758_982.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377660722_1377660722_130669460_macross_1377234285_768.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377660722_1377660722_130669460_macross_1377234285_768.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377744741_1377744741_214689094_macross_1363759896_230.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377744741_1377744741_214689094_macross_1363759896_230.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377799061_1377799061_269009011_macross_1363243408_621.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377799061_1377799061_269009011_macross_1363243408_621.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377883492_1377883492_1157951_macross_1376041180_530.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377883492_1377883492_1157951_macross_1376041180_530.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377916381_1377916381_38793_macross_1351493668_496.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377916381_1377916381_38793_macross_1351493668_496.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377916438_1377916438_96011_macross_1360331118_631.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377916438_1377916438_96011_macross_1360331118_631.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377946266_1377946265_29923686_macross_1377746765_79.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377946266_1377946265_29923686_macross_1377746765_79.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1378227666_1378227666_4965482_macross_1377587426_422.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1378227666_1378227666_4965482_macross_1377587426_422.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1378546787_1378546787_228784686_24726995_1322119840_611.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1378546787_1378546787_228784686_24726995_1322119840_611.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1379081942_1379081942_10707790_macross_1379058580_280.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1379081942_1379081942_10707790_macross_1379058580_280.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1379515641_1379515641_99353738_macross_1379418452_411.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1379515641_1379515641_99353738_macross_1379418452_411.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1379610664_1379610664_2041284_18524595_1306920550_514.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1379610664_1379610664_2041284_18524595_1306920550_514.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380292832_1380292832_95274497_23D8CC90D647D9D051BFE992239D04C66A11FD03.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380292832_1380292832_95274497_23D8CC90D647D9D051BFE992239D04C66A11FD03.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380292832_1380292832_95274578_macross_1380088167_720.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380292832_1380292832_95274578_macross_1380088167_720.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380342430_1380342430_144872045_2081978155089FE7AA50756CCBA837A7B6464D4E.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380342430_1380342430_144872045_2081978155089FE7AA50756CCBA837A7B6464D4E.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380342430_1380342430_144872283_macross_1380290183_632.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380342430_1380342430_144872283_macross_1380290183_632.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380344039_1380344039_146481078_macross_1380290163_552.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380344039_1380344039_146481078_macross_1380290163_552.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380382192_1380382192_184633954_macross_1377680028_988.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380382192_1380382192_184633954_macross_1377680028_988.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380679489_1380679485_257708_macross_1380628840_98.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380679489_1380679485_257708_macross_1380628840_98.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380682974_1380682974_3746678_macross_1380272339_348.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380682974_1380682974_3746678_macross_1380272339_348.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380717476_1380717476_38248508_macross_1377310329_346.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380717476_1380717476_38248508_macross_1377310329_346.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380819409_1380819409_140181531_macross_1374134279_357.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380819409_1380819409_140181531_macross_1374134279_357.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380884655_1380884648_19954934_macross_1380868029_219.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380884655_1380884648_19954934_macross_1380868029_219.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381419365_1381419362_14190051_F2485A13D8B0C5A6AA5A084C444B2835C23A8668.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381419365_1381419362_14190051_F2485A13D8B0C5A6AA5A084C444B2835C23A8668.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381419365_1381419365_14192959_macross_1381405953_201.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381419365_1381419365_14192959_macross_1381405953_201.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381489917_1381489917_144470_E119CFA0755CD860C5A15D455FE32412A250F7E1.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381489917_1381489917_144470_E119CFA0755CD860C5A15D455FE32412A250F7E1.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381489917_1381489917_144855_macross_1381060214_669.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381489917_1381489917_144855_macross_1381060214_669.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381504345_1381504345_14572624_macross_1381478949_347.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381504345_1381504345_14572624_macross_1381478949_347.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381548528_1381548522_58749542_macross_1380888169_443.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381548528_1381548522_58749542_macross_1380888169_443.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381548582_1381548573_58800025_macross_1381475489_685.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381548582_1381548573_58800025_macross_1381475489_685.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381586756_1381586756_19437787_macross_1381567606_546.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381586756_1381586756_19437787_macross_1381567606_546.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381805266_1381805266_747246_macross_1381738835_232.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381805266_1381805266_747246_macross_1381738835_232.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381805266_1381805266_747249_A06903EAF8FA7EE85CD1C4FD7B08284872432B4D.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381805266_1381805266_747249_A06903EAF8FA7EE85CD1C4FD7B08284872432B4D.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381825504_1381825504_10146279_24727249_1314943979_162.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381825504_1381825504_10146279_24727249_1314943979_162.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382015645_1382015645_600942_macross_1382004365_555.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382015645_1382015645_600942_macross_1382004365_555.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382090479_1382090466_14282981_macross_1382080448_61.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382090479_1382090466_14282981_macross_1382080448_61.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382177947_1382177941_101758409_macross_1381908618_659.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382177947_1382177941_101758409_macross_1381908618_659.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382179953_1382179952_103768843_macross_1382087422_962.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382179953_1382179952_103768843_macross_1382087422_962.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382200167_1382200167_123984669_BC52AFC1CF789049C220480F25B6F7F54134AAFA.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382200167_1382200167_123984669_BC52AFC1CF789049C220480F25B6F7F54134AAFA.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382200168_1382200162_123979399_macross_1382098849_980.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382200168_1382200162_123979399_macross_1382098849_980.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382200685_1382200682_124499172_macross_1382098850_864.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382200685_1382200682_124499172_macross_1382098850_864.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382201175_1382201175_124992574_macross_1382098850_103.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382201175_1382201175_124992574_macross_1382098850_103.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382274174_1382274174_197990887_macross_1373882791_508.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382274174_1382274174_197990887_macross_1373882791_508.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382345914_1382345914_1397789_1451101_1219112688_95.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382345914_1382345914_1397789_1451101_1219112688_95.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382415615_1382415615_1454419_macross_1340954934_794.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382415615_1382415615_1454419_macross_1340954934_794.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382416540_1382416540_2379371_24570037_1328518718_363.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382416540_1382416540_2379371_24570037_1328518718_363.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382431560_1382431559_17398393_24570037_1325302917_748.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382431560_1382431559_17398393_24570037_1325302917_748.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382440941_1382440941_26780107_macross_1340941018_349.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382440941_1382440941_26780107_macross_1340941018_349.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382541336_1382541321_15895280_macross_1382350470_389.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382541336_1382541321_15895280_macross_1382350470_389.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382618324_1382618309_221856_macross_1382601854_639.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382618324_1382618309_221856_macross_1382601854_639.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382703162_1382703155_162632_macross_1382683181_822.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382703162_1382703155_162632_macross_1382683181_822.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382711147_1382711146_8154333_macross_1381916243_531.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382711147_1382711146_8154333_macross_1381916243_531.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382762477_1382762477_59484558_macross_1382692808_979.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382762477_1382762477_59484558_macross_1382692808_979.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382875748_1382875746_172753971_macross_1382438883_529.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382875748_1382875746_172753971_macross_1382438883_529.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382877321_1382877321_174328834_macross_1351828290_768.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382877321_1382877321_174328834_macross_1351828290_768.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382877708_1382877707_174715285_macross_1351842358_856.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382877708_1382877707_174715285_macross_1351842358_856.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383053439_1383053439_8498506_macross_1382949605_849.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383053439_1383053439_8498506_macross_1382949605_849.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383240232_1383240222_849163_macross_1383212725_621.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383240232_1383240222_849163_macross_1383212725_621.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383402604_1383402600_38710253_macross_1383294309_920.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383402604_1383402600_38710253_macross_1383294309_920.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383411528_1383411528_47638812_macross_1383035344_492.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383411528_1383411528_47638812_macross_1383035344_492.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383462034_1383462032_98142866_macross_1370767672_164.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383462034_1383462032_98142866_macross_1370767672_164.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383462034_1383462033_98143840_f1b79f725c59a20e0081f0c333639018eb50f9e1.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383462034_1383462033_98143840_f1b79f725c59a20e0081f0c333639018eb50f9e1.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383462246_1383462246_98356547_macross_1375336869_23.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383462246_1383462246_98356547_macross_1375336869_23.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383583918_1383583918_220028333_macross_1383556029_502.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383583918_1383583918_220028333_macross_1383556029_502.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383836907_1383836907_2632568_macross_1383736336_791.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383836907_1383836907_2632568_macross_1383736336_791.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383878285_1383878285_44010536_6634280_1292815851_339.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383878285_1383878285_44010536_6634280_1292815851_339.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383979979_1383979979_145705216_macross_1383893130_734.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383979979_1383979979_145705216_macross_1383893130_734.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1384181095_1384181095_8377351_macross_1383817497_87.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1384181095_1384181095_8377351_macross_1383817497_87.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1384254716_1384254701_1680480_macross_1384162872_920.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1384254716_1384254701_1680480_macross_1384162872_920.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\download\FunshionInstall2.8.6.56.exe (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\DiagnosticConfig.xml (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\FunshionDoctor.exe (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\report.txt (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\TmpFile.zip (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\ArrowLeft.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\Bk.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bk_homepage.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bk_projection.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bmpdetection.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bmpexception.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bmpNormal.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\btn_Ignore.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\btn_Ignore.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\btn_normal.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\cancel.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\cancle_result.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\checkDown.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\checking.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\checkUp.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\close.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\expend.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\feedback.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\hide.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\icon_detecting.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\Icon_Green.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\line.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\littleicon_help.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\NoNet.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\Normal.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\progress_bar.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\question.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\repair.gif (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\repairing.gif (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\repairSucess.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\repair_animation.gif (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\restartFunshion.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\restartFunshionLater.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\restartfunshion_close.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\result_question.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\ScrollBar.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\startBK.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\startCheck.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\Õï¶Ï¹¤¾ß-Òì³£icon.jpg (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\吸血鬼日记第五季-第5集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\寂静岭(130731)-DVD.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\异能-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\无可匹敌(131105)-720P.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\沙画泰坦尼克-DVD.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\激战-720P.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\生死救婴.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\绿箭侠第二季-第4集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\行尸走肉第四季-第3集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\行尸走肉第四季-第4集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\行尸走肉第四季-第5集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\赏金杀手-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\ini\httpfile.ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\ini\temp_config.ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\Shortcut\FunShortcut.ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\adConfig.xml (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\adConfig.xml.bak (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\AdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\adMaterialsTable1.xml (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\ad_define.fai (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\ad_define.fai.bak (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\ad_material.fax (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\dlpopwind.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\flashParam.txt (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\flashParam.txt.bak (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\Funshion Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\hermes.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\MiniAdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\minisite.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\Pop Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\popwind.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\StampPolicy.txt (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\textAdLink.xml (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\textMiniAdLink.xml (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\updatexmlfile.txt (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\热门游戏.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\购物网站大全.lnk (PUP.Funshion) -> Quarantined and deleted successfully. (end)
-
Combofix ComboFix 13-11-11.01 - Lai 13/11/2013 23:24:29.3.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8157.6423 [GMT 8:00]Running from: c:\users\Lai\Downloads\ComboFix.exeCommand switches used :: c:\users\Lai\Downloads\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2013-10-13 to 2013-11-13 )))))))))))))))))))))))))))))))..2013-11-13 15:27 . 2013-11-13 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-12 14:57 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD6B067A-BE6A-4587-8E11-BF301986BC41}\mpengine.dll2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple2013-11-03 17:11 . 2013-11-03 17:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll2013-11-03 17:10 . 2013-11-03 17:11 -------- d-----w- c:\program files (x86)\x264 Video Codec...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA}]c:\users\Lai\funshion\funshiontools\FunshionHelper.dll [bU].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096]"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688]"AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064]"OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848]"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]"iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer4"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x]R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S1 GizmoDrv;Gizmo Device Driver; [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28].2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]"ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)AddRemove-Funshion - c:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-11-13 23:28:15ComboFix-quarantined-files.txt 2013-11-13 15:28ComboFix2.txt 2013-11-13 13:21ComboFix3.txt 2013-11-12 15:05.Pre-Run: 10,469,027,840 bytes freePost-Run: 10,394,796,032 bytes free.- - End Of File - - 3E8EB4C64344412F6622534195520F1B
-
ComboFix 13-11-11.01 - Lai 13/11/2013 21:14:25.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8157.6107 [GMT 8:00] Running from: c:\users\Lai\Downloads\ComboFix.exe Command switches used :: c:\users\Lai\Downloads\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Funshion Online c:\program files (x86)\Funshion Online\2.8.6.56\atrc.dll c:\program files (x86)\Funshion Online\2.8.6.56\cook.dll c:\program files (x86)\Funshion Online\2.8.6.56\CoreAAC.ax c:\program files (x86)\Funshion Online\2.8.6.56\CoreAVC.ax c:\program files (x86)\Funshion Online\2.8.6.56\CrashReport.exe c:\program files (x86)\Funshion Online\2.8.6.56\drvc.dll c:\program files (x86)\Funshion Online\2.8.6.56\funoictl.dll c:\program files (x86)\Funshion Online\2.8.6.56\Funshion.exe c:\program files (x86)\Funshion Online\2.8.6.56\funshion.ini c:\program files (x86)\Funshion Online\2.8.6.56\FunshionGame2.ico c:\program files (x86)\Funshion Online\2.8.6.56\funshionplugin2.dll c:\program files (x86)\Funshion Online\2.8.6.56\FunshionService.exe c:\program files (x86)\Funshion Online\2.8.6.56\FunshionUpgrade.exe c:\program files (x86)\Funshion Online\2.8.6.56\Funshop4.ico c:\program files (x86)\Funshion Online\2.8.6.56\gma.dll c:\program files (x86)\Funshion Online\2.8.6.56\icon\MP4.ico c:\program files (x86)\Funshion Online\2.8.6.56\icon\RMVB.ico c:\program files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe c:\program files (x86)\Funshion Online\2.8.6.56\LangResEnAmerican.dll c:\program files (x86)\Funshion Online\2.8.6.56\pncrt.dll c:\program files (x86)\Funshion Online\2.8.6.56\pndx5016.dll c:\program files (x86)\Funshion Online\2.8.6.56\pndx5032.dll c:\program files (x86)\Funshion Online\2.8.6.56\pos.ini c:\program files (x86)\Funshion Online\2.8.6.56\rmoc3260.dll c:\program files (x86)\Funshion Online\2.8.6.56\SimpleIE.dll c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AbnormalPopWndCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AddListFile.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AddMore.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AdPackUpBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AdTimer.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpCleanFile.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpClearDisk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpError.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpError_IE.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpPlayBarTip.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpPrompt.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpQuestion.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpTimerClose.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpYellowQuestion.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\btn_normal.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\btn_normalEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Buffering.gif c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CaptionText.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CaptionTextEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Box.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Box.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Check.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Check.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\checkSkin.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ClearFile.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\cycle.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Default.fskin c:\program files (x86)\Funshion Online\2.8.6.56\skin1\DelListFile.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\DiskWarnning.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\DownloadJsonClose.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Family.fskin c:\program files (x86)\Funshion Online\2.8.6.56\skin1\IErrorReshBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\IErrorWndBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgCleanFileBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgCloseMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgFullViewMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgMinViewMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgNonTopViewMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgNormalViewMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgStandardMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgStandardMiniEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgTopViewMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumb.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumbSel.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumbSel.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\KuWo.fskin c:\program files (x86)\Funshion Online\2.8.6.56\skin1\list_expend.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\logo.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\LogoMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\LogoMiniEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnArrow.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnDownArrow.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnUpArrow.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplidBarHead.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplidBarTrail.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplideBarBkgnd.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplideBarThumb.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionText.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionTextEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PauseAdCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PauseFlickerBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnFullView.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNext.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNextMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNonTop.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNormal.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPause.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPauseMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlay.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlayList.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlayMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPre.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPreMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnSimple.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnSimpleEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnStop.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnStopMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnTop.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolMute.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolume.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolumeMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarOpenFile.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerTipCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayInfoCurPlay.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayList.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayListEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBar.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBarThumb.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBarThumbSel.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Popular.fskin c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlBtnSplitter.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCheckBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCheckBtnCheck.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtn.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtnAbnormal.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlIcon.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlMiniBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlMiniBtn.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlSetBtn.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RadioBtnBox.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RadioBtnPt.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RpcLoading.gif c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RpcStartDlgBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Scroll.gif c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarDownArrow.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarDownArrowOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarUpArrow.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarUpArrowOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerBkgnd.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerBkgndOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetBkgnd.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetBkgndOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetHead.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetHeadOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetMid.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetMidOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetTrail.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetTrailOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollLinkBkgnd.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\selected.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ShowPlayInfoBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\small.zip c:\program files (x86)\Funshion Online\2.8.6.56\skin1\smallerror.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\smallerror.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\switchToLibrary.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\switchToPlayer.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskDelete.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskDownLoad.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskList.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListStatIcons.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListStatSelIcon.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskManagerCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskManagerCloseTxtBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskPaused.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TextBtnBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TipTopArrow.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\BmpDetect.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpdetection.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpexception.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpNormal.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpOK.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\CaptionCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\CaptionMinBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\feedbackbtnbk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\forumhelpbtnbk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\funshionmark.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifChecking.gif c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifRepairing.gif c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifScanning.gif c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ignorebtnbk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProblemHelpBtnBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\problemtabbk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProgressBarBK.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProgressBarFG.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\question.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\recheck.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\repairBtnBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ReRepairBtnBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\RestoreBtnBK.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarDownArrowOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarUpArrowOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerBkgndOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetBkgndOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetHeadOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetMidOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetTrailOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TopLeftCornor.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TopRightCornor.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TrayWndclose.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmBkgnd.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmIgoreBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmUpdateBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateCapBkgnd.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateCaption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconFail.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconInit.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconSuc.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\VolumeMute.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\VolumeNoMute.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\WebCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\WebCloseBtnRgn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\WndCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exe c:\program files (x86)\Funshion Online\Funshion\Funshion.lnk c:\program files (x86)\Funshion Online\Funshion\RunningFunshionUpgrade.exe c:\users\Lai\funshion\funshiontools c:\users\Lai\funshion\funshiontools\FunshionHelper.dll c:\users\Lai\funshion\funshiontools\gma.dll c:\users\Lai\funshion\funshiontools\npFunshion.dll c:\users\Public\Fundata c:\users\Public\Fundata\baychimo.dll c:\users\Public\Fundata\DangerAppInfo.dll c:\users\Public\Fundata\Donovan.dll c:\users\Public\Fundata\Fighter.daw c:\users\Public\Fundata\FunDodge.dll c:\users\Public\Fundata\FunNail.dll c:\users\Public\Fundata\FunPioneer.dll c:\users\Public\Fundata\FunSeed64V782.dll c:\users\Public\Fundata\FunShadow.dll c:\users\Public\Fundata\FunshionSync.dll c:\users\Public\Fundata\FunWorks.daw c:\users\Public\Fundata\FunWorks64.dll c:\users\Public\Fundata\FunWorksTmp.dll c:\users\Public\Fundata\gma.dll c:\users\Public\Fundata\InstalledAppInfo.daw c:\users\Public\Fundata\LuaConfig.txt c:\users\Public\Fundata\LuaInterface_mt.dll c:\users\Public\Fundata\Midnight.dll c:\users\Public\Fundata\MiniPak.dll c:\users\Public\Fundata\Nail.lua c:\users\Public\Fundata\sdodge.daw c:\users\Public\Fundata\SeedIcon.ico c:\users\Public\Fundata\sres.daw c:\users\Public\Fundata\timeactionres.daw c:\users\Public\Fundata\Visitor.dll c:\users\Public\Fundata\VisitorResult.daw . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_FunshionSvr . . ((((((((((((((((((((((((( Files Created from 2013-10-13 to 2013-11-13 ))))))))))))))))))))))))))))))) . . 2013-11-13 13:17 . 2013-11-13 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-12 14:57 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD6B067A-BE6A-4587-8E11-BF301986BC41}\mpengine.dll 2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple 2013-11-03 17:11 . 2013-11-03 17:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll 2013-11-03 17:10 . 2013-11-03 17:11 -------- d-----w- c:\program files (x86)\x264 Video Codec . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin 2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll 2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll 2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll 2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll 2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll 2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll 2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll 2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll 2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll 2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys 2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096] "GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160] "ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688] "AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064] "OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720] "iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x] R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x] S1 GizmoDrv;Gizmo Device Driver; [x] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x] S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc FunshionServiceTools REG_MULTI_SZ FunshionSvr . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job - c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47] . 2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job - c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47] . 2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28] . 2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U] @="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}" [HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}] 2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248] "ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . BHO-{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - c:\users\Lai\funshion\funshiontools\FunshionHelper.dll Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file) AddRemove-Funshion - c:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\ASUS\FaceLogon\smartlogon.exe c:\program files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exe c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe c:\program files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe c:\program files (x86)\ASUS\ASUS Manager Suite\ASUSManager.exe c:\program files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\EMOSDControl.exe c:\program files (x86)\ASUS\ASUS Manager Suite\EMMessageParser.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-11-13 21:21:27 - machine was rebooted ComboFix-quarantined-files.txt 2013-11-13 13:21 ComboFix2.txt 2013-11-12 15:05 . Pre-Run: 10,686,169,088 bytes free Post-Run: 10,202,435,584 bytes free . - - End Of File - - 53A3C43C7E710BC9403E2DE4805C5217
-
okay here it goes. ComboFix 13-11-11.01 - Lai 13/11/2013 21:14:25.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8157.6107 [GMT 8:00]Running from: c:\users\Lai\Downloads\ComboFix.exeCommand switches used :: c:\users\Lai\Downloads\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\Funshion Onlinec:\program files (x86)\Funshion Online\2.8.6.56\atrc.dllc:\program files (x86)\Funshion Online\2.8.6.56\cook.dllc:\program files (x86)\Funshion Online\2.8.6.56\CoreAAC.axc:\program files (x86)\Funshion Online\2.8.6.56\CoreAVC.axc:\program files (x86)\Funshion Online\2.8.6.56\CrashReport.exec:\program files (x86)\Funshion Online\2.8.6.56\drvc.dllc:\program files (x86)\Funshion Online\2.8.6.56\funoictl.dllc:\program files (x86)\Funshion Online\2.8.6.56\Funshion.exec:\program files (x86)\Funshion Online\2.8.6.56\funshion.inic:\program files (x86)\Funshion Online\2.8.6.56\FunshionGame2.icoc:\program files (x86)\Funshion Online\2.8.6.56\funshionplugin2.dllc:\program files (x86)\Funshion Online\2.8.6.56\FunshionService.exec:\program files (x86)\Funshion Online\2.8.6.56\FunshionUpgrade.exec:\program files (x86)\Funshion Online\2.8.6.56\Funshop4.icoc:\program files (x86)\Funshion Online\2.8.6.56\gma.dllc:\program files (x86)\Funshion Online\2.8.6.56\icon\MP4.icoc:\program files (x86)\Funshion Online\2.8.6.56\icon\RMVB.icoc:\program files (x86)\Funshion Online\2.8.6.56\InnerWeb.exec:\program files (x86)\Funshion Online\2.8.6.56\LangResEnAmerican.dllc:\program files (x86)\Funshion Online\2.8.6.56\pncrt.dllc:\program files (x86)\Funshion Online\2.8.6.56\pndx5016.dllc:\program files (x86)\Funshion Online\2.8.6.56\pndx5032.dllc:\program files (x86)\Funshion Online\2.8.6.56\pos.inic:\program files (x86)\Funshion Online\2.8.6.56\rmoc3260.dllc:\program files (x86)\Funshion Online\2.8.6.56\SimpleIE.dllc:\program files (x86)\Funshion Online\2.8.6.56\skin1\AbnormalPopWndCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\AddListFile.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\AddMore.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\AdPackUpBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\AdTimer.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpCleanFile.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpClearDisk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpError.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpError_IE.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpPlayBarTip.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpPrompt.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpQuestion.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpTimerClose.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpYellowQuestion.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\btn_normal.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\btn_normalEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Buffering.gifc:\program files (x86)\Funshion Online\2.8.6.56\skin1\CaptionText.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\CaptionTextEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Box.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Box.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Check.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Check.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\checkSkin.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ClearFile.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\cycle.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Default.fskinc:\program files (x86)\Funshion Online\2.8.6.56\skin1\DelListFile.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\DiskWarnning.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\DownloadJsonClose.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Family.fskinc:\program files (x86)\Funshion Online\2.8.6.56\skin1\IErrorReshBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\IErrorWndBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgCleanFileBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgCloseMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgFullViewMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgMinViewMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgNonTopViewMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgNormalViewMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgStandardMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgStandardMiniEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgTopViewMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumb.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumbSel.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumbSel.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\KuWo.fskinc:\program files (x86)\Funshion Online\2.8.6.56\skin1\list_expend.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\logo.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\LogoMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\LogoMiniEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnArrow.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnDownArrow.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnUpArrow.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplidBarHead.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplidBarTrail.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplideBarBkgnd.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplideBarThumb.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionText.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionTextEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PauseAdCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PauseFlickerBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnFullView.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNext.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNextMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNonTop.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNormal.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPause.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPauseMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlay.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlayList.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlayMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPre.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPreMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnSimple.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnSimpleEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnStop.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnStopMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnTop.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolMute.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolume.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolumeMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarOpenFile.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerTipCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayInfoCurPlay.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayList.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayListEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBar.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBarThumb.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBarThumbSel.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Popular.fskinc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlBtnSplitter.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCheckBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCheckBtnCheck.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtn.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtnAbnormal.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlIcon.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlMiniBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlMiniBtn.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlSetBtn.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\RadioBtnBox.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\RadioBtnPt.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\RpcLoading.gifc:\program files (x86)\Funshion Online\2.8.6.56\skin1\RpcStartDlgBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Scroll.gifc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarDownArrow.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarDownArrowOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarUpArrow.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarUpArrowOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerBkgnd.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerBkgndOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetBkgnd.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetBkgndOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetHead.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetHeadOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetMid.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetMidOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetTrail.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetTrailOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollLinkBkgnd.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\selected.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ShowPlayInfoBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\small.zipc:\program files (x86)\Funshion Online\2.8.6.56\skin1\smallerror.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\smallerror.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\switchToLibrary.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\switchToPlayer.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskDelete.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskDownLoad.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskList.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListStatIcons.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListStatSelIcon.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskManagerCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskManagerCloseTxtBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskPaused.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TextBtnBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TipTopArrow.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\BmpDetect.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpdetection.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpexception.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpNormal.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpOK.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\CaptionCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\CaptionMinBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\feedbackbtnbk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\forumhelpbtnbk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\funshionmark.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifChecking.gifc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifRepairing.gifc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifScanning.gifc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ignorebtnbk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProblemHelpBtnBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\problemtabbk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProgressBarBK.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProgressBarFG.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\question.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\recheck.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\repairBtnBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ReRepairBtnBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\RestoreBtnBK.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarDownArrowOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarUpArrowOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerBkgndOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetBkgndOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetHeadOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetMidOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetTrailOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TopLeftCornor.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TopRightCornor.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TrayWndclose.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmBkgnd.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmIgoreBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmUpdateBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateCapBkgnd.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateCaption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconFail.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconInit.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconSuc.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\VolumeMute.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\VolumeNoMute.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\WebCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\WebCloseBtnRgn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\WndCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exec:\program files (x86)\Funshion Online\Funshion\Funshion.lnkc:\program files (x86)\Funshion Online\Funshion\RunningFunshionUpgrade.exec:\users\Lai\funshion\funshiontoolsc:\users\Lai\funshion\funshiontools\FunshionHelper.dllc:\users\Lai\funshion\funshiontools\gma.dllc:\users\Lai\funshion\funshiontools\npFunshion.dllc:\users\Public\Fundatac:\users\Public\Fundata\baychimo.dllc:\users\Public\Fundata\DangerAppInfo.dllc:\users\Public\Fundata\Donovan.dllc:\users\Public\Fundata\Fighter.dawc:\users\Public\Fundata\FunDodge.dllc:\users\Public\Fundata\FunNail.dllc:\users\Public\Fundata\FunPioneer.dllc:\users\Public\Fundata\FunSeed64V782.dllc:\users\Public\Fundata\FunShadow.dllc:\users\Public\Fundata\FunshionSync.dllc:\users\Public\Fundata\FunWorks.dawc:\users\Public\Fundata\FunWorks64.dllc:\users\Public\Fundata\FunWorksTmp.dllc:\users\Public\Fundata\gma.dllc:\users\Public\Fundata\InstalledAppInfo.dawc:\users\Public\Fundata\LuaConfig.txtc:\users\Public\Fundata\LuaInterface_mt.dllc:\users\Public\Fundata\Midnight.dllc:\users\Public\Fundata\MiniPak.dllc:\users\Public\Fundata\Nail.luac:\users\Public\Fundata\sdodge.dawc:\users\Public\Fundata\SeedIcon.icoc:\users\Public\Fundata\sres.dawc:\users\Public\Fundata\timeactionres.dawc:\users\Public\Fundata\Visitor.dllc:\users\Public\Fundata\VisitorResult.daw..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_FunshionSvr..((((((((((((((((((((((((( Files Created from 2013-10-13 to 2013-11-13 )))))))))))))))))))))))))))))))..2013-11-13 13:17 . 2013-11-13 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-12 14:57 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD6B067A-BE6A-4587-8E11-BF301986BC41}\mpengine.dll2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple2013-11-03 17:11 . 2013-11-03 17:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll2013-11-03 17:10 . 2013-11-03 17:11 -------- d-----w- c:\program files (x86)\x264 Video Codec...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096]"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688]"AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064]"OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848]"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]"iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer4"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x]R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S1 GizmoDrv;Gizmo Device Driver; [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcFunshionServiceTools REG_MULTI_SZ FunshionSvr.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28].2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]"ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.BHO-{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - c:\users\Lai\funshion\funshiontools\FunshionHelper.dllToolbar-Locked - (no file)ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)AddRemove-Funshion - c:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\ASUS\FaceLogon\smartlogon.exec:\program files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exec:\program files (x86)\ASUS\FaceLogon\sensorsrv.exec:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exec:\program files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\ASUS\AI Suite II\AI Suite II.exec:\program files (x86)\ASUS\ASUS Manager Suite\ASUSManager.exec:\program files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\EMOSDControl.exec:\program files (x86)\ASUS\ASUS Manager Suite\EMMessageParser.exec:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2013-11-13 21:21:27 - machine was rebootedComboFix-quarantined-files.txt 2013-11-13 13:21ComboFix2.txt 2013-11-12 15:05.Pre-Run: 10,686,169,088 bytes freePost-Run: 10,202,435,584 bytes free.- - End Of File - - 53A3C43C7E710BC9403E2DE4805C5217
-
Hi Marius, I ran the combofix and here is the log. So what should i do next? ComboFix 13-11-11.01 - Lai 12/11/2013 22:57:36.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8157.6076 [GMT 8:00]Running from: c:\users\Lai\Downloads\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\prefs.jsc:\windows\msvcr71.dllc:\windows\SysWow64\funshion.ini..((((((((((((((((((((((((( Files Created from 2013-10-12 to 2013-11-12 )))))))))))))))))))))))))))))))..2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple2013-11-03 17:11 . 2013-11-03 17:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll2013-11-03 17:10 . 2013-11-03 17:11 -------- d-----w- c:\program files (x86)\x264 Video Codec...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA}]2013-04-22 07:56 603272 ----a-w- c:\users\Lai\funshion\funshiontools\FunshionHelper.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096]"Funshion"="c:\program files (x86)\Funshion Online\2.8.6.56\Funshion.exe" [2013-10-11 4255368]"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688]"AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064]"OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848]"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]"iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer4"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 FunshionSvr;FSServicePlatform;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x]R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S1 GizmoDrv;Gizmo Device Driver; [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcFunshionServiceTools REG_MULTI_SZ FunshionSvr.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28].2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FunOverlay]@="{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}"[HKEY_CLASSES_ROOT\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}]2013-10-11 04:02 235144 ----a-w- c:\users\Public\Fundata\FunSeed64V782.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]"ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exec:\program files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exec:\program files (x86)\ASUS\FaceLogon\sensorsrv.exec:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exec:\program files (x86)\ASUS\AI Suite II\AI Suite II.exec:\program files (x86)\ASUS\ASUS Manager Suite\ASUSManager.exec:\program files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\EMOSDControl.exec:\program files (x86)\ASUS\ASUS Manager Suite\EMMessageParser.exec:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2013-11-12 23:05:09 - machine was rebootedComboFix-quarantined-files.txt 2013-11-12 15:05.Pre-Run: 9,804,087,296 bytes freePost-Run: 10,174,410,752 bytes free.- - End Of File - - 85093AB1D5FCECBF09FC281334B04B5B
-
GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-12 19:47:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.JC45 931.51GB Running: obns7gw6.exe; Driver: C:\Users\Lai\AppData\Local\Temp\uwddapow.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}\Connection@Name isatap.{60DF07E6-E702-4C9A-A452-7AA5B7DEB0F5} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{AE4AAB7B-4F25-4647-93E0-6B1A7F1D2064}?\Device\{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}?\Device\{696793D2-3F7B-4C7A-9AF7-808EA56BC0DE}?\Device\{B2C94C28-C256-4FFD-96C7-191C0BDC93F3}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{AE4AAB7B-4F25-4647-93E0-6B1A7F1D2064}"?"{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}"?"{696793D2-3F7B-4C7A-9AF7-808EA56BC0DE}"?"{B2C94C28-C256-4FFD-96C7-191C0BDC93F3}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{AE4AAB7B-4F25-4647-93E0-6B1A7F1D2064}?\Device\TCPIP6TUNNEL_{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}?\Device\TCPIP6TUNNEL_{696793D2-3F7B-4C7A-9AF7-808EA56BC0DE}?\Device\TCPIP6TUNNEL_{B2C94C28-C256-4FFD-96C7-191C0BDC93F3}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da1d1fe Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}@InterfaceName isatap.{60DF07E6-E702-4C9A-A452-7AA5B7DEB0F5} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da1d1fe (not active ControlSet) ---- EOF - GMER 2.1 ---- what should i do next? and what virus is it? attach.txt
-
DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.25.2 Run by Lai at 14:31:38 on 2013-11-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8157.5305 [GMT 8:00] . AV: Trend Micro Titanium Internet Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA} SP: Trend Micro Titanium Internet Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\windows\system32\taskhost.exe C:\windows\system32\taskeng.exe C:\windows\system32\Dwm.exe C:\Program Files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exe C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x64\QuickGesture64.exe C:\Program Files (x86)\ASUS\Message Controller\AsMessageController.exe C:\windows\Explorer.EXE C:\Program Files (x86)\ASUS\ASUS Manager Suite\ASUSManager.exe C:\Program Files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\EMOSDControl.exe C:\Program Files (x86)\ASUS\ASUS Manager Suite\EMMessageParser.exe C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsEjectHelper.exe C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Gizmo\gservice.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\ASUS\ASUS Docking\ASUS Docking.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\windows\system32\svchost.exe -k regsvc C:\Program Files (x86)\Funshion Online\2.8.6.56\Funshion.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\SYSTEM32\WISPTIS.EXE C:\windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Funshion Online\2.8.6.56\FunshionService.exe C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll BHO: ·çÐÐÊÓƵ²¥·Å¼°ÏÂÔØ×é¼þ: {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - C:\Users\Lai\funshion\funshiontools\FunshionHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [Facebook Update] "C:\Users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [Funshion] "C:\Program Files (x86)\Funshion Online\2.8.6.56\Funshion.exe" startbywindows tray uRun: [GizmoDriveDelegate] "C:\Program Files (x86)\Gizmo\gizmo.exe" /RemountStartupImages mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" mRun: [AsShellApplication] C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe mRun: [OOBESetup] C:\Program Files (x86)\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files (x86)\asus\OOBERegBackup\OOBEReg.ini" mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe /S mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{544BAC5D-549A-495F-8F22-22AC3159C842} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{544BAC5D-549A-495F-8F22-22AC3159C842}\3594E4744554C4D203335373 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{806F1CB3-89E4-44F3-A482-465301154E4E} : DHCPNameServer = 192.168.1.254 Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = about:blank x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P x64-Run: [ASUS Docking] C:\Program Files\ASUS\ASUS Docking\ASUS Docking.exe autorun x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dll x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 hidfilter;HID Upper Filter Driver;C:\windows\System32\drivers\HidFilter.sys [2013-3-9 25728] R0 TMEBC;TMEBC;C:\windows\System32\drivers\TMEBC64.sys [2013-3-10 46392] R1 GizmoDrv;Gizmo Device Driver;C:\windows\System32\drivers\gizmodrv.sys [2013-6-9 34704] R1 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2013-3-10 77184] R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-3-10 310952] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-3-15 586880] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-3-15 233328] R2 Gizmo Central;Gizmo Central;C:\Program Files (x86)\Gizmo\gservice.exe [2013-6-9 34728] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-15 13336] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-3-15 161560] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-15 363800] R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2011-8-2 129000] R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2011-8-2 391144] R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2012-3-15 173656] R3 NWVoltron;NextWindow Voltron Touch Screen;C:\windows\System32\drivers\NWVoltron.sys [2012-3-15 28440] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-15 565352] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 FunshionSvr;FSServicePlatform;C:\windows\System32\svchost.exe -k FunshionServiceTools [2009-7-14 27136] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-8-20 103576] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-5-14 57840] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448] S3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\windows\System32\drivers\hidkmdf.sys [2012-3-15 16152] S3 npggsvc;nProtect GameGuard Service;C:\windows\System32\GameMon.des -service --> C:\windows\System32\GameMon.des -service [?] S3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);C:\windows\System32\drivers\NWWakeFilterV.sys [2012-3-15 16152] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-8-20 204568] S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\windows\System32\drivers\ssudserd.sys [2013-8-20 204568] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-3-10 1255736] . =============== Created Last 30 ================ . 2013-11-03 17:11:08 225280 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll 2013-11-03 17:10:54 -------- d-----w- C:\Program Files (x86)\x264 Video Codec 2013-11-01 12:19:56 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA1DCD32-735F-46C9-B2C8-BAFE41AD4AB5}\mpengine.dll 2013-10-12 17:14:24 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin 2013-10-11 04:08:25 -------- d-----w- C:\ProgramData\kuwodata . ==================== Find3M ==================== . 2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-09-22 23:27:48 61440 ----a-w- C:\windows\SysWow64\iesetup.dll 2013-09-22 23:27:48 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll 2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll 2013-09-22 22:54:50 67072 ----a-w- C:\windows\System32\iesetup.dll 2013-09-22 22:54:50 136704 ----a-w- C:\windows\System32\iesysprep.dll 2013-09-21 03:38:39 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-09-21 03:30:24 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-09-21 02:48:36 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe 2013-09-21 02:39:47 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10:19 497152 ----a-w- C:\windows\System32\drivers\afd.sys 2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll 2013-09-04 12:12:11 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys 2013-09-04 12:11:51 325120 ----a-w- C:\windows\System32\drivers\usbport.sys 2013-09-04 12:11:49 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys 2013-09-04 12:11:43 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys 2013-09-04 12:11:43 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys 2013-09-04 12:11:42 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys 2013-09-04 12:11:40 7808 ----a-w- C:\windows\System32\drivers\usbd.sys 2013-09-04 05:58:11 77184 ----a-w- C:\windows\System32\drivers\tmevtmgr.sys 2013-09-04 05:58:11 175528 ----a-w- C:\windows\System32\drivers\tmcomm.sys 2013-09-04 05:58:11 109072 ----a-w- C:\windows\System32\drivers\tmactmon.sys 2013-09-03 06:35:10 278800 ------w- C:\windows\System32\MpSigStub.exe 2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys 2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll 2013-08-20 13:22:03 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-20 13:22:00 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-08-20 13:22:00 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-08-19 23:02:14 708168 ----a-w- C:\windows\System32\WinUSBCoInstaller.dll 2013-08-19 23:02:14 1490656 ----a-w- C:\windows\System32\WdfCoInstaller01007.dll 2013-08-19 23:02:12 204568 ----a-w- C:\windows\System32\drivers\ssudserd.sys 2013-08-19 23:02:12 204568 ----a-w- C:\windows\System32\drivers\ssudmdm.sys 2013-08-19 23:02:12 103576 ----a-w- C:\windows\System32\drivers\ssudbus.sys . ============= FINISH: 14:32:09.18 =============== My computer does not allow me to run the TDSSKiller.exe, it show an error of "tdsskiller.exe is not a valid Win32 application". and how to i attach the "attach log"?
-
Need some help here! I had stupidly installed the "x264 Video Codecs XP-Win7.exe" and now my computer is being infected! It shut off my window firewall and preventing me to turn it back. I saw some of the threads regarding this malware or virus, but i'm sort of a computer idiot. Hoping i could get some help over here.