Jump to content

Kguanz

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by Kguanz

  1. apparently it wont work for me. Did i uninstall something in the process of removing the virus?
  2. thank a lot! After i install all the updates and reboot it show a Microsoft .NET Framework error See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box. ************** Exception Text **************System.Runtime.InteropServices.COMException (0x80040154): Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)) at System.Windows.Forms.UnsafeNativeMethods.CoCreateInstance(Guid& clsid, Object punkOuter, Int32 context, Guid& iid) at System.Windows.Forms.AxHost.CreateWithoutLicense(Guid clsid) at System.Windows.Forms.AxHost.CreateWithLicense(String license, Guid clsid) at System.Windows.Forms.AxHost.CreateInstanceCore(Guid clsid) at System.Windows.Forms.AxHost.CreateInstance() at System.Windows.Forms.AxHost.GetOcxCreate() at System.Windows.Forms.AxHost.TransitionUpTo(Int32 state) at System.Windows.Forms.AxHost.CreateHandle() at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible) at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible) at System.Windows.Forms.Control.CreateControl() at System.Windows.Forms.Control.WmShowWindow(Message& m) at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.ScrollableControl.WndProc(Message& m) at System.Windows.Forms.ContainerControl.WndProc(Message& m) at System.Windows.Forms.Form.WmShowWindow(Message& m) at System.Windows.Forms.Form.WndProc(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) ************** Loaded Assemblies **************mscorlib Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5472 (Win7SP1GDR.050727-5400)----------------------------------------AsusWSPanel Assembly Version: 1.0.0.0 Win32 Version: 1.0.0.0----------------------------------------System Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)----------------------------------------System.Windows.Forms Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5468 (Win7SP1GDR.050727-5400)----------------------------------------System.Drawing Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)----------------------------------------System.Xml Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5476 (Win7SP1GDR.050727-5400)----------------------------------------System.Management Assembly Version: 2.0.0.0 Win32 Version: 2.0.50727.5420 (Win7SP1.050727-5400)----------------------------------------AxInterop.ShockwaveFlashObjects Assembly Version: 1.0.0.0 Win32 Version: 1.0.0.0----------------------------------------Interop.ShockwaveFlashObjects Assembly Version: 1.0.0.0 Win32 Version: 1.0.0.0---------------------------------------- ************** JIT Debugging **************To enable just-in-time (JIT) debugging, the .config file for thisapplication or computer (machine.config) must have thejitDebugging value set in the system.windows.forms section.The application must also be compiled with debuggingenabled. For example: <configuration> <system.windows.forms jitDebugging="true" /></configuration> When JIT debugging is enabled, any unhandled exceptionwill be sent to the JIT debugger registered on the computerrather than be handled by this dialog box. What does this mean?
  3. downloaded and scanned ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x64Ran by Lai on Mon 18/11/2013 at 21:32:57.74~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 18/11/2013 at 21:36:51.24End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  4. report from security check Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 10.1.6 Adobe Reader out of Date! Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Next step will be?
  5. report from adwcleaner # AdwCleaner v3.012 - Report created 16/11/2013 at 15:31:23# Updated 11/11/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Lai - LAI-PC# Running from : C:\Users\Lai\Desktop\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16736 -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\Lai\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1294 octets] - [15/11/2013 00:04:32]AdwCleaner[R1].txt - [1413 octets] - [16/11/2013 15:30:21]AdwCleaner[s0].txt - [329 octets] - [15/11/2013 00:07:34]AdwCleaner[s1].txt - [1350 octets] - [16/11/2013 15:31:23] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1410 octets] ##########
  6. i managed to run the combofix. however when i tried to clean with the adwcleaner, my whole computer just hanged. ComboFix 13-11-11.01 - Lai 14/11/2013 23:57:36.4.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8157.5944 [GMT 8:00]Running from: c:\users\Lai\Downloads\ComboFix.exeCommand switches used :: c:\users\Lai\Downloads\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll""c:\users\All Users\Microsoft\Media Tools\MediaIconsOverlays.dll""d:\pro evolution soccer 2013\rld.dll"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\x264 Video Codecc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_kernelDeint.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_liba52.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_libdts.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_libfaad2.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_libmad.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_samplerate.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_unrar.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_vfw.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_vfw.dll.manifestc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ff_wmv9.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ffdshow.axc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ffdshow.ax.manifestc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ffdshow_license_source_and_credits.txtc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ffmpeg.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\ffmpegmt.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\libavcodec.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\libmpeg2_ff.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\libmplayer.dllc:\program files (x86)\x264 Video Codec\Filters\FFDShow\openIE.jsc:\program files (x86)\x264 Video Codec\Filters\FFDShow\TomsMoComp_ff.dllc:\program files (x86)\x264 Video Codec\Filters\FLVSplitter.axc:\program files (x86)\x264 Video Codec\Filters\Haali\avi.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\avs.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\avss.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\cue2xml.jsc:\program files (x86)\x264 Video Codec\Filters\Haali\dsmux.exec:\program files (x86)\x264 Video Codec\Filters\Haali\dxr.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\gdsmux.exec:\program files (x86)\x264 Video Codec\Filters\Haali\mkunicode.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\mkv2vfr.exec:\program files (x86)\x264 Video Codec\Filters\Haali\mkx.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\mkzlib.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\mmdinfo.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\mmfinfo.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\mp4.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\ogm.dllc:\program files (x86)\x264 Video Codec\Filters\Haali\splitter.axc:\program files (x86)\x264 Video Codec\Filters\Haali\ts.dllc:\program files (x86)\x264 Video Codec\Filters\Mpeg2DecFilter.axc:\program files (x86)\x264 Video Codec\Filters\vsfilter.dllc:\program files (x86)\x264 Video Codec\Filters\WavPackDSDecoder.axc:\program files (x86)\x264 Video Codec\Filters\WavPackDSSplitter.axc:\program files (x86)\x264 Video Codec\main.icoc:\program files (x86)\x264 Video Codec\Uninstall.exec:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dllc:\users\All Users\Microsoft\Media Tools\MediaIconsOverlays.dllc:\windows\PFRO.logd:\pro evolution soccer 2013\rld.dll..((((((((((((((((((((((((( Files Created from 2013-10-14 to 2013-11-14 )))))))))))))))))))))))))))))))..2013-11-14 16:00 . 2013-11-14 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-14 15:53 . 2013-11-14 15:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD6B067A-BE6A-4587-8E11-BF301986BC41}\offreg.dll2013-11-13 15:31 . 2013-11-13 15:31 -------- d-----w- c:\users\Lai\AppData\Roaming\Malwarebytes2013-11-13 15:31 . 2013-11-13 15:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-11-13 15:31 . 2013-11-13 15:31 -------- d-----w- c:\programdata\Malwarebytes2013-11-13 15:31 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-12 14:57 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD6B067A-BE6A-4587-8E11-BF301986BC41}\mpengine.dll2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA}]c:\users\Lai\funshion\funshiontools\FunshionHelper.dll [bU].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096]"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688]"AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064]"OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848]"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]"iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer4"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x]R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S1 GizmoDrv;Gizmo Device Driver; [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-11-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28].2013-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]"ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-11-15 00:01:52ComboFix-quarantined-files.txt 2013-11-14 16:01ComboFix2.txt 2013-11-13 15:28ComboFix3.txt 2013-11-13 13:21ComboFix4.txt 2013-11-12 15:05.Pre-Run: 9,663,119,360 bytes freePost-Run: 9,599,078,400 bytes free.- - End Of File - - 8E217C2BAC3F87F39CFA5B8E59A4AE1A
  7. Hi, We have been doing a lot of steps and it seems never ending. Could you kindly explain to me what are all these about? what is the main malware or virus that is affecting my computer? I just hope to have better understanding of what i am doing.
  8. here is the log from ESET C:\Program Files (x86)\x264 Video Codec\Filters\Haali\mmdinfo.dll Win32/Sathurbot.A trojanC:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll Win32/Sathurbot.A trojanC:\Users\All Users\Microsoft\Media Tools\MediaIconsOverlays.dll Win32/Sathurbot.A trojanD:\Pro Evolution Soccer 2013\rld.dll Win32/HackTool.Crack.BB application
  9. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.13.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Lai :: LAI-PC [administrator] Protection: Enabled 13/11/2013 11:33:29 PM mbam-log-2013-11-13 (23-33-29).txt Scan type: Full scan (C:\|D:\|E:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 375136 Time elapsed: 27 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCR\fsp (PUP.Funshion) -> Quarantined and deleted successfully. HKCR\Funshion Task (PUP.Funshion) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (PUP.Funshion) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 23 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\Baiduflash (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\Baiduflash\subflash (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\Cacheflash (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flash (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashStamp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\playhome (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\download (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\screensave (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\Seed (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\serv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\Shortcut (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update (PUP.Funshion) -> Quarantined and deleted successfully. Files Detected: 577 C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\Funshion.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\funshionplugin2.dll.vir (PUP.Funshion) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\FunshionService.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\FunshionUpgrade.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\LangResEnAmerican.dll.vir (PUP.Funshion) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\Funshion\RunningFunshionUpgrade.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion Use Help.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\FunshionDoctor.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Pop Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Uninstall Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Update History.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\1363420162_2064350_macross_1361525818_471.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\1363438846_20749013_macross_1363329136_16.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\1363498040_5581113_23623226_1322028705_208.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\1365217016_3935047_17239948_1264675482_871.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\1366180380_81905749_macross_1366133203_904.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\bbinfo.txt (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\crash_dump.dmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\favorites.fav (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\install.ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\platFormGuid.txt (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\Cacheflash\donghuanew_18.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flash\DC996574_2866_7E4D_83BF_B1977BBD144B.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20130716103038-11026092.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20130906193301-5462519.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20130913202220-19579442.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20130913202629-4821602.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20130918140301-4648194.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20130929114730-15749654.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131008170532-11231835.date1384172771.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131015104921-10110637.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131023173205-13521504.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131024113636-12006585.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131025164031-7897512.date1384172771.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131025181946-7677452.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131030161306-18536717.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131031111844-489203.date1383657600.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131101170904-9172355.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131101171038-13184189.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131101211132-3104178.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131104181904-16778194.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131105174811-79082.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131106183427-19467690.date1384055152.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131106191017-1319084.date1384055152.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131107151129-7548167.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131108164517-19872477.date1384172771.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131111105556-2158030.date1384348125.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131112164907-15472585.flv (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\flashNew\20131113162557-14597334.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\playhome\CDC31C17_EDDD_5D25_B71A_0C33B6C566A4.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\playhome\playHome.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\0129141E_970B_C5A1_3F83_C64D2BA24D39.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\01472DBC_2B4D_59E2_941C_110E54377794.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\05E42111_E40F_12F8_A97A_263830365919.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\08602883_07F1_9025_36A5_D01502E607F7.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\08A5EF52_7B9C_6F68_B330_D9471E782147.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\0F4D2788_9530_1F58_BE6A_AE55A2902BB6.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\1121F650_6110_8968_9C82_270CFB3F5B93.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\12D8B180_DF8E_9695_2C45_63DFEE961EE0.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\15332EF0_3B0B_0E8A_2F98_F9843DF4A96E.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\17262EF7_C830_C548_A3D3_5D1B60F69321.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\1C932350_3AB9_3ECF_9BC0_45C93CA975E9.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\22DAE398_9262_0E9D_B51E_16FD9CD5F3FB.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\257AE7CF_5084_7B42_FD32_9FCB606F40BF.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\2985417B_F875_2A19_AFF1_A1FACF97979E.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\29B40C18_FC24_D06D_ABB8_22F31B2C3664.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\2A1A4254_29F0_81A3_078C_60D890C4AFE6.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\2C930878_0495_DF0C_597D_D386ED7D052A.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\2F32544B_0D5B_0463_DE40_BF67F90E75AC.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\33AF91AD_F4FD_19EF_F427_025EC1F7407E.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\361341AC_9536_D8A7_85F3_425D426480F8.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\41579E70_E136_F44B_50E7_823A22437977.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\42717DF6_E097_38B0_A542_04DBA727696C.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\449FD60F_AD69_B650_EC87_54FDC8AF7252.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\46480AC1_9DEB_5C3F_4C3B_13577020CD37.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\468A1698_CA52_0C0F_871A_5F1BCA8C7A4B.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\487BA671_37CD_5283_E281_CE52FCF21BC1.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\4BC3EB4E_AB5D_8FA4_6975_4A9DDB5CD94B.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\4BE0B011_2391_30EE_9CD4_15BDF0D81A49.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\51DA13BB_82A3_7E57_C589_EF6FC194BA49.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\52D6C3AC_2B7D_6B09_8E00_083D9EA375DC.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\5722F2BC_4365_7523_0476_FCAC8FC00A71.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\5AEA230C_F746_3DEE_687C_80FE613D7815.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\5AF83C59_2812_9DC2_9E93_DB608FB9651F.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\5D5CA900_85B9_7FE7_B01F_F82BA948D045.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\5E0636F0_BAA3_D81A_ED73_3F302360C03A.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\60B6563F_4B90_699B_8FB7_E3963A424CF4.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\61A266AA_2DD7_72B7_5E7E_A68BC5688EEE.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\64472E0A_A021_66C0_7A5F_B1C70313866F.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\66A45CFE_8D27_0C53_E8A0_1A161F64A072.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\68A5841C_AFEC_A546_7562_F75DAC4827E0.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\6B7E4A24_CCF4_1770_6516_556A78897556.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\6F349C71_636F_7F59_1824_C21C53F2E963.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\70EBC18A_C453_1307_522E_69B8D7F18DF5.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\72D632DD_A9FB_FC75_FE09_62C7160CBF6A.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\7920093E_94C8_D74D_281D_C61AB4C04C41.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\7A35F37A_6235_85EE_0E18_F9948AE19382.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\7DBFCEE4_AA01_5D47_DF29_C46FB06B3661.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\7EF8D0EE_A623_3C6F_8389_E4EB9332977D.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\860E40B9_BCF9_135E_3A45_A23B4F0A5E94.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\86F4DB4E_518B_8757_F485_99A870B83241.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\892E7EBF_1D3B_8CD1_62D9_EEE1C2511713.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\8A0F80F2_6677_B0FE_0E10_3EA3FD35660C.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\8AF3F64C_0E7E_B0BF_B295_FC5E747E7574.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\8D2055C0_FAFC_CFF8_8BF7_CFE780370297.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\8E1E19EC_A955_46A8_8C63_2111BF9F4423.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\8EBE42F3_F9F3_7707_2DCE_F264F7B91FCD.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\916994EB_F942_D48C_6370_3B4928BBF0FE.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\9661AB71_0011_D881_6BE9_E925846596ED.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\980F1BE5_12CA_CC61_9754_365A02BB5E8C.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\99047720_7DC0_F231_5137_E153F457E3D3.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\995B8284_22D5_EA2A_DDA0_AA0C4FBCF85F.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\99B48DAD_E5B6_3255_EC9D_141EA264AEC5.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\9A8F52D0_4EC0_2AB9_14F1_8D228EA16333.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\A138277C_3F32_559F_DEED_090D3F720678.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\A2650BE4_99B7_5E1B_4F97_C6DAA399834D.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\A2D84A58_8C00_814F_8D24_4159ED276FC0.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\AB7A72B1_C68A_28D6_CC7A_5182E9270160.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\ABCFBD64_A3AF_2656_1BA1_3907C68BE9DC.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\ADB497B9_54C8_0711_6207_6F257EB11360.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\AE6869EA_E06F_4769_1F19_6168746FE04D.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\B3381750_E20B_FAC8_4979_8C9FBAC15371.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\B80498BC_0044_D2B6_4F7F_14548A84B2A6.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\BAB74C6D_259A_E6DC_CB9C_69CF9069A910.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\BC1EE9DD_F090_22DB_CE56_805CD46D4A54.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\C2B31CA2_AFF1_5FFE_933B_6DF05681E779.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\C3A196F6_A079_9D5E_D09D_DE0906A62EE6.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\C797E28D_9A1B_6712_BD38_413EBBC3FF19.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\C897D86F_FE6C_23F5_B019_E8DDCA6A39B9.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\CE72F55C_5DC9_C928_F6EC_8B7C17FBC984.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\D41AE267_7341_D4E1_FC81_C31183136C87.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\D56973A3_93F5_B294_53CF_D83D958836A5.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\DA24F1D3_53B4_DDB9_07F5_788D0B9CCA50.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\DA9FD54F_D14C_28BF_8265_00AD158B2F5C.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\DF656585_8B5E_9C8B_AB64_92A2B28E2C91.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\E5F2D129_0886_E762_E694_8A48A94FC418.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\ED20B98C_DCFE_D7E9_3C2D_30ECF1EB69EC.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\EE24058F_FD8E_B121_6F30_9F6483611B5A.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\EF97DBFB_920C_BE41_BD9C_D66FF7F3158F.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\F1A4A8A2_682C_8729_CE59_8C11B48DFFB5.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\FA19F3B4_A945_756F_1D98_BFB396F5718A.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\cache\popwind\FACC5957_3EC6_830C_66A0_02921E9D4588.swf (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1362813158_1362813158_9094450_macross_1362737396_181.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1362813158_1362813158_9094450_macross_1362737396_181.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1362835584_1362835583_31519739_macross_1339553823_85.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1362835584_1362835583_31519739_macross_1339553823_85.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363261225_1363261225_27331_f7b1f9060b4a35e0ce6c42be2722ad179f37c44c.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363261225_1363261225_27331_f7b1f9060b4a35e0ce6c42be2722ad179f37c44c.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363348840_1363348840_33373_7e7ea8e4ccb3ff72fa1029ac8725eeb137bd3b67.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363348840_1363348840_33373_7e7ea8e4ccb3ff72fa1029ac8725eeb137bd3b67.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363418249_1363418249_151507_macross_1360308796_503.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363418249_1363418249_151507_macross_1360308796_503.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363418398_1363418398_300438_macross_1360916143_314.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363418398_1363418398_300438_macross_1360916143_314.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363420177_1363420162_2064350_macross_1361525818_471.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363420177_1363420162_2064350_macross_1361525818_471.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363438862_1363438846_20749013_macross_1363329136_16.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363438862_1363438846_20749013_macross_1363329136_16.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363545635_1363545634_46014278_macross_1361081407_923.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363545635_1363545634_46014278_macross_1361081407_923.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363693623_1363693623_70322_23623226_1322028711_312.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363693623_1363693623_70322_23623226_1322028711_312.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363778409_1363778408_115990_23623226_1322028701_742.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1363778409_1363778408_115990_23623226_1322028701_742.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364045926_1364045926_8277824_macross_1363937575_32.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364045926_1364045926_8277824_macross_1363937575_32.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364084698_1364084685_3543379_macross_1362973225_680.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364084698_1364084685_3543379_macross_1362973225_680.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364084766_1364084766_3624653_e9952b5d1c1d52cdbfcfd2d7d2536ddad1b287ca.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364084766_1364084766_3624653_e9952b5d1c1d52cdbfcfd2d7d2536ddad1b287ca.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364084766_1364084766_3624798_macross_1362367221_482.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364084766_1364084766_3624798_macross_1362367221_482.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364376672_1364376672_133405_macross_1363848077_57.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1364376672_1364376672_133405_macross_1363848077_57.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365154762_1365154761_70868795_macross_1364797764_944.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365154762_1365154761_70868795_macross_1364797764_944.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365213159_1365213159_77302_17239948_1264675398_138.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365213159_1365213159_77302_17239948_1264675398_138.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365213159_1365213159_77331_2abe3271a1366fef9c27d10ff14ae20d79e7ce89.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365213159_1365213159_77331_2abe3271a1366fef9c27d10ff14ae20d79e7ce89.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365217030_1365217016_3935047_17239948_1264675482_871.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365217030_1365217016_3935047_17239948_1264675482_871.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365855808_1365855794_143674_macross_1364046745_710.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365855808_1365855794_143674_macross_1364046745_710.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365855871_1365855855_205108_macross_1363577481_32.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1365855871_1365855855_205108_macross_1363577481_32.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366032601_1366032596_20995342_macross_1355377191_422.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366032601_1366032596_20995342_macross_1355377191_422.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366032646_1366032646_21045472_macross_1354677924_309.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366032646_1366032646_21045472_macross_1354677924_309.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366034217_1366034217_22616285_macross_1355302230_786.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366034217_1366034217_22616285_macross_1355302230_786.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366036769_1366036768_25167827_macross_1355904611_877.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366036769_1366036768_25167827_macross_1355904611_877.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366038991_1366038988_27387303_macross_1358329412_436.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366038991_1366038988_27387303_macross_1358329412_436.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366111806_1366111805_13330737_macross_1358907370_158.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366111806_1366111805_13330737_macross_1358907370_158.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366113107_1366113107_14631908_macross_1360121301_44.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366113107_1366113107_14631908_macross_1360121301_44.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366115315_1366115310_16835040_macross_1360725369_913.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366115315_1366115310_16835040_macross_1360725369_913.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366162507_1366162493_64018353_macross_1361337904_542.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366162507_1366162493_64018353_macross_1361337904_542.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366172794_1366172779_74304537_macross_1361945763_749.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366172794_1366172779_74304537_macross_1361945763_749.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366174659_1366174658_76183582_macross_1363685635_812.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366174659_1366174658_76183582_macross_1363685635_812.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366178992_1366178992_80516825_macross_1364355195_17.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366178992_1366178992_80516825_macross_1364355195_17.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366180395_1366180380_81905749_macross_1366133203_904.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366180395_1366180380_81905749_macross_1366133203_904.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366358488_1366358487_9322576_4b3c646cfc3256f261566730e16886a78d8aaedc.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366358488_1366358487_9322576_4b3c646cfc3256f261566730e16886a78d8aaedc.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366358488_1366358488_9322808_18524595_1291278212_656.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366358488_1366358488_9322808_18524595_1291278212_656.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366426052_1366426052_76887208_20080446_1307007410_658.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366426052_1366426052_76887208_20080446_1307007410_658.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366433023_1366433023_5485486_456e078f9abc069db837ef160d0444843b8c874b.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366433023_1366433023_5485486_456e078f9abc069db837ef160d0444843b8c874b.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366464761_1366464748_37211129_macross_1366360363_324.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366464761_1366464748_37211129_macross_1366360363_324.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366464761_1366464760_37223184_f0b91976f5f00157f93c699b2deb2baa261b3782.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366464761_1366464760_37223184_f0b91976f5f00157f93c699b2deb2baa261b3782.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366514323_1366514321_27076_24272712_1324455068_244.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366514323_1366514321_27076_24272712_1324455068_244.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366981440_1366981434_162712_macross_1366967523_782.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366981440_1366981434_162712_macross_1366967523_782.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366981440_1366981440_168252_860715ed42edfe5fcfd358bb2288b762185e32e4.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1366981440_1366981440_168252_860715ed42edfe5fcfd358bb2288b762185e32e4.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367134935_1367134921_46526_macross_1366958547_887.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367134935_1367134921_46526_macross_1366958547_887.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367586329_1367586319_3320801_macross_1367570641_246.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367586329_1367586319_3320801_macross_1367570641_246.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367641476_1367641465_36720_macross_1367593663_702.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367641476_1367641465_36720_macross_1367593663_702.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367661214_1367661210_19782013_macross_1367463152_264.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367661214_1367661210_19782013_macross_1367463152_264.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367661214_1367661214_19785618_e06c30783a6c7ad7fc5f22d1df052f2decac1d51.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367661214_1367661214_19785618_e06c30783a6c7ad7fc5f22d1df052f2decac1d51.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367682672_1367682672_41243617_macross_1338539137_384.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367682672_1367682672_41243617_macross_1338539137_384.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367727180_1367727180_6118080_24726995_1322032609_698.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1367727180_1367727180_6118080_24726995_1322032609_698.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368189368_1368189368_50511_macross_1368172645_33.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368189368_1368189368_50511_macross_1368172645_33.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368244685_1368244685_55367165_macross_1368175043_851.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368244685_1368244685_55367165_macross_1368175043_851.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368796701_1368796701_105785_macross_1368705543_463.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368796701_1368796701_105785_macross_1368705543_463.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368933817_1368933816_34805_macross_1368779075_649.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368933817_1368933816_34805_macross_1368779075_649.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368935870_1368935870_2089373_macross_1338172555_376.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368935870_1368935870_2089373_macross_1338172555_376.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368936164_1368936164_2382880_5881262_1216799458_647.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1368936164_1368936164_2382880_5881262_1216799458_647.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369236740_1369236740_1514898_macross_1368693515_202.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369236740_1369236740_1514898_macross_1368693515_202.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369236740_1369236740_1515241_d058b26036638b20fe4bdd37454f038e7efa3883.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369236740_1369236740_1515241_d058b26036638b20fe4bdd37454f038e7efa3883.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312892_1369312891_15151682_macross_1363852871_580.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312892_1369312891_15151682_macross_1363852871_580.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312900_1369312900_15160595_macross_1364456955_443.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312900_1369312900_15160595_macross_1364456955_443.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312910_1369312910_15170416_macross_1365068449_974.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312910_1369312910_15170416_macross_1365068449_974.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312937_1369312923_15184218_macross_1366877561_444.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369312937_1369312923_15184218_macross_1366877561_444.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369378264_1369378249_9908483_macross_1367515213_627.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369378264_1369378249_9908483_macross_1367515213_627.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369378273_1369378273_9931989_macross_1368090222_861.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369378273_1369378273_9931989_macross_1368090222_861.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369400491_1369400491_32150151_macross_1369383569_320.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369400491_1369400491_32150151_macross_1369383569_320.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369417623_1369417622_158685_macross_1367485296_926.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369417623_1369417622_158685_macross_1367485296_926.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369450550_1369450550_459129_macross_1367478884_233.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369450550_1369450550_459129_macross_1367478884_233.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369488706_1369488706_38615088_7014043_1235466100_290.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369488706_1369488706_38615088_7014043_1235466100_290.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369488820_1369488820_38728917_7014043_1224486172_465.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369488820_1369488820_38728917_7014043_1224486172_465.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369492312_1369492312_42221198_macross_1356412837_703.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369492312_1369492312_42221198_macross_1356412837_703.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369539473_1369539459_89368100_macross_1368522002_285.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1369539473_1369539459_89368100_macross_1368522002_285.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370077050_1370077050_14875617_macross_1369982659_488.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370077050_1370077050_14875617_macross_1369982659_488.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263803_1370263802_48380_5274aef4290adf13f8535d00756373a32c65dbe4.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263803_1370263802_48380_5274aef4290adf13f8535d00756373a32c65dbe4.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263803_1370263802_49005_macross_1360813863_420.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263803_1370263802_49005_macross_1360813863_420.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263816_1370263815_61528_macross_1360897310_670.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263816_1370263815_61528_macross_1360897310_670.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263821_1370263821_67667_macross_1361415948_633.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263821_1370263821_67667_macross_1361415948_633.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263833_1370263833_79235_macross_1361502662_119.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263833_1370263833_79235_macross_1361502662_119.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263854_1370263842_88851_macross_1362033818_301.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370263854_1370263842_88851_macross_1362033818_301.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370763931_1370763931_85900213_macross_1370670422_787.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1370763931_1370763931_85900213_macross_1370670422_787.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1371958069_1371958068_37880_macross_1359078393_59.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1371958069_1371958068_37880_macross_1359078393_59.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1371958176_1371958176_145343_heishehui1.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1371958176_1371958176_145343_heishehui1.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372396269_1372396269_107391_macross_1372311900_263.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372396269_1372396269_107391_macross_1372311900_263.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372402332_1372402332_6170335_18277256_1333009755_361.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372402332_1372402332_6170335_18277256_1333009755_361.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372526355_1372526355_56440902_macross_1372393380_495.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372526355_1372526355_56440902_macross_1372393380_495.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372908118_1372908117_29853797_macross_1371520367_102.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1372908118_1372908117_29853797_macross_1371520367_102.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373105423_1373105422_15186980_75b9e557fb7bb6c2daa0e11d2c4c08b6e9a14f42.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373105423_1373105422_15186980_75b9e557fb7bb6c2daa0e11d2c4c08b6e9a14f42.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373105423_1373105423_15187326_macross_1372827190_382.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373105423_1373105423_15187326_macross_1372827190_382.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373108996_1373108989_18753052_18277256_1282188110_19.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373108996_1373108989_18753052_18277256_1282188110_19.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373108996_1373108996_18760422_206c2c8ea94a94064612e84f13bd5d8f9e58ace2.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373108996_1373108996_18760422_206c2c8ea94a94064612e84f13bd5d8f9e58ace2.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373212056_1373212056_1175091_macross_1369188502_878.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373212056_1373212056_1175091_macross_1369188502_878.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373948974_1373948974_472465_macross_1361867608_859.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373948974_1373948974_472465_macross_1361867608_859.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373983687_1373983682_5797634_macross_1373431926_525.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1373983687_1373983682_5797634_macross_1373431926_525.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374126254_1374126240_125320_macross_1374030545_878.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374126254_1374126240_125320_macross_1374030545_878.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374164651_1374164651_27526_macross_1374124913_987.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374164651_1374164651_27526_macross_1374124913_987.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374207099_1374207099_125327_macross_1362559110_47.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374207099_1374207099_125327_macross_1362559110_47.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374941013_1374941013_246607_macross_1339408121_800.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1374941013_1374941013_246607_macross_1339408121_800.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1375288309_1375288309_106307_macross_1375077181_233.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1375288309_1375288309_106307_macross_1375077181_233.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1375959178_1375959178_27853942_31459691_1332835019_474.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1375959178_1375959178_27853942_31459691_1332835019_474.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1376011481_1376011481_80157042_macross_1375679223_290.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1376011481_1376011481_80157042_macross_1375679223_290.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1376140125_1376140125_208801041_macross_1340964516_642.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1376140125_1376140125_208801041_macross_1340964516_642.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1376234196_1376234196_302872426_24570037_1314698723_324.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1376234196_1376234196_302872426_24570037_1314698723_324.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377072846_1377072846_48843807_macross_1375945657_197.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377072846_1377072846_48843807_macross_1375945657_197.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377409921_1377409921_155504111_5372255_1208327588_158.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377409921_1377409921_155504111_5372255_1208327588_158.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377409946_1377409946_155528445_24726995_1322032758_982.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377409946_1377409946_155528445_24726995_1322032758_982.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377660722_1377660722_130669460_macross_1377234285_768.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377660722_1377660722_130669460_macross_1377234285_768.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377744741_1377744741_214689094_macross_1363759896_230.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377744741_1377744741_214689094_macross_1363759896_230.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377799061_1377799061_269009011_macross_1363243408_621.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377799061_1377799061_269009011_macross_1363243408_621.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377883492_1377883492_1157951_macross_1376041180_530.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377883492_1377883492_1157951_macross_1376041180_530.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377916381_1377916381_38793_macross_1351493668_496.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377916381_1377916381_38793_macross_1351493668_496.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377916438_1377916438_96011_macross_1360331118_631.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377916438_1377916438_96011_macross_1360331118_631.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377946266_1377946265_29923686_macross_1377746765_79.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1377946266_1377946265_29923686_macross_1377746765_79.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1378227666_1378227666_4965482_macross_1377587426_422.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1378227666_1378227666_4965482_macross_1377587426_422.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1378546787_1378546787_228784686_24726995_1322119840_611.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1378546787_1378546787_228784686_24726995_1322119840_611.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1379081942_1379081942_10707790_macross_1379058580_280.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1379081942_1379081942_10707790_macross_1379058580_280.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1379515641_1379515641_99353738_macross_1379418452_411.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1379515641_1379515641_99353738_macross_1379418452_411.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1379610664_1379610664_2041284_18524595_1306920550_514.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1379610664_1379610664_2041284_18524595_1306920550_514.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380292832_1380292832_95274497_23D8CC90D647D9D051BFE992239D04C66A11FD03.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380292832_1380292832_95274497_23D8CC90D647D9D051BFE992239D04C66A11FD03.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380292832_1380292832_95274578_macross_1380088167_720.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380292832_1380292832_95274578_macross_1380088167_720.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380342430_1380342430_144872045_2081978155089FE7AA50756CCBA837A7B6464D4E.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380342430_1380342430_144872045_2081978155089FE7AA50756CCBA837A7B6464D4E.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380342430_1380342430_144872283_macross_1380290183_632.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380342430_1380342430_144872283_macross_1380290183_632.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380344039_1380344039_146481078_macross_1380290163_552.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380344039_1380344039_146481078_macross_1380290163_552.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380382192_1380382192_184633954_macross_1377680028_988.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380382192_1380382192_184633954_macross_1377680028_988.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380679489_1380679485_257708_macross_1380628840_98.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380679489_1380679485_257708_macross_1380628840_98.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380682974_1380682974_3746678_macross_1380272339_348.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380682974_1380682974_3746678_macross_1380272339_348.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380717476_1380717476_38248508_macross_1377310329_346.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380717476_1380717476_38248508_macross_1377310329_346.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380819409_1380819409_140181531_macross_1374134279_357.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380819409_1380819409_140181531_macross_1374134279_357.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380884655_1380884648_19954934_macross_1380868029_219.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1380884655_1380884648_19954934_macross_1380868029_219.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381419365_1381419362_14190051_F2485A13D8B0C5A6AA5A084C444B2835C23A8668.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381419365_1381419362_14190051_F2485A13D8B0C5A6AA5A084C444B2835C23A8668.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381419365_1381419365_14192959_macross_1381405953_201.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381419365_1381419365_14192959_macross_1381405953_201.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381489917_1381489917_144470_E119CFA0755CD860C5A15D455FE32412A250F7E1.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381489917_1381489917_144470_E119CFA0755CD860C5A15D455FE32412A250F7E1.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381489917_1381489917_144855_macross_1381060214_669.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381489917_1381489917_144855_macross_1381060214_669.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381504345_1381504345_14572624_macross_1381478949_347.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381504345_1381504345_14572624_macross_1381478949_347.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381548528_1381548522_58749542_macross_1380888169_443.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381548528_1381548522_58749542_macross_1380888169_443.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381548582_1381548573_58800025_macross_1381475489_685.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381548582_1381548573_58800025_macross_1381475489_685.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381586756_1381586756_19437787_macross_1381567606_546.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381586756_1381586756_19437787_macross_1381567606_546.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381805266_1381805266_747246_macross_1381738835_232.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381805266_1381805266_747246_macross_1381738835_232.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381805266_1381805266_747249_A06903EAF8FA7EE85CD1C4FD7B08284872432B4D.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381805266_1381805266_747249_A06903EAF8FA7EE85CD1C4FD7B08284872432B4D.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381825504_1381825504_10146279_24727249_1314943979_162.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1381825504_1381825504_10146279_24727249_1314943979_162.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382015645_1382015645_600942_macross_1382004365_555.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382015645_1382015645_600942_macross_1382004365_555.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382090479_1382090466_14282981_macross_1382080448_61.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382090479_1382090466_14282981_macross_1382080448_61.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382177947_1382177941_101758409_macross_1381908618_659.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382177947_1382177941_101758409_macross_1381908618_659.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382179953_1382179952_103768843_macross_1382087422_962.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382179953_1382179952_103768843_macross_1382087422_962.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382200167_1382200167_123984669_BC52AFC1CF789049C220480F25B6F7F54134AAFA.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382200167_1382200167_123984669_BC52AFC1CF789049C220480F25B6F7F54134AAFA.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382200168_1382200162_123979399_macross_1382098849_980.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382200168_1382200162_123979399_macross_1382098849_980.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382200685_1382200682_124499172_macross_1382098850_864.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382200685_1382200682_124499172_macross_1382098850_864.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382201175_1382201175_124992574_macross_1382098850_103.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382201175_1382201175_124992574_macross_1382098850_103.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382274174_1382274174_197990887_macross_1373882791_508.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382274174_1382274174_197990887_macross_1373882791_508.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382345914_1382345914_1397789_1451101_1219112688_95.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382345914_1382345914_1397789_1451101_1219112688_95.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382415615_1382415615_1454419_macross_1340954934_794.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382415615_1382415615_1454419_macross_1340954934_794.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382416540_1382416540_2379371_24570037_1328518718_363.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382416540_1382416540_2379371_24570037_1328518718_363.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382431560_1382431559_17398393_24570037_1325302917_748.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382431560_1382431559_17398393_24570037_1325302917_748.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382440941_1382440941_26780107_macross_1340941018_349.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382440941_1382440941_26780107_macross_1340941018_349.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382541336_1382541321_15895280_macross_1382350470_389.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382541336_1382541321_15895280_macross_1382350470_389.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382618324_1382618309_221856_macross_1382601854_639.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382618324_1382618309_221856_macross_1382601854_639.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382703162_1382703155_162632_macross_1382683181_822.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382703162_1382703155_162632_macross_1382683181_822.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382711147_1382711146_8154333_macross_1381916243_531.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382711147_1382711146_8154333_macross_1381916243_531.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382762477_1382762477_59484558_macross_1382692808_979.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382762477_1382762477_59484558_macross_1382692808_979.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382875748_1382875746_172753971_macross_1382438883_529.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382875748_1382875746_172753971_macross_1382438883_529.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382877321_1382877321_174328834_macross_1351828290_768.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382877321_1382877321_174328834_macross_1351828290_768.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382877708_1382877707_174715285_macross_1351842358_856.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1382877708_1382877707_174715285_macross_1351842358_856.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383053439_1383053439_8498506_macross_1382949605_849.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383053439_1383053439_8498506_macross_1382949605_849.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383240232_1383240222_849163_macross_1383212725_621.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383240232_1383240222_849163_macross_1383212725_621.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383402604_1383402600_38710253_macross_1383294309_920.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383402604_1383402600_38710253_macross_1383294309_920.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383411528_1383411528_47638812_macross_1383035344_492.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383411528_1383411528_47638812_macross_1383035344_492.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383462034_1383462032_98142866_macross_1370767672_164.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383462034_1383462032_98142866_macross_1370767672_164.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383462034_1383462033_98143840_f1b79f725c59a20e0081f0c333639018eb50f9e1.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383462034_1383462033_98143840_f1b79f725c59a20e0081f0c333639018eb50f9e1.json_backup (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383462246_1383462246_98356547_macross_1375336869_23.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383462246_1383462246_98356547_macross_1375336869_23.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383583918_1383583918_220028333_macross_1383556029_502.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383583918_1383583918_220028333_macross_1383556029_502.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383836907_1383836907_2632568_macross_1383736336_791.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383836907_1383836907_2632568_macross_1383736336_791.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383878285_1383878285_44010536_6634280_1292815851_339.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383878285_1383878285_44010536_6634280_1292815851_339.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383979979_1383979979_145705216_macross_1383893130_734.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1383979979_1383979979_145705216_macross_1383893130_734.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1384181095_1384181095_8377351_macross_1383817497_87.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1384181095_1384181095_8377351_macross_1383817497_87.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1384254716_1384254701_1680480_macross_1384162872_920.dat (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\control\1384254716_1384254701_1680480_macross_1384162872_920.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\download\FunshionInstall2.8.6.56.exe (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\DiagnosticConfig.xml (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\FunshionDoctor.exe (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\report.txt (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\TmpFile.zip (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\ArrowLeft.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\Bk.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bk_homepage.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bk_projection.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bmpdetection.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bmpexception.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bmpNormal.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\btn_Ignore.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\btn_Ignore.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\btn_normal.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\cancel.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\cancle_result.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\checkDown.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\checking.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\checkUp.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\close.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\expend.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\feedback.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\hide.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\icon_detecting.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\Icon_Green.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\line.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\littleicon_help.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\NoNet.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\Normal.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\progress_bar.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\question.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\repair.gif (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\repairing.gif (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\repairSucess.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\repair_animation.gif (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\restartFunshion.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\restartFunshionLater.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\restartfunshion_close.bmp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\result_question.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\ScrollBar.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\startBK.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\startCheck.png (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\funshionDoctor\Tools_skin\Õï¶Ï¹¤¾ß-Òì³£icon.jpg (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\吸血鬼日记第五季-第5集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\寂静岭(130731)-DVD.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\异能-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\无可匹敌(131105)-720P.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\沙画泰坦尼克-DVD.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\激战-720P.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\生死救婴.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\绿箭侠第二季-第4集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\行尸走肉第四季-第3集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\行尸走肉第四季-第4集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\行尸走肉第四季-第5集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\historyTorrent\赏金杀手-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\ini\httpfile.ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\ini\temp_config.ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\Shortcut\FunShortcut.ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\adConfig.xml (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\adConfig.xml.bak (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\AdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\adMaterialsTable1.xml (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\ad_define.fai (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\ad_define.fai.bak (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\ad_material.fax (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\dlpopwind.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\flashParam.txt (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\flashParam.txt.bak (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\Funshion Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\hermes.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\MiniAdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\minisite.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\Pop Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\popwind.json (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\StampPolicy.txt (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\textAdLink.xml (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\textMiniAdLink.xml (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\updatexmlfile.txt (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\热门游戏.lnk (PUP.Funshion) -> Quarantined and deleted successfully. C:\Users\Lai\funshion\update\购物网站大全.lnk (PUP.Funshion) -> Quarantined and deleted successfully. (end)
  10. Combofix ComboFix 13-11-11.01 - Lai 13/11/2013 23:24:29.3.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8157.6423 [GMT 8:00]Running from: c:\users\Lai\Downloads\ComboFix.exeCommand switches used :: c:\users\Lai\Downloads\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2013-10-13 to 2013-11-13 )))))))))))))))))))))))))))))))..2013-11-13 15:27 . 2013-11-13 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-12 14:57 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD6B067A-BE6A-4587-8E11-BF301986BC41}\mpengine.dll2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple2013-11-03 17:11 . 2013-11-03 17:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll2013-11-03 17:10 . 2013-11-03 17:11 -------- d-----w- c:\program files (x86)\x264 Video Codec...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA}]c:\users\Lai\funshion\funshiontools\FunshionHelper.dll [bU].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096]"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688]"AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064]"OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848]"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]"iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer4"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x]R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S1 GizmoDrv;Gizmo Device Driver; [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28].2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]"ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)AddRemove-Funshion - c:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-11-13 23:28:15ComboFix-quarantined-files.txt 2013-11-13 15:28ComboFix2.txt 2013-11-13 13:21ComboFix3.txt 2013-11-12 15:05.Pre-Run: 10,469,027,840 bytes freePost-Run: 10,394,796,032 bytes free.- - End Of File - - 3E8EB4C64344412F6622534195520F1B
  11. ComboFix 13-11-11.01 - Lai 13/11/2013 21:14:25.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8157.6107 [GMT 8:00] Running from: c:\users\Lai\Downloads\ComboFix.exe Command switches used :: c:\users\Lai\Downloads\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Funshion Online c:\program files (x86)\Funshion Online\2.8.6.56\atrc.dll c:\program files (x86)\Funshion Online\2.8.6.56\cook.dll c:\program files (x86)\Funshion Online\2.8.6.56\CoreAAC.ax c:\program files (x86)\Funshion Online\2.8.6.56\CoreAVC.ax c:\program files (x86)\Funshion Online\2.8.6.56\CrashReport.exe c:\program files (x86)\Funshion Online\2.8.6.56\drvc.dll c:\program files (x86)\Funshion Online\2.8.6.56\funoictl.dll c:\program files (x86)\Funshion Online\2.8.6.56\Funshion.exe c:\program files (x86)\Funshion Online\2.8.6.56\funshion.ini c:\program files (x86)\Funshion Online\2.8.6.56\FunshionGame2.ico c:\program files (x86)\Funshion Online\2.8.6.56\funshionplugin2.dll c:\program files (x86)\Funshion Online\2.8.6.56\FunshionService.exe c:\program files (x86)\Funshion Online\2.8.6.56\FunshionUpgrade.exe c:\program files (x86)\Funshion Online\2.8.6.56\Funshop4.ico c:\program files (x86)\Funshion Online\2.8.6.56\gma.dll c:\program files (x86)\Funshion Online\2.8.6.56\icon\MP4.ico c:\program files (x86)\Funshion Online\2.8.6.56\icon\RMVB.ico c:\program files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe c:\program files (x86)\Funshion Online\2.8.6.56\LangResEnAmerican.dll c:\program files (x86)\Funshion Online\2.8.6.56\pncrt.dll c:\program files (x86)\Funshion Online\2.8.6.56\pndx5016.dll c:\program files (x86)\Funshion Online\2.8.6.56\pndx5032.dll c:\program files (x86)\Funshion Online\2.8.6.56\pos.ini c:\program files (x86)\Funshion Online\2.8.6.56\rmoc3260.dll c:\program files (x86)\Funshion Online\2.8.6.56\SimpleIE.dll c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AbnormalPopWndCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AddListFile.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AddMore.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AdPackUpBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AdTimer.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpCleanFile.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpClearDisk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpError.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpError_IE.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpPlayBarTip.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpPrompt.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpQuestion.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpTimerClose.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpYellowQuestion.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\btn_normal.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\btn_normalEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Buffering.gif c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CaptionText.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CaptionTextEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Box.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Box.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Check.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Check.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\checkSkin.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ClearFile.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\cycle.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Default.fskin c:\program files (x86)\Funshion Online\2.8.6.56\skin1\DelListFile.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\DiskWarnning.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\DownloadJsonClose.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Family.fskin c:\program files (x86)\Funshion Online\2.8.6.56\skin1\IErrorReshBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\IErrorWndBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgCleanFileBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgCloseMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgFullViewMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgMinViewMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgNonTopViewMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgNormalViewMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgStandardMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgStandardMiniEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgTopViewMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumb.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumbSel.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumbSel.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\KuWo.fskin c:\program files (x86)\Funshion Online\2.8.6.56\skin1\list_expend.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\logo.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\LogoMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\LogoMiniEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnArrow.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnDownArrow.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnUpArrow.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplidBarHead.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplidBarTrail.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplideBarBkgnd.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplideBarThumb.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionText.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionTextEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PauseAdCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PauseFlickerBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnFullView.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNext.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNextMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNonTop.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNormal.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPause.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPauseMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlay.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlayList.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlayMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPre.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPreMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnSimple.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnSimpleEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnStop.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnStopMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnTop.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolMute.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolume.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolumeMini.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarOpenFile.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerTipCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayInfoCurPlay.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayList.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayListEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBar.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBarThumb.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBarThumbSel.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Popular.fskin c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlBtnSplitter.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCheckBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCheckBtnCheck.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtn.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtnAbnormal.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlIcon.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlMiniBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlMiniBtn.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlSetBtn.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RadioBtnBox.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RadioBtnPt.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RpcLoading.gif c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RpcStartDlgBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Scroll.gif c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarDownArrow.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarDownArrowOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarUpArrow.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarUpArrowOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerBkgnd.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerBkgndOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetBkgnd.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetBkgndOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetHead.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetHeadOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetMid.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetMidOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetTrail.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetTrailOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollLinkBkgnd.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\selected.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ShowPlayInfoBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\small.zip c:\program files (x86)\Funshion Online\2.8.6.56\skin1\smallerror.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\smallerror.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\switchToLibrary.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\switchToPlayer.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskDelete.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskDownLoad.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskList.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListEn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListStatIcons.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListStatSelIcon.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskManagerCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskManagerCloseTxtBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskPaused.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TextBtnBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TipTopArrow.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\BmpDetect.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpdetection.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpexception.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpNormal.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpOK.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\CaptionCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\CaptionMinBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\feedbackbtnbk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\forumhelpbtnbk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\funshionmark.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifChecking.gif c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifRepairing.gif c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifScanning.gif c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ignorebtnbk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProblemHelpBtnBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\problemtabbk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProgressBarBK.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProgressBarFG.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\question.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\recheck.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\repairBtnBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ReRepairBtnBk.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\RestoreBtnBK.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarDownArrowOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarUpArrowOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerBkgndOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetBkgndOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetHeadOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetMidOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetTrailOption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TopLeftCornor.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TopRightCornor.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TrayWndclose.png c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmBkgnd.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmIgoreBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmUpdateBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateCapBkgnd.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateCaption.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconFail.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconInit.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconSuc.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\VolumeMute.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\VolumeNoMute.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\WebCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\WebCloseBtnRgn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\skin1\WndCloseBtn.bmp c:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exe c:\program files (x86)\Funshion Online\Funshion\Funshion.lnk c:\program files (x86)\Funshion Online\Funshion\RunningFunshionUpgrade.exe c:\users\Lai\funshion\funshiontools c:\users\Lai\funshion\funshiontools\FunshionHelper.dll c:\users\Lai\funshion\funshiontools\gma.dll c:\users\Lai\funshion\funshiontools\npFunshion.dll c:\users\Public\Fundata c:\users\Public\Fundata\baychimo.dll c:\users\Public\Fundata\DangerAppInfo.dll c:\users\Public\Fundata\Donovan.dll c:\users\Public\Fundata\Fighter.daw c:\users\Public\Fundata\FunDodge.dll c:\users\Public\Fundata\FunNail.dll c:\users\Public\Fundata\FunPioneer.dll c:\users\Public\Fundata\FunSeed64V782.dll c:\users\Public\Fundata\FunShadow.dll c:\users\Public\Fundata\FunshionSync.dll c:\users\Public\Fundata\FunWorks.daw c:\users\Public\Fundata\FunWorks64.dll c:\users\Public\Fundata\FunWorksTmp.dll c:\users\Public\Fundata\gma.dll c:\users\Public\Fundata\InstalledAppInfo.daw c:\users\Public\Fundata\LuaConfig.txt c:\users\Public\Fundata\LuaInterface_mt.dll c:\users\Public\Fundata\Midnight.dll c:\users\Public\Fundata\MiniPak.dll c:\users\Public\Fundata\Nail.lua c:\users\Public\Fundata\sdodge.daw c:\users\Public\Fundata\SeedIcon.ico c:\users\Public\Fundata\sres.daw c:\users\Public\Fundata\timeactionres.daw c:\users\Public\Fundata\Visitor.dll c:\users\Public\Fundata\VisitorResult.daw . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_FunshionSvr . . ((((((((((((((((((((((((( Files Created from 2013-10-13 to 2013-11-13 ))))))))))))))))))))))))))))))) . . 2013-11-13 13:17 . 2013-11-13 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-12 14:57 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD6B067A-BE6A-4587-8E11-BF301986BC41}\mpengine.dll 2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple 2013-11-03 17:11 . 2013-11-03 17:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll 2013-11-03 17:10 . 2013-11-03 17:11 -------- d-----w- c:\program files (x86)\x264 Video Codec . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin 2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll 2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll 2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll 2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll 2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll 2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll 2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll 2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll 2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll 2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys 2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096] "GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160] "ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688] "AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064] "OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720] "iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x] R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x] S1 GizmoDrv;Gizmo Device Driver; [x] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x] S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc FunshionServiceTools REG_MULTI_SZ FunshionSvr . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job - c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47] . 2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job - c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47] . 2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28] . 2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U] @="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}" [HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}] 2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248] "ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . BHO-{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - c:\users\Lai\funshion\funshiontools\FunshionHelper.dll Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file) AddRemove-Funshion - c:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\ASUS\FaceLogon\smartlogon.exe c:\program files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exe c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe c:\program files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe c:\program files (x86)\ASUS\ASUS Manager Suite\ASUSManager.exe c:\program files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\EMOSDControl.exe c:\program files (x86)\ASUS\ASUS Manager Suite\EMMessageParser.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-11-13 21:21:27 - machine was rebooted ComboFix-quarantined-files.txt 2013-11-13 13:21 ComboFix2.txt 2013-11-12 15:05 . Pre-Run: 10,686,169,088 bytes free Post-Run: 10,202,435,584 bytes free . - - End Of File - - 53A3C43C7E710BC9403E2DE4805C5217
  12. okay here it goes. ComboFix 13-11-11.01 - Lai 13/11/2013 21:14:25.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8157.6107 [GMT 8:00]Running from: c:\users\Lai\Downloads\ComboFix.exeCommand switches used :: c:\users\Lai\Downloads\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\Funshion Onlinec:\program files (x86)\Funshion Online\2.8.6.56\atrc.dllc:\program files (x86)\Funshion Online\2.8.6.56\cook.dllc:\program files (x86)\Funshion Online\2.8.6.56\CoreAAC.axc:\program files (x86)\Funshion Online\2.8.6.56\CoreAVC.axc:\program files (x86)\Funshion Online\2.8.6.56\CrashReport.exec:\program files (x86)\Funshion Online\2.8.6.56\drvc.dllc:\program files (x86)\Funshion Online\2.8.6.56\funoictl.dllc:\program files (x86)\Funshion Online\2.8.6.56\Funshion.exec:\program files (x86)\Funshion Online\2.8.6.56\funshion.inic:\program files (x86)\Funshion Online\2.8.6.56\FunshionGame2.icoc:\program files (x86)\Funshion Online\2.8.6.56\funshionplugin2.dllc:\program files (x86)\Funshion Online\2.8.6.56\FunshionService.exec:\program files (x86)\Funshion Online\2.8.6.56\FunshionUpgrade.exec:\program files (x86)\Funshion Online\2.8.6.56\Funshop4.icoc:\program files (x86)\Funshion Online\2.8.6.56\gma.dllc:\program files (x86)\Funshion Online\2.8.6.56\icon\MP4.icoc:\program files (x86)\Funshion Online\2.8.6.56\icon\RMVB.icoc:\program files (x86)\Funshion Online\2.8.6.56\InnerWeb.exec:\program files (x86)\Funshion Online\2.8.6.56\LangResEnAmerican.dllc:\program files (x86)\Funshion Online\2.8.6.56\pncrt.dllc:\program files (x86)\Funshion Online\2.8.6.56\pndx5016.dllc:\program files (x86)\Funshion Online\2.8.6.56\pndx5032.dllc:\program files (x86)\Funshion Online\2.8.6.56\pos.inic:\program files (x86)\Funshion Online\2.8.6.56\rmoc3260.dllc:\program files (x86)\Funshion Online\2.8.6.56\SimpleIE.dllc:\program files (x86)\Funshion Online\2.8.6.56\skin1\AbnormalPopWndCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\AddListFile.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\AddMore.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\AdPackUpBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\AdTimer.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpCleanFile.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpClearDisk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpError.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpError_IE.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpPlayBarTip.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpPrompt.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpQuestion.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpTimerClose.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpYellowQuestion.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\btn_normal.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\btn_normalEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Buffering.gifc:\program files (x86)\Funshion Online\2.8.6.56\skin1\CaptionText.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\CaptionTextEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Box.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Box.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Check.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Check.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\checkSkin.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ClearFile.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\cycle.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Default.fskinc:\program files (x86)\Funshion Online\2.8.6.56\skin1\DelListFile.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\DiskWarnning.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\DownloadJsonClose.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Family.fskinc:\program files (x86)\Funshion Online\2.8.6.56\skin1\IErrorReshBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\IErrorWndBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgCleanFileBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgCloseMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgFullViewMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgMinViewMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgNonTopViewMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgNormalViewMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgStandardMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgStandardMiniEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgTopViewMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumb.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumbSel.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumbSel.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\KuWo.fskinc:\program files (x86)\Funshion Online\2.8.6.56\skin1\list_expend.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\logo.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\LogoMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\LogoMiniEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnArrow.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnDownArrow.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnUpArrow.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplidBarHead.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplidBarTrail.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplideBarBkgnd.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplideBarThumb.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionText.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionTextEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PauseAdCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PauseFlickerBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnFullView.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNext.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNextMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNonTop.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNormal.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPause.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPauseMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlay.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlayList.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlayMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPre.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPreMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnSimple.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnSimpleEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnStop.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnStopMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnTop.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolMute.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolume.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolumeMini.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarOpenFile.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerTipCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayInfoCurPlay.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayList.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayListEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBar.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBarThumb.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBarThumbSel.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Popular.fskinc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlBtnSplitter.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCheckBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCheckBtnCheck.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtn.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtnAbnormal.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlIcon.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlMiniBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlMiniBtn.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlSetBtn.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\RadioBtnBox.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\RadioBtnPt.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\RpcLoading.gifc:\program files (x86)\Funshion Online\2.8.6.56\skin1\RpcStartDlgBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Scroll.gifc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarDownArrow.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarDownArrowOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarUpArrow.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarUpArrowOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerBkgnd.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerBkgndOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetBkgnd.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetBkgndOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetHead.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetHeadOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetMid.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetMidOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetTrail.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetTrailOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollLinkBkgnd.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\selected.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\ShowPlayInfoBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\small.zipc:\program files (x86)\Funshion Online\2.8.6.56\skin1\smallerror.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\smallerror.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\switchToLibrary.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\switchToPlayer.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskDelete.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskDownLoad.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskList.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListEn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListStatIcons.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListStatSelIcon.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskManagerCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskManagerCloseTxtBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskPaused.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TextBtnBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TipTopArrow.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\BmpDetect.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpdetection.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpexception.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpNormal.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpOK.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\CaptionCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\CaptionMinBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\feedbackbtnbk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\forumhelpbtnbk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\funshionmark.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifChecking.gifc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifRepairing.gifc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifScanning.gifc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ignorebtnbk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProblemHelpBtnBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\problemtabbk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProgressBarBK.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProgressBarFG.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\question.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\recheck.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\repairBtnBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ReRepairBtnBk.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\RestoreBtnBK.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarDownArrowOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarUpArrowOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerBkgndOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetBkgndOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetHeadOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetMidOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetTrailOption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TopLeftCornor.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TopRightCornor.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\TrayWndclose.pngc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmBkgnd.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmIgoreBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmUpdateBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateCapBkgnd.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateCaption.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconFail.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconInit.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconSuc.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\VolumeMute.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\VolumeNoMute.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\WebCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\WebCloseBtnRgn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\skin1\WndCloseBtn.bmpc:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exec:\program files (x86)\Funshion Online\Funshion\Funshion.lnkc:\program files (x86)\Funshion Online\Funshion\RunningFunshionUpgrade.exec:\users\Lai\funshion\funshiontoolsc:\users\Lai\funshion\funshiontools\FunshionHelper.dllc:\users\Lai\funshion\funshiontools\gma.dllc:\users\Lai\funshion\funshiontools\npFunshion.dllc:\users\Public\Fundatac:\users\Public\Fundata\baychimo.dllc:\users\Public\Fundata\DangerAppInfo.dllc:\users\Public\Fundata\Donovan.dllc:\users\Public\Fundata\Fighter.dawc:\users\Public\Fundata\FunDodge.dllc:\users\Public\Fundata\FunNail.dllc:\users\Public\Fundata\FunPioneer.dllc:\users\Public\Fundata\FunSeed64V782.dllc:\users\Public\Fundata\FunShadow.dllc:\users\Public\Fundata\FunshionSync.dllc:\users\Public\Fundata\FunWorks.dawc:\users\Public\Fundata\FunWorks64.dllc:\users\Public\Fundata\FunWorksTmp.dllc:\users\Public\Fundata\gma.dllc:\users\Public\Fundata\InstalledAppInfo.dawc:\users\Public\Fundata\LuaConfig.txtc:\users\Public\Fundata\LuaInterface_mt.dllc:\users\Public\Fundata\Midnight.dllc:\users\Public\Fundata\MiniPak.dllc:\users\Public\Fundata\Nail.luac:\users\Public\Fundata\sdodge.dawc:\users\Public\Fundata\SeedIcon.icoc:\users\Public\Fundata\sres.dawc:\users\Public\Fundata\timeactionres.dawc:\users\Public\Fundata\Visitor.dllc:\users\Public\Fundata\VisitorResult.daw..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_FunshionSvr..((((((((((((((((((((((((( Files Created from 2013-10-13 to 2013-11-13 )))))))))))))))))))))))))))))))..2013-11-13 13:17 . 2013-11-13 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-12 14:57 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD6B067A-BE6A-4587-8E11-BF301986BC41}\mpengine.dll2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple2013-11-03 17:11 . 2013-11-03 17:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll2013-11-03 17:10 . 2013-11-03 17:11 -------- d-----w- c:\program files (x86)\x264 Video Codec...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096]"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688]"AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064]"OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848]"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]"iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer4"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x]R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S1 GizmoDrv;Gizmo Device Driver; [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcFunshionServiceTools REG_MULTI_SZ FunshionSvr.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28].2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]"ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.BHO-{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - c:\users\Lai\funshion\funshiontools\FunshionHelper.dllToolbar-Locked - (no file)ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)AddRemove-Funshion - c:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\ASUS\FaceLogon\smartlogon.exec:\program files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exec:\program files (x86)\ASUS\FaceLogon\sensorsrv.exec:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exec:\program files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\ASUS\AI Suite II\AI Suite II.exec:\program files (x86)\ASUS\ASUS Manager Suite\ASUSManager.exec:\program files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\EMOSDControl.exec:\program files (x86)\ASUS\ASUS Manager Suite\EMMessageParser.exec:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2013-11-13 21:21:27 - machine was rebootedComboFix-quarantined-files.txt 2013-11-13 13:21ComboFix2.txt 2013-11-12 15:05.Pre-Run: 10,686,169,088 bytes freePost-Run: 10,202,435,584 bytes free.- - End Of File - - 53A3C43C7E710BC9403E2DE4805C5217
  13. Hi Marius, I ran the combofix and here is the log. So what should i do next? ComboFix 13-11-11.01 - Lai 12/11/2013 22:57:36.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8157.6076 [GMT 8:00]Running from: c:\users\Lai\Downloads\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\prefs.jsc:\windows\msvcr71.dllc:\windows\SysWow64\funshion.ini..((((((((((((((((((((((((( Files Created from 2013-10-12 to 2013-11-12 )))))))))))))))))))))))))))))))..2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple2013-11-03 17:11 . 2013-11-03 17:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll2013-11-03 17:10 . 2013-11-03 17:11 -------- d-----w- c:\program files (x86)\x264 Video Codec...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA}]2013-04-22 07:56 603272 ----a-w- c:\users\Lai\funshion\funshiontools\FunshionHelper.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096]"Funshion"="c:\program files (x86)\Funshion Online\2.8.6.56\Funshion.exe" [2013-10-11 4255368]"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688]"AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064]"OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848]"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]"iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer4"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 FunshionSvr;FSServicePlatform;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x]R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S1 GizmoDrv;Gizmo Device Driver; [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcFunshionServiceTools REG_MULTI_SZ FunshionSvr.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47].2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28].2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FunOverlay]@="{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}"[HKEY_CLASSES_ROOT\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}]2013-10-11 04:02 235144 ----a-w- c:\users\Public\Fundata\FunSeed64V782.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]"ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exec:\program files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exec:\program files (x86)\ASUS\FaceLogon\sensorsrv.exec:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exec:\program files (x86)\ASUS\AI Suite II\AI Suite II.exec:\program files (x86)\ASUS\ASUS Manager Suite\ASUSManager.exec:\program files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\EMOSDControl.exec:\program files (x86)\ASUS\ASUS Manager Suite\EMMessageParser.exec:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2013-11-12 23:05:09 - machine was rebootedComboFix-quarantined-files.txt 2013-11-12 15:05.Pre-Run: 9,804,087,296 bytes freePost-Run: 10,174,410,752 bytes free.- - End Of File - - 85093AB1D5FCECBF09FC281334B04B5B
  14. Hi, is this software trustable? i saw quite a few bad review about it that it may destruct the window registry.
  15. GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-12 19:47:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.JC45 931.51GB Running: obns7gw6.exe; Driver: C:\Users\Lai\AppData\Local\Temp\uwddapow.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}\Connection@Name isatap.{60DF07E6-E702-4C9A-A452-7AA5B7DEB0F5} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{AE4AAB7B-4F25-4647-93E0-6B1A7F1D2064}?\Device\{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}?\Device\{696793D2-3F7B-4C7A-9AF7-808EA56BC0DE}?\Device\{B2C94C28-C256-4FFD-96C7-191C0BDC93F3}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{AE4AAB7B-4F25-4647-93E0-6B1A7F1D2064}"?"{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}"?"{696793D2-3F7B-4C7A-9AF7-808EA56BC0DE}"?"{B2C94C28-C256-4FFD-96C7-191C0BDC93F3}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{AE4AAB7B-4F25-4647-93E0-6B1A7F1D2064}?\Device\TCPIP6TUNNEL_{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}?\Device\TCPIP6TUNNEL_{696793D2-3F7B-4C7A-9AF7-808EA56BC0DE}?\Device\TCPIP6TUNNEL_{B2C94C28-C256-4FFD-96C7-191C0BDC93F3}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da1d1fe Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}@InterfaceName isatap.{60DF07E6-E702-4C9A-A452-7AA5B7DEB0F5} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da1d1fe (not active ControlSet) ---- EOF - GMER 2.1 ---- what should i do next? and what virus is it? attach.txt
  16. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.25.2 Run by Lai at 14:31:38 on 2013-11-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8157.5305 [GMT 8:00] . AV: Trend Micro Titanium Internet Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA} SP: Trend Micro Titanium Internet Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\windows\system32\taskhost.exe C:\windows\system32\taskeng.exe C:\windows\system32\Dwm.exe C:\Program Files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exe C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x64\QuickGesture64.exe C:\Program Files (x86)\ASUS\Message Controller\AsMessageController.exe C:\windows\Explorer.EXE C:\Program Files (x86)\ASUS\ASUS Manager Suite\ASUSManager.exe C:\Program Files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\EMOSDControl.exe C:\Program Files (x86)\ASUS\ASUS Manager Suite\EMMessageParser.exe C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsEjectHelper.exe C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Gizmo\gservice.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\ASUS\ASUS Docking\ASUS Docking.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\windows\system32\svchost.exe -k regsvc C:\Program Files (x86)\Funshion Online\2.8.6.56\Funshion.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\SYSTEM32\WISPTIS.EXE C:\windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Funshion Online\2.8.6.56\FunshionService.exe C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll BHO: ·çÐÐÊÓƵ²¥·Å¼°ÏÂÔØ×é¼þ: {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - C:\Users\Lai\funshion\funshiontools\FunshionHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [Facebook Update] "C:\Users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [Funshion] "C:\Program Files (x86)\Funshion Online\2.8.6.56\Funshion.exe" startbywindows tray uRun: [GizmoDriveDelegate] "C:\Program Files (x86)\Gizmo\gizmo.exe" /RemountStartupImages mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" mRun: [AsShellApplication] C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe mRun: [OOBESetup] C:\Program Files (x86)\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files (x86)\asus\OOBERegBackup\OOBEReg.ini" mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe /S mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{544BAC5D-549A-495F-8F22-22AC3159C842} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{544BAC5D-549A-495F-8F22-22AC3159C842}\3594E4744554C4D203335373 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{806F1CB3-89E4-44F3-A482-465301154E4E} : DHCPNameServer = 192.168.1.254 Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = about:blank x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P x64-Run: [ASUS Docking] C:\Program Files\ASUS\ASUS Docking\ASUS Docking.exe autorun x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dll x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 hidfilter;HID Upper Filter Driver;C:\windows\System32\drivers\HidFilter.sys [2013-3-9 25728] R0 TMEBC;TMEBC;C:\windows\System32\drivers\TMEBC64.sys [2013-3-10 46392] R1 GizmoDrv;Gizmo Device Driver;C:\windows\System32\drivers\gizmodrv.sys [2013-6-9 34704] R1 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2013-3-10 77184] R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-3-10 310952] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-3-15 586880] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-3-15 233328] R2 Gizmo Central;Gizmo Central;C:\Program Files (x86)\Gizmo\gservice.exe [2013-6-9 34728] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-15 13336] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-3-15 161560] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-15 363800] R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2011-8-2 129000] R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2011-8-2 391144] R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2012-3-15 173656] R3 NWVoltron;NextWindow Voltron Touch Screen;C:\windows\System32\drivers\NWVoltron.sys [2012-3-15 28440] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-15 565352] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 FunshionSvr;FSServicePlatform;C:\windows\System32\svchost.exe -k FunshionServiceTools [2009-7-14 27136] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-8-20 103576] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-5-14 57840] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448] S3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\windows\System32\drivers\hidkmdf.sys [2012-3-15 16152] S3 npggsvc;nProtect GameGuard Service;C:\windows\System32\GameMon.des -service --> C:\windows\System32\GameMon.des -service [?] S3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);C:\windows\System32\drivers\NWWakeFilterV.sys [2012-3-15 16152] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-8-20 204568] S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\windows\System32\drivers\ssudserd.sys [2013-8-20 204568] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-3-10 1255736] . =============== Created Last 30 ================ . 2013-11-03 17:11:08 225280 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll 2013-11-03 17:10:54 -------- d-----w- C:\Program Files (x86)\x264 Video Codec 2013-11-01 12:19:56 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA1DCD32-735F-46C9-B2C8-BAFE41AD4AB5}\mpengine.dll 2013-10-12 17:14:24 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin 2013-10-11 04:08:25 -------- d-----w- C:\ProgramData\kuwodata . ==================== Find3M ==================== . 2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-09-22 23:27:48 61440 ----a-w- C:\windows\SysWow64\iesetup.dll 2013-09-22 23:27:48 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll 2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll 2013-09-22 22:54:50 67072 ----a-w- C:\windows\System32\iesetup.dll 2013-09-22 22:54:50 136704 ----a-w- C:\windows\System32\iesysprep.dll 2013-09-21 03:38:39 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-09-21 03:30:24 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-09-21 02:48:36 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe 2013-09-21 02:39:47 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10:19 497152 ----a-w- C:\windows\System32\drivers\afd.sys 2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll 2013-09-04 12:12:11 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys 2013-09-04 12:11:51 325120 ----a-w- C:\windows\System32\drivers\usbport.sys 2013-09-04 12:11:49 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys 2013-09-04 12:11:43 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys 2013-09-04 12:11:43 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys 2013-09-04 12:11:42 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys 2013-09-04 12:11:40 7808 ----a-w- C:\windows\System32\drivers\usbd.sys 2013-09-04 05:58:11 77184 ----a-w- C:\windows\System32\drivers\tmevtmgr.sys 2013-09-04 05:58:11 175528 ----a-w- C:\windows\System32\drivers\tmcomm.sys 2013-09-04 05:58:11 109072 ----a-w- C:\windows\System32\drivers\tmactmon.sys 2013-09-03 06:35:10 278800 ------w- C:\windows\System32\MpSigStub.exe 2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys 2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll 2013-08-20 13:22:03 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-20 13:22:00 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-08-20 13:22:00 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-08-19 23:02:14 708168 ----a-w- C:\windows\System32\WinUSBCoInstaller.dll 2013-08-19 23:02:14 1490656 ----a-w- C:\windows\System32\WdfCoInstaller01007.dll 2013-08-19 23:02:12 204568 ----a-w- C:\windows\System32\drivers\ssudserd.sys 2013-08-19 23:02:12 204568 ----a-w- C:\windows\System32\drivers\ssudmdm.sys 2013-08-19 23:02:12 103576 ----a-w- C:\windows\System32\drivers\ssudbus.sys . ============= FINISH: 14:32:09.18 =============== My computer does not allow me to run the TDSSKiller.exe, it show an error of "tdsskiller.exe is not a valid Win32 application". and how to i attach the "attach log"?
  17. sorry im being held up with work. Will do the posting tomorrow. sorry about that.
  18. Need some help here! I had stupidly installed the "x264 Video Codecs XP-Win7.exe" and now my computer is being infected! It shut off my window firewall and preventing me to turn it back. I saw some of the threads regarding this malware or virus, but i'm sort of a computer idiot. Hoping i could get some help over here.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.