Jump to content

HELP! Installed x264 Video Codecs XP-Win7.exe and now my computer is infected


Recommended Posts

Need some help here!

I had stupidly installed the "x264 Video Codecs XP-Win7.exe" and now my computer is being infected! It shut off my window firewall and preventing me to turn it back. I saw some of the threads regarding this malware or virus, but i'm sort of a computer idiot. Hoping i could get some help over here.

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
This file is a well known source of the ZA rootkit. Let´s see:
 
 
Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.25.2

Run by Lai at 14:31:38 on 2013-11-09

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.8157.5305 [GMT 8:00]

.

AV: Trend Micro Titanium Internet Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}

SP: Trend Micro Titanium Internet Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\Dwm.exe

C:\Program Files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exe

C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x64\QuickGesture64.exe

C:\Program Files (x86)\ASUS\Message Controller\AsMessageController.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ASUS Manager Suite\ASUSManager.exe

C:\Program Files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\EMOSDControl.exe

C:\Program Files (x86)\ASUS\ASUS Manager Suite\EMMessageParser.exe

C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsEjectHelper.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Gizmo\gservice.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\ASUS\ASUS Docking\ASUS Docking.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\windows\system32\svchost.exe -k regsvc

C:\Program Files (x86)\Funshion Online\2.8.6.56\Funshion.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe

C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe

C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\SYSTEM32\WISPTIS.EXE

C:\windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Funshion Online\2.8.6.56\FunshionService.exe

C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSService.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll

BHO: ·çÐÐÊÓƵ²¥·Å¼°ÏÂÔØ×é¼þ: {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - C:\Users\Lai\funshion\funshiontools\FunshionHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [Facebook Update] "C:\Users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [Funshion] "C:\Program Files (x86)\Funshion Online\2.8.6.56\Funshion.exe" startbywindows tray

uRun: [GizmoDriveDelegate] "C:\Program Files (x86)\Gizmo\gizmo.exe" /RemountStartupImages

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe

mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun: [AsShellApplication] C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe

mRun: [OOBESetup] C:\Program Files (x86)\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files (x86)\asus\OOBERegBackup\OOBEReg.ini"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe /S

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{544BAC5D-549A-495F-8F22-22AC3159C842} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{544BAC5D-549A-495F-8F22-22AC3159C842}\3594E4744554C4D203335373 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{806F1CB3-89E4-44F3-A482-465301154E4E} : DHCPNameServer = 192.168.1.254

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = about:blank

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P 

x64-Run: [ASUS Docking] C:\Program Files\ASUS\ASUS Docking\ASUS Docking.exe autorun

x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""

x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dll

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll

x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 hidfilter;HID Upper Filter Driver;C:\windows\System32\drivers\HidFilter.sys [2013-3-9 25728]

R0 TMEBC;TMEBC;C:\windows\System32\drivers\TMEBC64.sys [2013-3-10 46392]

R1 GizmoDrv;Gizmo Device Driver;C:\windows\System32\drivers\gizmodrv.sys [2013-6-9 34704]

R1 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2013-3-10 77184]

R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-3-10 310952]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-3-15 586880]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]

R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-3-15 233328]

R2 Gizmo Central;Gizmo Central;C:\Program Files (x86)\Gizmo\gservice.exe [2013-6-9 34728]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-15 13336]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-3-15 161560]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-15 363800]

R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2011-8-2 129000]

R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2011-8-2 391144]

R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2012-3-15 173656]

R3 NWVoltron;NextWindow Voltron Touch Screen;C:\windows\System32\drivers\NWVoltron.sys [2012-3-15 28440]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-15 565352]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 FunshionSvr;FSServicePlatform;C:\windows\System32\svchost.exe -k FunshionServiceTools [2009-7-14 27136]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-8-20 103576]

S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-5-14 57840]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]

S3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\windows\System32\drivers\hidkmdf.sys [2012-3-15 16152]

S3 npggsvc;nProtect GameGuard Service;C:\windows\System32\GameMon.des -service --> C:\windows\System32\GameMon.des -service [?]

S3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);C:\windows\System32\drivers\NWWakeFilterV.sys [2012-3-15 16152]

S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]

S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\windows\System32\drivers\ssudserd.sys [2013-8-20 204568]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-3-10 1255736]

.

=============== Created Last 30 ================

.

2013-11-03 17:11:08 225280 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll

2013-11-03 17:10:54 -------- d-----w- C:\Program Files (x86)\x264 Video Codec

2013-11-01 12:19:56 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA1DCD32-735F-46C9-B2C8-BAFE41AD4AB5}\mpengine.dll

2013-10-12 17:14:24 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin

2013-10-11 04:08:25 -------- d-----w- C:\ProgramData\kuwodata

.

==================== Find3M  ====================

.

2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll

2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-09-22 23:27:48 61440 ----a-w- C:\windows\SysWow64\iesetup.dll

2013-09-22 23:27:48 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll

2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll

2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll

2013-09-22 22:54:50 67072 ----a-w- C:\windows\System32\iesetup.dll

2013-09-22 22:54:50 136704 ----a-w- C:\windows\System32\iesysprep.dll

2013-09-21 03:38:39 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2013-09-21 03:30:24 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-09-21 02:48:36 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe

2013-09-21 02:39:47 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe

2013-09-14 01:10:19 497152 ----a-w- C:\windows\System32\drivers\afd.sys

2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys

2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll

2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll

2013-09-04 12:12:11 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys

2013-09-04 12:11:51 325120 ----a-w- C:\windows\System32\drivers\usbport.sys

2013-09-04 12:11:49 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys

2013-09-04 12:11:43 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys

2013-09-04 12:11:43 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys

2013-09-04 12:11:42 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys

2013-09-04 12:11:40 7808 ----a-w- C:\windows\System32\drivers\usbd.sys

2013-09-04 05:58:11 77184 ----a-w- C:\windows\System32\drivers\tmevtmgr.sys

2013-09-04 05:58:11 175528 ----a-w- C:\windows\System32\drivers\tmcomm.sys

2013-09-04 05:58:11 109072 ----a-w- C:\windows\System32\drivers\tmactmon.sys

2013-09-03 06:35:10 278800 ------w- C:\windows\System32\MpSigStub.exe

2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll

2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll

2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll

2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll

2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll

2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll

2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll

2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll

2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe

2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys

2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll

2013-08-20 13:22:03 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-08-20 13:22:00 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2013-08-20 13:22:00 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll

2013-08-19 23:02:14 708168 ----a-w- C:\windows\System32\WinUSBCoInstaller.dll

2013-08-19 23:02:14 1490656 ----a-w- C:\windows\System32\WdfCoInstaller01007.dll

2013-08-19 23:02:12 204568 ----a-w- C:\windows\System32\drivers\ssudserd.sys

2013-08-19 23:02:12 204568 ----a-w- C:\windows\System32\drivers\ssudmdm.sys

2013-08-19 23:02:12 103576 ----a-w- C:\windows\System32\drivers\ssudbus.sys

.

============= FINISH: 14:32:09.18 ===============

 

My computer does not allow me to run the TDSSKiller.exe, it show an error of "tdsskiller.exe is not a valid Win32 application".

 

and how to i attach the "attach log"?
Link to post
Share on other sites

Hit "More reply options" on the bottom right, there you will be given the attach button.

Skip TDSS-Killer, run GMER instead:

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-11-12 19:47:21

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.JC45 931.51GB

Running: obns7gw6.exe; Driver: C:\Users\Lai\AppData\Local\Temp\uwddapow.sys

 

 

---- Registry - GMER 2.1 ----

 

Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}\Connection@Name  isatap.{60DF07E6-E702-4C9A-A452-7AA5B7DEB0F5}

Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind     \Device\{AE4AAB7B-4F25-4647-93E0-6B1A7F1D2064}?\Device\{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}?\Device\{696793D2-3F7B-4C7A-9AF7-808EA56BC0DE}?\Device\{B2C94C28-C256-4FFD-96C7-191C0BDC93F3}?

Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route    "{AE4AAB7B-4F25-4647-93E0-6B1A7F1D2064}"?"{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}"?"{696793D2-3F7B-4C7A-9AF7-808EA56BC0DE}"?"{B2C94C28-C256-4FFD-96C7-191C0BDC93F3}"?

Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export   \Device\TCPIP6TUNNEL_{AE4AAB7B-4F25-4647-93E0-6B1A7F1D2064}?\Device\TCPIP6TUNNEL_{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}?\Device\TCPIP6TUNNEL_{696793D2-3F7B-4C7A-9AF7-808EA56BC0DE}?\Device\TCPIP6TUNNEL_{B2C94C28-C256-4FFD-96C7-191C0BDC93F3}?

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da1d1fe                                                                  

Reg  HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}@InterfaceName                       isatap.{60DF07E6-E702-4C9A-A452-7AA5B7DEB0F5}

Reg  HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4091BCC9-F3DD-4863-801C-ECA77AB0CE99}@ReusableType                        0

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da1d1fe (not active ControlSet)                                              

 

---- EOF - GMER 2.1 ----

 

 

what should i do next? and what virus is it?

attach.txt

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

Hi Marius,

 

I ran the combofix and here is the log. So what should i do next?

 

ComboFix 13-11-11.01 - Lai 12/11/2013  22:57:36.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.8157.6076 [GMT 8:00]
Running from: c:\users\Lai\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\windows\msvcr71.dll
c:\windows\SysWow64\funshion.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-12 to 2013-11-12  )))))))))))))))))))))))))))))))
.
.
2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple
2013-11-03 17:11 . 2013-11-03 17:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-11-03 17:10 . 2013-11-03 17:11 -------- d-----w- c:\program files (x86)\x264 Video Codec
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA}]
2013-04-22 07:56 603272 ----a-w- c:\users\Lai\funshion\funshiontools\FunshionHelper.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096]
"Funshion"="c:\program files (x86)\Funshion Online\2.8.6.56\Funshion.exe" [2013-10-11 4255368]
"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688]
"AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064]
"OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FunshionSvr;FSServicePlatform;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
FunshionServiceTools REG_MULTI_SZ   FunshionSvr
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job
- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47]
.
2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job
- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FunOverlay]
@="{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}"
[HKEY_CLASSES_ROOT\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}]
2013-10-11 04:02 235144 ----a-w- c:\users\Public\Fundata\FunSeed64V782.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]
"ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exe
c:\program files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\ASUS Manager Suite\ASUSManager.exe
c:\program files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\EMOSDControl.exe
c:\program files (x86)\ASUS\ASUS Manager Suite\EMMessageParser.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-11-12  23:05:09 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-12 15:05
.
Pre-Run: 9,804,087,296 bytes free
Post-Run: 10,174,410,752 bytes free
.
- - End Of File - - 85093AB1D5FCECBF09FC281334B04B5B
 
Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

CFScript.txt

Link to post
Share on other sites

okay here it goes.

 

 

ComboFix 13-11-11.01 - Lai 13/11/2013  21:14:25.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.8157.6107 [GMT 8:00]
Running from: c:\users\Lai\Downloads\ComboFix.exe
Command switches used :: c:\users\Lai\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Funshion Online
c:\program files (x86)\Funshion Online\2.8.6.56\atrc.dll
c:\program files (x86)\Funshion Online\2.8.6.56\cook.dll
c:\program files (x86)\Funshion Online\2.8.6.56\CoreAAC.ax
c:\program files (x86)\Funshion Online\2.8.6.56\CoreAVC.ax
c:\program files (x86)\Funshion Online\2.8.6.56\CrashReport.exe
c:\program files (x86)\Funshion Online\2.8.6.56\drvc.dll
c:\program files (x86)\Funshion Online\2.8.6.56\funoictl.dll
c:\program files (x86)\Funshion Online\2.8.6.56\Funshion.exe
c:\program files (x86)\Funshion Online\2.8.6.56\funshion.ini
c:\program files (x86)\Funshion Online\2.8.6.56\FunshionGame2.ico
c:\program files (x86)\Funshion Online\2.8.6.56\funshionplugin2.dll
c:\program files (x86)\Funshion Online\2.8.6.56\FunshionService.exe
c:\program files (x86)\Funshion Online\2.8.6.56\FunshionUpgrade.exe
c:\program files (x86)\Funshion Online\2.8.6.56\Funshop4.ico
c:\program files (x86)\Funshion Online\2.8.6.56\gma.dll
c:\program files (x86)\Funshion Online\2.8.6.56\icon\MP4.ico
c:\program files (x86)\Funshion Online\2.8.6.56\icon\RMVB.ico
c:\program files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe
c:\program files (x86)\Funshion Online\2.8.6.56\LangResEnAmerican.dll
c:\program files (x86)\Funshion Online\2.8.6.56\pncrt.dll
c:\program files (x86)\Funshion Online\2.8.6.56\pndx5016.dll
c:\program files (x86)\Funshion Online\2.8.6.56\pndx5032.dll
c:\program files (x86)\Funshion Online\2.8.6.56\pos.ini
c:\program files (x86)\Funshion Online\2.8.6.56\rmoc3260.dll
c:\program files (x86)\Funshion Online\2.8.6.56\SimpleIE.dll
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AbnormalPopWndCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AddListFile.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AddMore.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AdPackUpBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AdTimer.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpCleanFile.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpClearDisk.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpError.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpError_IE.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpPlayBarTip.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpPrompt.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpQuestion.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpTimerClose.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpYellowQuestion.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\btn_normal.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\btn_normalEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Buffering.gif
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CaptionText.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CaptionTextEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Box.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Box.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Check.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Check.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\checkSkin.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ClearFile.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\cycle.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Default.fskin
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\DelListFile.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\DiskWarnning.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\DownloadJsonClose.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Family.fskin
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\IErrorReshBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\IErrorWndBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgCleanFileBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgCloseMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgFullViewMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgMinViewMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgNonTopViewMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgNormalViewMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgStandardMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgStandardMiniEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgTopViewMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumb.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumbSel.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumbSel.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\KuWo.fskin
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\list_expend.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\logo.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\LogoMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\LogoMiniEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnArrow.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnDownArrow.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnUpArrow.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplidBarHead.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplidBarTrail.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplideBarBkgnd.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplideBarThumb.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionText.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionTextEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PauseAdCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PauseFlickerBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnFullView.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNext.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNextMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNonTop.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNormal.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPause.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPauseMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlay.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlayList.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlayMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPre.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPreMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnSimple.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnSimpleEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnStop.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnStopMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnTop.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolMute.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolume.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolumeMini.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarOpenFile.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerTipCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayInfoCurPlay.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayList.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayListEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBar.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBarThumb.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBarThumbSel.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Popular.fskin
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlBtnSplitter.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCheckBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCheckBtnCheck.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtn.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtnAbnormal.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlIcon.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlMiniBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlMiniBtn.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlSetBtn.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RadioBtnBox.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RadioBtnPt.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RpcLoading.gif
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RpcStartDlgBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Scroll.gif
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarDownArrow.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarDownArrowOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarUpArrow.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarUpArrowOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerBkgnd.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerBkgndOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetBkgnd.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetBkgndOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetHead.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetHeadOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetMid.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetMidOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetTrail.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetTrailOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollLinkBkgnd.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\selected.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ShowPlayInfoBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\small.zip
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\smallerror.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\smallerror.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\switchToLibrary.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\switchToPlayer.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskDelete.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskDownLoad.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskList.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListEn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListStatIcons.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListStatSelIcon.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskManagerCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskManagerCloseTxtBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskPaused.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TextBtnBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TipTopArrow.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\BmpDetect.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpdetection.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpexception.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpNormal.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpOK.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\CaptionCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\CaptionMinBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\feedbackbtnbk.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\forumhelpbtnbk.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\funshionmark.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifChecking.gif
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifRepairing.gif
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifScanning.gif
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ignorebtnbk.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProblemHelpBtnBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\problemtabbk.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProgressBarBK.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProgressBarFG.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\question.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\recheck.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\repairBtnBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ReRepairBtnBk.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\RestoreBtnBK.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarDownArrowOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarUpArrowOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerBkgndOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetBkgndOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetHeadOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetMidOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetTrailOption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TopLeftCornor.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TopRightCornor.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TrayWndclose.png
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmBkgnd.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmIgoreBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmUpdateBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateCapBkgnd.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateCaption.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconFail.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconInit.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconSuc.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\VolumeMute.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\VolumeNoMute.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\WebCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\WebCloseBtnRgn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\skin1\WndCloseBtn.bmp
c:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exe
c:\program files (x86)\Funshion Online\Funshion\Funshion.lnk
c:\program files (x86)\Funshion Online\Funshion\RunningFunshionUpgrade.exe
c:\users\Lai\funshion\funshiontools
c:\users\Lai\funshion\funshiontools\FunshionHelper.dll
c:\users\Lai\funshion\funshiontools\gma.dll
c:\users\Lai\funshion\funshiontools\npFunshion.dll
c:\users\Public\Fundata
c:\users\Public\Fundata\baychimo.dll
c:\users\Public\Fundata\DangerAppInfo.dll
c:\users\Public\Fundata\Donovan.dll
c:\users\Public\Fundata\Fighter.daw
c:\users\Public\Fundata\FunDodge.dll
c:\users\Public\Fundata\FunNail.dll
c:\users\Public\Fundata\FunPioneer.dll
c:\users\Public\Fundata\FunSeed64V782.dll
c:\users\Public\Fundata\FunShadow.dll
c:\users\Public\Fundata\FunshionSync.dll
c:\users\Public\Fundata\FunWorks.daw
c:\users\Public\Fundata\FunWorks64.dll
c:\users\Public\Fundata\FunWorksTmp.dll
c:\users\Public\Fundata\gma.dll
c:\users\Public\Fundata\InstalledAppInfo.daw
c:\users\Public\Fundata\LuaConfig.txt
c:\users\Public\Fundata\LuaInterface_mt.dll
c:\users\Public\Fundata\Midnight.dll
c:\users\Public\Fundata\MiniPak.dll
c:\users\Public\Fundata\Nail.lua
c:\users\Public\Fundata\sdodge.daw
c:\users\Public\Fundata\SeedIcon.ico
c:\users\Public\Fundata\sres.daw
c:\users\Public\Fundata\timeactionres.daw
c:\users\Public\Fundata\Visitor.dll
c:\users\Public\Fundata\VisitorResult.daw
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FunshionSvr
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-13 to 2013-11-13  )))))))))))))))))))))))))))))))
.
.
2013-11-13 13:17 . 2013-11-13 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-12 14:57 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD6B067A-BE6A-4587-8E11-BF301986BC41}\mpengine.dll
2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple
2013-11-03 17:11 . 2013-11-03 17:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-11-03 17:10 . 2013-11-03 17:11 -------- d-----w- c:\program files (x86)\x264 Video Codec
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096]
"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688]
"AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064]
"OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
FunshionServiceTools REG_MULTI_SZ   FunshionSvr
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job
- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47]
.
2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job
- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]
"ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - c:\users\Lai\funshion\funshiontools\FunshionHelper.dll
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
AddRemove-Funshion - c:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\FaceLogon\smartlogon.exe
c:\program files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\ASUS Manager Suite\ASUSManager.exe
c:\program files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\EMOSDControl.exe
c:\program files (x86)\ASUS\ASUS Manager Suite\EMMessageParser.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-11-13  21:21:27 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-13 13:21
ComboFix2.txt  2013-11-12 15:05
.
Pre-Run: 10,686,169,088 bytes free
Post-Run: 10,202,435,584 bytes free
.
- - End Of File - - 53A3C43C7E710BC9403E2DE4805C5217
Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

CFScript.txt

Link to post
Share on other sites

ComboFix 13-11-11.01 - Lai 13/11/2013  21:14:25.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.8157.6107 [GMT 8:00]

Running from: c:\users\Lai\Downloads\ComboFix.exe

Command switches used :: c:\users\Lai\Downloads\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Funshion Online

c:\program files (x86)\Funshion Online\2.8.6.56\atrc.dll

c:\program files (x86)\Funshion Online\2.8.6.56\cook.dll

c:\program files (x86)\Funshion Online\2.8.6.56\CoreAAC.ax

c:\program files (x86)\Funshion Online\2.8.6.56\CoreAVC.ax

c:\program files (x86)\Funshion Online\2.8.6.56\CrashReport.exe

c:\program files (x86)\Funshion Online\2.8.6.56\drvc.dll

c:\program files (x86)\Funshion Online\2.8.6.56\funoictl.dll

c:\program files (x86)\Funshion Online\2.8.6.56\Funshion.exe

c:\program files (x86)\Funshion Online\2.8.6.56\funshion.ini

c:\program files (x86)\Funshion Online\2.8.6.56\FunshionGame2.ico

c:\program files (x86)\Funshion Online\2.8.6.56\funshionplugin2.dll

c:\program files (x86)\Funshion Online\2.8.6.56\FunshionService.exe

c:\program files (x86)\Funshion Online\2.8.6.56\FunshionUpgrade.exe

c:\program files (x86)\Funshion Online\2.8.6.56\Funshop4.ico

c:\program files (x86)\Funshion Online\2.8.6.56\gma.dll

c:\program files (x86)\Funshion Online\2.8.6.56\icon\MP4.ico

c:\program files (x86)\Funshion Online\2.8.6.56\icon\RMVB.ico

c:\program files (x86)\Funshion Online\2.8.6.56\InnerWeb.exe

c:\program files (x86)\Funshion Online\2.8.6.56\LangResEnAmerican.dll

c:\program files (x86)\Funshion Online\2.8.6.56\pncrt.dll

c:\program files (x86)\Funshion Online\2.8.6.56\pndx5016.dll

c:\program files (x86)\Funshion Online\2.8.6.56\pndx5032.dll

c:\program files (x86)\Funshion Online\2.8.6.56\pos.ini

c:\program files (x86)\Funshion Online\2.8.6.56\rmoc3260.dll

c:\program files (x86)\Funshion Online\2.8.6.56\SimpleIE.dll

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AbnormalPopWndCloseBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AddListFile.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AddMore.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AdPackUpBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\AdTimer.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpCleanFile.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpClearDisk.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpError.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpError_IE.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpPlayBarTip.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpPrompt.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpQuestion.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpTimerClose.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\bmpYellowQuestion.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\btn_normal.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\btn_normalEn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Buffering.gif

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CaptionText.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CaptionTextEn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Box.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Box.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Check.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\CheckBox_Check.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\checkSkin.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ClearFile.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\cycle.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Default.fskin

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\DelListFile.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\DiskWarnning.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\DownloadJsonClose.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Family.fskin

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\IErrorReshBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\IErrorWndBk.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgCleanFileBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgCloseMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgFullViewMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgMinViewMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgNonTopViewMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgNormalViewMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgStandardMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgStandardMiniEn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgTopViewMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumb.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumbSel.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\imgVolCtrlBarThumbSel.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\KuWo.fskin

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\list_expend.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\logo.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\LogoMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\LogoMiniEn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnArrow.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnBk.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnDownArrow.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionBtnUpArrow.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplidBarHead.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplidBarTrail.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplideBarBkgnd.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionSplideBarThumb.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionText.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\OptionTextEn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PauseAdCloseBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PauseFlickerBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnFullView.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNext.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNextMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNonTop.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnNormal.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPause.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPauseMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlay.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlayList.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPlayMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPre.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnPreMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnSimple.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnSimpleEn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnStop.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnStopMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnTop.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolMute.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolume.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarBtnVolumeMini.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerBarOpenFile.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayerTipCloseBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayInfoCurPlay.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayList.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayListEn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBar.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBarThumb.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PlayTrackBarThumbSel.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Popular.fskin

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlBtnSplitter.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCheckBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCheckBtnCheck.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtn.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlCloseBtnAbnormal.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlIcon.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlMiniBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlMiniBtn.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\PopUrlSetBtn.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RadioBtnBox.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RadioBtnPt.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RpcLoading.gif

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\RpcStartDlgBk.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Scroll.gif

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarDownArrow.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarDownArrowOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarUpArrow.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarUpArrowOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerBkgnd.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerBkgndOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetBkgnd.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetBkgndOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetHead.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetHeadOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetMid.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetMidOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetTrail.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollBarVerWidgetTrailOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ScrollLinkBkgnd.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\selected.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\ShowPlayInfoBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\small.zip

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\smallerror.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\smallerror.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\switchToLibrary.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\switchToPlayer.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskDelete.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskDownLoad.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskList.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListEn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListStatIcons.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskListStatSelIcon.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskManagerCloseBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskManagerCloseTxtBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TaskPaused.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TextBtnBk.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TipTopArrow.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\BmpDetect.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpdetection.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpexception.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpNormal.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\bmpOK.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\CaptionCloseBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\CaptionMinBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\feedbackbtnbk.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\forumhelpbtnbk.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\funshionmark.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifChecking.gif

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifRepairing.gif

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\gifScanning.gif

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ignorebtnbk.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProblemHelpBtnBk.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\problemtabbk.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProgressBarBK.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ProgressBarFG.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\question.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\recheck.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\repairBtnBk.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ReRepairBtnBk.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\RestoreBtnBK.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarDownArrowOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarUpArrowOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerBkgndOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetBkgndOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetHeadOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetMidOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\Tools_skin\ScrollBarVerWidgetTrailOption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TopLeftCornor.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TopRightCornor.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\TrayWndclose.png

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmBkgnd.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmCloseBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmIgoreBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateBtmUpdateBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateCapBkgnd.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateCaption.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconFail.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconInit.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\UpdateIconSuc.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\VolumeMute.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\VolumeNoMute.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\WebCloseBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\WebCloseBtnRgn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\skin1\WndCloseBtn.bmp

c:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exe

c:\program files (x86)\Funshion Online\Funshion\Funshion.lnk

c:\program files (x86)\Funshion Online\Funshion\RunningFunshionUpgrade.exe

c:\users\Lai\funshion\funshiontools

c:\users\Lai\funshion\funshiontools\FunshionHelper.dll

c:\users\Lai\funshion\funshiontools\gma.dll

c:\users\Lai\funshion\funshiontools\npFunshion.dll

c:\users\Public\Fundata

c:\users\Public\Fundata\baychimo.dll

c:\users\Public\Fundata\DangerAppInfo.dll

c:\users\Public\Fundata\Donovan.dll

c:\users\Public\Fundata\Fighter.daw

c:\users\Public\Fundata\FunDodge.dll

c:\users\Public\Fundata\FunNail.dll

c:\users\Public\Fundata\FunPioneer.dll

c:\users\Public\Fundata\FunSeed64V782.dll

c:\users\Public\Fundata\FunShadow.dll

c:\users\Public\Fundata\FunshionSync.dll

c:\users\Public\Fundata\FunWorks.daw

c:\users\Public\Fundata\FunWorks64.dll

c:\users\Public\Fundata\FunWorksTmp.dll

c:\users\Public\Fundata\gma.dll

c:\users\Public\Fundata\InstalledAppInfo.daw

c:\users\Public\Fundata\LuaConfig.txt

c:\users\Public\Fundata\LuaInterface_mt.dll

c:\users\Public\Fundata\Midnight.dll

c:\users\Public\Fundata\MiniPak.dll

c:\users\Public\Fundata\Nail.lua

c:\users\Public\Fundata\sdodge.daw

c:\users\Public\Fundata\SeedIcon.ico

c:\users\Public\Fundata\sres.daw

c:\users\Public\Fundata\timeactionres.daw

c:\users\Public\Fundata\Visitor.dll

c:\users\Public\Fundata\VisitorResult.daw

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_FunshionSvr

.

.

(((((((((((((((((((((((((   Files Created from 2013-10-13 to 2013-11-13  )))))))))))))))))))))))))))))))

.

.

2013-11-13 13:17 . 2013-11-13 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-11-12 14:57 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD6B067A-BE6A-4587-8E11-BF301986BC41}\mpengine.dll

2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple

2013-11-03 17:11 . 2013-11-03 17:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll

2013-11-03 17:10 . 2013-11-03 17:11 -------- d-----w- c:\program files (x86)\x264 Video Codec

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin

2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe

2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll

2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe

2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll

2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll

2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll

2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll

2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll

2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll

2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll

2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll

2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll

2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll

2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll

2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll

2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll

2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll

2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll

2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll

2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll

2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll

2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll

2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll

2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll

2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll

2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll

2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys

2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096]

"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]

"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]

"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688]

"AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064]

"OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]

"iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x]

R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]

S1 GizmoDrv;Gizmo Device Driver; [x]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]

S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]

S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc

FunshionServiceTools REG_MULTI_SZ   FunshionSvr

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job

- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47]

.

2013-11-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job

- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47]

.

2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]

.

2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]

@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"

[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]

2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]

"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]

"ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - c:\users\Lai\funshion\funshiontools\FunshionHelper.dll

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)

AddRemove-Funshion - c:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\ASUS\FaceLogon\smartlogon.exe

c:\program files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exe

c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe

c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe

c:\program files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe

c:\program files (x86)\ASUS\ASUS Manager Suite\ASUSManager.exe

c:\program files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\EMOSDControl.exe

c:\program files (x86)\ASUS\ASUS Manager Suite\EMMessageParser.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-11-13  21:21:27 - machine was rebooted

ComboFix-quarantined-files.txt  2013-11-13 13:21

ComboFix2.txt  2013-11-12 15:05

.

Pre-Run: 10,686,169,088 bytes free

Post-Run: 10,202,435,584 bytes free

.

- - End Of File - - 53A3C43C7E710BC9403E2DE4805C5217
Link to post
Share on other sites

Please read my instructions carefully.

With my last reply I´ve uploaded a different CFScript.txt - please delete the old one, then download the attached script and drag it into combofix.

When Combofix has finished its run, proceed with Malwarebytes Antimalware as explained.

 

Post up both logs when the tools have finished

Link to post
Share on other sites

Combofix

 

ComboFix 13-11-11.01 - Lai 13/11/2013  23:24:29.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.8157.6423 [GMT 8:00]
Running from: c:\users\Lai\Downloads\ComboFix.exe
Command switches used :: c:\users\Lai\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-13 to 2013-11-13  )))))))))))))))))))))))))))))))
.
.
2013-11-13 15:27 . 2013-11-13 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-12 14:57 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD6B067A-BE6A-4587-8E11-BF301986BC41}\mpengine.dll
2013-11-10 08:37 . 2013-11-10 08:38 -------- d-----w- c:\programdata\Apple
2013-11-03 17:11 . 2013-11-03 17:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-11-03 17:10 . 2013-11-03 17:11 -------- d-----w- c:\program files (x86)\x264 Video Codec
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-12 17:14 . 2013-10-12 17:14 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-09-25 17:46 . 2013-03-11 02:02 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-22 23:28 . 2013-10-09 23:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-09 23:22 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-09 23:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-09 23:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-09 23:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-09 23:22 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-09 23:22 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-09 23:22 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-09 23:22 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-09 23:22 855552 ----a-w- c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-09 23:22 3959296 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-09 23:22 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-09 23:22 526336 ----a-w- c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-09 23:22 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-09 23:22 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-09 23:22 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-09 23:22 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-09 23:22 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-09 23:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-09 23:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-09 23:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-09 11:33 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-09 11:33 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 11:33 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 11:33 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 11:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 11:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 11:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 11:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 11:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 11:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 11:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-09-03 05:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 02:17 . 2013-10-09 11:25 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 11:25 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 11:25 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 11:25 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 11:25 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 11:25 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 11:25 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 11:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 11:25 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 11:25 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 11:25 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 11:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 11:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 11:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 11:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 11:25 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 11:30 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 11:45 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-08-20 13:22 . 2013-08-20 13:22 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-20 13:22 . 2013-04-04 14:18 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-20 13:22 . 2013-04-04 14:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-19 23:02 . 2013-08-19 23:02 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2013-08-19 23:02 . 2013-08-19 23:02 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2013-08-19 23:02 . 2013-08-19 23:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-08-19 23:02 . 2013-08-19 23:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA}]
c:\users\Lai\funshion\funshiontools\FunshionHelper.dll [bU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-14 13:21 222808 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-17 138096]
"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-06-09 223640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-03-15 2984688]
"AsShellApplication"="c:\program files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe" [2010-08-04 232064]
"OOBESetup"="c:\program files (x86)\asus\OOBERegBackup\OOBERegBackup.exe" [2009-11-12 334848]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSPanel.exe" [2012-11-05 740736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="D:\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;f:\garena plus\Room\safedrv.sys;f:\garena plus\Room\safedrv.sys [x]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 hidfilter;HID Upper Filter Driver;c:\windows\system32\DRIVERS\hidfilter.sys;c:\windows\SYSNATIVE\DRIVERS\hidfilter.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 06:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001Core.job
- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47]
.
2013-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2812331704-1303540401-758296124-1001UA.job
- c:\users\Lai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-17 13:47]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09 06:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-14 13:21 261704 ----a-w- c:\users\Lai\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-11-05 06:07 1506688 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.144.298\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]
"ASUS Docking"="c:\program files\ASUS\ASUS Docking\ASUS Docking.exe" [2011-06-29 443568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
AddRemove-Funshion - c:\program files (x86)\Funshion Online\2.8.6.56\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2812331704-1303540401-758296124-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-13  23:28:15
ComboFix-quarantined-files.txt  2013-11-13 15:28
ComboFix2.txt  2013-11-13 13:21
ComboFix3.txt  2013-11-12 15:05
.
Pre-Run: 10,469,027,840 bytes free
Post-Run: 10,394,796,032 bytes free
.
- - End Of File - - 3E8EB4C64344412F6622534195520F1B
Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.13.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

Lai :: LAI-PC [administrator]

 

Protection: Enabled

 

13/11/2013 11:33:29 PM

mbam-log-2013-11-13 (23-33-29).txt

 

Scan type: Full scan (C:\|D:\|E:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 375136

Time elapsed: 27 minute(s), 24 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 3

HKCR\fsp (PUP.Funshion) -> Quarantined and deleted successfully.

HKCR\Funshion Task (PUP.Funshion) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 23

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\Baiduflash (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\Baiduflash\subflash (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\Cacheflash (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flash (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashStamp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\playhome (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\download (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\historyTorrent (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\ini (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\screensave (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\Seed (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\serv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\Shortcut (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update (PUP.Funshion) -> Quarantined and deleted successfully.

 

Files Detected: 577

C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\Funshion.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\funshionplugin2.dll.vir (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\FunshionService.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\FunshionUpgrade.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\2.8.6.56\LangResEnAmerican.dll.vir (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files (x86)\Funshion Online\Funshion\RunningFunshionUpgrade.exe.vir (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion Use Help.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\FunshionDoctor.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Pop Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Uninstall Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Update History.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\1363420162_2064350_macross_1361525818_471.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\1363438846_20749013_macross_1363329136_16.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\1363498040_5581113_23623226_1322028705_208.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\1365217016_3935047_17239948_1264675482_871.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\1366180380_81905749_macross_1366133203_904.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\bbinfo.txt (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\crash_dump.dmp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\favorites.fav (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\install.ini (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\platFormGuid.txt (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\Cacheflash\donghuanew_18.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flash\DC996574_2866_7E4D_83BF_B1977BBD144B.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20130716103038-11026092.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20130906193301-5462519.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20130913202220-19579442.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20130913202629-4821602.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20130918140301-4648194.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20130929114730-15749654.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131008170532-11231835.date1384172771.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131015104921-10110637.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131023173205-13521504.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131024113636-12006585.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131025164031-7897512.date1384172771.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131025181946-7677452.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131030161306-18536717.date1383657600.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131031111844-489203.date1383657600.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131101170904-9172355.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131101171038-13184189.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131101211132-3104178.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131104181904-16778194.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131105174811-79082.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131106183427-19467690.date1384055152.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131106191017-1319084.date1384055152.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131107151129-7548167.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131108164517-19872477.date1384172771.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131111105556-2158030.date1384348125.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131112164907-15472585.flv (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\flashNew\20131113162557-14597334.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\playhome\CDC31C17_EDDD_5D25_B71A_0C33B6C566A4.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\playhome\playHome.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\0129141E_970B_C5A1_3F83_C64D2BA24D39.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\01472DBC_2B4D_59E2_941C_110E54377794.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\05E42111_E40F_12F8_A97A_263830365919.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\08602883_07F1_9025_36A5_D01502E607F7.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\08A5EF52_7B9C_6F68_B330_D9471E782147.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\0F4D2788_9530_1F58_BE6A_AE55A2902BB6.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\1121F650_6110_8968_9C82_270CFB3F5B93.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\12D8B180_DF8E_9695_2C45_63DFEE961EE0.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\15332EF0_3B0B_0E8A_2F98_F9843DF4A96E.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\17262EF7_C830_C548_A3D3_5D1B60F69321.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\1C932350_3AB9_3ECF_9BC0_45C93CA975E9.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\22DAE398_9262_0E9D_B51E_16FD9CD5F3FB.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\257AE7CF_5084_7B42_FD32_9FCB606F40BF.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\2985417B_F875_2A19_AFF1_A1FACF97979E.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\29B40C18_FC24_D06D_ABB8_22F31B2C3664.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\2A1A4254_29F0_81A3_078C_60D890C4AFE6.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\2C930878_0495_DF0C_597D_D386ED7D052A.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\2F32544B_0D5B_0463_DE40_BF67F90E75AC.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\33AF91AD_F4FD_19EF_F427_025EC1F7407E.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\361341AC_9536_D8A7_85F3_425D426480F8.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\41579E70_E136_F44B_50E7_823A22437977.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\42717DF6_E097_38B0_A542_04DBA727696C.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\449FD60F_AD69_B650_EC87_54FDC8AF7252.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\46480AC1_9DEB_5C3F_4C3B_13577020CD37.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\468A1698_CA52_0C0F_871A_5F1BCA8C7A4B.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\487BA671_37CD_5283_E281_CE52FCF21BC1.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\4BC3EB4E_AB5D_8FA4_6975_4A9DDB5CD94B.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\4BE0B011_2391_30EE_9CD4_15BDF0D81A49.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\51DA13BB_82A3_7E57_C589_EF6FC194BA49.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\52D6C3AC_2B7D_6B09_8E00_083D9EA375DC.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\5722F2BC_4365_7523_0476_FCAC8FC00A71.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\5AEA230C_F746_3DEE_687C_80FE613D7815.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\5AF83C59_2812_9DC2_9E93_DB608FB9651F.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\5D5CA900_85B9_7FE7_B01F_F82BA948D045.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\5E0636F0_BAA3_D81A_ED73_3F302360C03A.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\60B6563F_4B90_699B_8FB7_E3963A424CF4.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\61A266AA_2DD7_72B7_5E7E_A68BC5688EEE.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\64472E0A_A021_66C0_7A5F_B1C70313866F.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\66A45CFE_8D27_0C53_E8A0_1A161F64A072.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\68A5841C_AFEC_A546_7562_F75DAC4827E0.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\6B7E4A24_CCF4_1770_6516_556A78897556.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\6F349C71_636F_7F59_1824_C21C53F2E963.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\70EBC18A_C453_1307_522E_69B8D7F18DF5.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\72D632DD_A9FB_FC75_FE09_62C7160CBF6A.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\7920093E_94C8_D74D_281D_C61AB4C04C41.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\7A35F37A_6235_85EE_0E18_F9948AE19382.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\7DBFCEE4_AA01_5D47_DF29_C46FB06B3661.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\7EF8D0EE_A623_3C6F_8389_E4EB9332977D.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\860E40B9_BCF9_135E_3A45_A23B4F0A5E94.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\86F4DB4E_518B_8757_F485_99A870B83241.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\892E7EBF_1D3B_8CD1_62D9_EEE1C2511713.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\8A0F80F2_6677_B0FE_0E10_3EA3FD35660C.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\8AF3F64C_0E7E_B0BF_B295_FC5E747E7574.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\8D2055C0_FAFC_CFF8_8BF7_CFE780370297.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\8E1E19EC_A955_46A8_8C63_2111BF9F4423.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\8EBE42F3_F9F3_7707_2DCE_F264F7B91FCD.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\916994EB_F942_D48C_6370_3B4928BBF0FE.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\9661AB71_0011_D881_6BE9_E925846596ED.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\980F1BE5_12CA_CC61_9754_365A02BB5E8C.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\99047720_7DC0_F231_5137_E153F457E3D3.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\995B8284_22D5_EA2A_DDA0_AA0C4FBCF85F.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\99B48DAD_E5B6_3255_EC9D_141EA264AEC5.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\9A8F52D0_4EC0_2AB9_14F1_8D228EA16333.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\A138277C_3F32_559F_DEED_090D3F720678.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\A2650BE4_99B7_5E1B_4F97_C6DAA399834D.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\A2D84A58_8C00_814F_8D24_4159ED276FC0.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\AB7A72B1_C68A_28D6_CC7A_5182E9270160.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\ABCFBD64_A3AF_2656_1BA1_3907C68BE9DC.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\ADB497B9_54C8_0711_6207_6F257EB11360.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\AE6869EA_E06F_4769_1F19_6168746FE04D.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\B3381750_E20B_FAC8_4979_8C9FBAC15371.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\B80498BC_0044_D2B6_4F7F_14548A84B2A6.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\BAB74C6D_259A_E6DC_CB9C_69CF9069A910.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\BC1EE9DD_F090_22DB_CE56_805CD46D4A54.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\C2B31CA2_AFF1_5FFE_933B_6DF05681E779.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\C3A196F6_A079_9D5E_D09D_DE0906A62EE6.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\C797E28D_9A1B_6712_BD38_413EBBC3FF19.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\C897D86F_FE6C_23F5_B019_E8DDCA6A39B9.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\CE72F55C_5DC9_C928_F6EC_8B7C17FBC984.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\D41AE267_7341_D4E1_FC81_C31183136C87.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\D56973A3_93F5_B294_53CF_D83D958836A5.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\DA24F1D3_53B4_DDB9_07F5_788D0B9CCA50.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\DA9FD54F_D14C_28BF_8265_00AD158B2F5C.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\DF656585_8B5E_9C8B_AB64_92A2B28E2C91.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\E5F2D129_0886_E762_E694_8A48A94FC418.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\ED20B98C_DCFE_D7E9_3C2D_30ECF1EB69EC.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\EE24058F_FD8E_B121_6F30_9F6483611B5A.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\EF97DBFB_920C_BE41_BD9C_D66FF7F3158F.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\F1A4A8A2_682C_8729_CE59_8C11B48DFFB5.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\FA19F3B4_A945_756F_1D98_BFB396F5718A.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\cache\popwind\FACC5957_3EC6_830C_66A0_02921E9D4588.swf (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1362813158_1362813158_9094450_macross_1362737396_181.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1362813158_1362813158_9094450_macross_1362737396_181.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1362835584_1362835583_31519739_macross_1339553823_85.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1362835584_1362835583_31519739_macross_1339553823_85.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363261225_1363261225_27331_f7b1f9060b4a35e0ce6c42be2722ad179f37c44c.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363261225_1363261225_27331_f7b1f9060b4a35e0ce6c42be2722ad179f37c44c.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363348840_1363348840_33373_7e7ea8e4ccb3ff72fa1029ac8725eeb137bd3b67.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363348840_1363348840_33373_7e7ea8e4ccb3ff72fa1029ac8725eeb137bd3b67.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363418249_1363418249_151507_macross_1360308796_503.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363418249_1363418249_151507_macross_1360308796_503.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363418398_1363418398_300438_macross_1360916143_314.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363418398_1363418398_300438_macross_1360916143_314.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363420177_1363420162_2064350_macross_1361525818_471.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363420177_1363420162_2064350_macross_1361525818_471.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363438862_1363438846_20749013_macross_1363329136_16.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363438862_1363438846_20749013_macross_1363329136_16.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363545635_1363545634_46014278_macross_1361081407_923.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363545635_1363545634_46014278_macross_1361081407_923.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363693623_1363693623_70322_23623226_1322028711_312.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363693623_1363693623_70322_23623226_1322028711_312.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363778409_1363778408_115990_23623226_1322028701_742.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1363778409_1363778408_115990_23623226_1322028701_742.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1364045926_1364045926_8277824_macross_1363937575_32.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1364045926_1364045926_8277824_macross_1363937575_32.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1364084698_1364084685_3543379_macross_1362973225_680.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1364084698_1364084685_3543379_macross_1362973225_680.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1364084766_1364084766_3624653_e9952b5d1c1d52cdbfcfd2d7d2536ddad1b287ca.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1364084766_1364084766_3624653_e9952b5d1c1d52cdbfcfd2d7d2536ddad1b287ca.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1364084766_1364084766_3624798_macross_1362367221_482.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1364084766_1364084766_3624798_macross_1362367221_482.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1364376672_1364376672_133405_macross_1363848077_57.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1364376672_1364376672_133405_macross_1363848077_57.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1365154762_1365154761_70868795_macross_1364797764_944.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1365154762_1365154761_70868795_macross_1364797764_944.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1365213159_1365213159_77302_17239948_1264675398_138.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1365213159_1365213159_77302_17239948_1264675398_138.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1365213159_1365213159_77331_2abe3271a1366fef9c27d10ff14ae20d79e7ce89.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1365213159_1365213159_77331_2abe3271a1366fef9c27d10ff14ae20d79e7ce89.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1365217030_1365217016_3935047_17239948_1264675482_871.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1365217030_1365217016_3935047_17239948_1264675482_871.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1365855808_1365855794_143674_macross_1364046745_710.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1365855808_1365855794_143674_macross_1364046745_710.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1365855871_1365855855_205108_macross_1363577481_32.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1365855871_1365855855_205108_macross_1363577481_32.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366032601_1366032596_20995342_macross_1355377191_422.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366032601_1366032596_20995342_macross_1355377191_422.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366032646_1366032646_21045472_macross_1354677924_309.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366032646_1366032646_21045472_macross_1354677924_309.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366034217_1366034217_22616285_macross_1355302230_786.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366034217_1366034217_22616285_macross_1355302230_786.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366036769_1366036768_25167827_macross_1355904611_877.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366036769_1366036768_25167827_macross_1355904611_877.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366038991_1366038988_27387303_macross_1358329412_436.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366038991_1366038988_27387303_macross_1358329412_436.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366111806_1366111805_13330737_macross_1358907370_158.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366111806_1366111805_13330737_macross_1358907370_158.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366113107_1366113107_14631908_macross_1360121301_44.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366113107_1366113107_14631908_macross_1360121301_44.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366115315_1366115310_16835040_macross_1360725369_913.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366115315_1366115310_16835040_macross_1360725369_913.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366162507_1366162493_64018353_macross_1361337904_542.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366162507_1366162493_64018353_macross_1361337904_542.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366172794_1366172779_74304537_macross_1361945763_749.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366172794_1366172779_74304537_macross_1361945763_749.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366174659_1366174658_76183582_macross_1363685635_812.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366174659_1366174658_76183582_macross_1363685635_812.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366178992_1366178992_80516825_macross_1364355195_17.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366178992_1366178992_80516825_macross_1364355195_17.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366180395_1366180380_81905749_macross_1366133203_904.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366180395_1366180380_81905749_macross_1366133203_904.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366358488_1366358487_9322576_4b3c646cfc3256f261566730e16886a78d8aaedc.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366358488_1366358487_9322576_4b3c646cfc3256f261566730e16886a78d8aaedc.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366358488_1366358488_9322808_18524595_1291278212_656.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366358488_1366358488_9322808_18524595_1291278212_656.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366426052_1366426052_76887208_20080446_1307007410_658.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366426052_1366426052_76887208_20080446_1307007410_658.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366433023_1366433023_5485486_456e078f9abc069db837ef160d0444843b8c874b.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366433023_1366433023_5485486_456e078f9abc069db837ef160d0444843b8c874b.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366464761_1366464748_37211129_macross_1366360363_324.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366464761_1366464748_37211129_macross_1366360363_324.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366464761_1366464760_37223184_f0b91976f5f00157f93c699b2deb2baa261b3782.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366464761_1366464760_37223184_f0b91976f5f00157f93c699b2deb2baa261b3782.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366514323_1366514321_27076_24272712_1324455068_244.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366514323_1366514321_27076_24272712_1324455068_244.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366981440_1366981434_162712_macross_1366967523_782.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366981440_1366981434_162712_macross_1366967523_782.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366981440_1366981440_168252_860715ed42edfe5fcfd358bb2288b762185e32e4.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1366981440_1366981440_168252_860715ed42edfe5fcfd358bb2288b762185e32e4.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367134935_1367134921_46526_macross_1366958547_887.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367134935_1367134921_46526_macross_1366958547_887.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367586329_1367586319_3320801_macross_1367570641_246.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367586329_1367586319_3320801_macross_1367570641_246.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367641476_1367641465_36720_macross_1367593663_702.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367641476_1367641465_36720_macross_1367593663_702.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367661214_1367661210_19782013_macross_1367463152_264.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367661214_1367661210_19782013_macross_1367463152_264.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367661214_1367661214_19785618_e06c30783a6c7ad7fc5f22d1df052f2decac1d51.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367661214_1367661214_19785618_e06c30783a6c7ad7fc5f22d1df052f2decac1d51.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367682672_1367682672_41243617_macross_1338539137_384.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367682672_1367682672_41243617_macross_1338539137_384.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367727180_1367727180_6118080_24726995_1322032609_698.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1367727180_1367727180_6118080_24726995_1322032609_698.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1368189368_1368189368_50511_macross_1368172645_33.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1368189368_1368189368_50511_macross_1368172645_33.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1368244685_1368244685_55367165_macross_1368175043_851.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1368244685_1368244685_55367165_macross_1368175043_851.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1368796701_1368796701_105785_macross_1368705543_463.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1368796701_1368796701_105785_macross_1368705543_463.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1368933817_1368933816_34805_macross_1368779075_649.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1368933817_1368933816_34805_macross_1368779075_649.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1368935870_1368935870_2089373_macross_1338172555_376.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1368935870_1368935870_2089373_macross_1338172555_376.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1368936164_1368936164_2382880_5881262_1216799458_647.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1368936164_1368936164_2382880_5881262_1216799458_647.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369236740_1369236740_1514898_macross_1368693515_202.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369236740_1369236740_1514898_macross_1368693515_202.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369236740_1369236740_1515241_d058b26036638b20fe4bdd37454f038e7efa3883.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369236740_1369236740_1515241_d058b26036638b20fe4bdd37454f038e7efa3883.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369312892_1369312891_15151682_macross_1363852871_580.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369312892_1369312891_15151682_macross_1363852871_580.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369312900_1369312900_15160595_macross_1364456955_443.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369312900_1369312900_15160595_macross_1364456955_443.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369312910_1369312910_15170416_macross_1365068449_974.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369312910_1369312910_15170416_macross_1365068449_974.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369312937_1369312923_15184218_macross_1366877561_444.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369312937_1369312923_15184218_macross_1366877561_444.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369378264_1369378249_9908483_macross_1367515213_627.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369378264_1369378249_9908483_macross_1367515213_627.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369378273_1369378273_9931989_macross_1368090222_861.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369378273_1369378273_9931989_macross_1368090222_861.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369400491_1369400491_32150151_macross_1369383569_320.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369400491_1369400491_32150151_macross_1369383569_320.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369417623_1369417622_158685_macross_1367485296_926.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369417623_1369417622_158685_macross_1367485296_926.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369450550_1369450550_459129_macross_1367478884_233.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369450550_1369450550_459129_macross_1367478884_233.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369488706_1369488706_38615088_7014043_1235466100_290.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369488706_1369488706_38615088_7014043_1235466100_290.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369488820_1369488820_38728917_7014043_1224486172_465.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369488820_1369488820_38728917_7014043_1224486172_465.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369492312_1369492312_42221198_macross_1356412837_703.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369492312_1369492312_42221198_macross_1356412837_703.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369539473_1369539459_89368100_macross_1368522002_285.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1369539473_1369539459_89368100_macross_1368522002_285.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370077050_1370077050_14875617_macross_1369982659_488.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370077050_1370077050_14875617_macross_1369982659_488.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370263803_1370263802_48380_5274aef4290adf13f8535d00756373a32c65dbe4.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370263803_1370263802_48380_5274aef4290adf13f8535d00756373a32c65dbe4.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370263803_1370263802_49005_macross_1360813863_420.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370263803_1370263802_49005_macross_1360813863_420.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370263816_1370263815_61528_macross_1360897310_670.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370263816_1370263815_61528_macross_1360897310_670.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370263821_1370263821_67667_macross_1361415948_633.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370263821_1370263821_67667_macross_1361415948_633.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370263833_1370263833_79235_macross_1361502662_119.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370263833_1370263833_79235_macross_1361502662_119.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370263854_1370263842_88851_macross_1362033818_301.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370263854_1370263842_88851_macross_1362033818_301.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370763931_1370763931_85900213_macross_1370670422_787.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1370763931_1370763931_85900213_macross_1370670422_787.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1371958069_1371958068_37880_macross_1359078393_59.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1371958069_1371958068_37880_macross_1359078393_59.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1371958176_1371958176_145343_heishehui1.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1371958176_1371958176_145343_heishehui1.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1372396269_1372396269_107391_macross_1372311900_263.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1372396269_1372396269_107391_macross_1372311900_263.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1372402332_1372402332_6170335_18277256_1333009755_361.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1372402332_1372402332_6170335_18277256_1333009755_361.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1372526355_1372526355_56440902_macross_1372393380_495.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1372526355_1372526355_56440902_macross_1372393380_495.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1372908118_1372908117_29853797_macross_1371520367_102.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1372908118_1372908117_29853797_macross_1371520367_102.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373105423_1373105422_15186980_75b9e557fb7bb6c2daa0e11d2c4c08b6e9a14f42.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373105423_1373105422_15186980_75b9e557fb7bb6c2daa0e11d2c4c08b6e9a14f42.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373105423_1373105423_15187326_macross_1372827190_382.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373105423_1373105423_15187326_macross_1372827190_382.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373108996_1373108989_18753052_18277256_1282188110_19.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373108996_1373108989_18753052_18277256_1282188110_19.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373108996_1373108996_18760422_206c2c8ea94a94064612e84f13bd5d8f9e58ace2.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373108996_1373108996_18760422_206c2c8ea94a94064612e84f13bd5d8f9e58ace2.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373212056_1373212056_1175091_macross_1369188502_878.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373212056_1373212056_1175091_macross_1369188502_878.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373948974_1373948974_472465_macross_1361867608_859.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373948974_1373948974_472465_macross_1361867608_859.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373983687_1373983682_5797634_macross_1373431926_525.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1373983687_1373983682_5797634_macross_1373431926_525.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1374126254_1374126240_125320_macross_1374030545_878.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1374126254_1374126240_125320_macross_1374030545_878.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1374164651_1374164651_27526_macross_1374124913_987.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1374164651_1374164651_27526_macross_1374124913_987.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1374207099_1374207099_125327_macross_1362559110_47.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1374207099_1374207099_125327_macross_1362559110_47.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1374941013_1374941013_246607_macross_1339408121_800.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1374941013_1374941013_246607_macross_1339408121_800.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1375288309_1375288309_106307_macross_1375077181_233.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1375288309_1375288309_106307_macross_1375077181_233.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1375959178_1375959178_27853942_31459691_1332835019_474.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1375959178_1375959178_27853942_31459691_1332835019_474.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1376011481_1376011481_80157042_macross_1375679223_290.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1376011481_1376011481_80157042_macross_1375679223_290.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1376140125_1376140125_208801041_macross_1340964516_642.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1376140125_1376140125_208801041_macross_1340964516_642.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1376234196_1376234196_302872426_24570037_1314698723_324.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1376234196_1376234196_302872426_24570037_1314698723_324.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377072846_1377072846_48843807_macross_1375945657_197.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377072846_1377072846_48843807_macross_1375945657_197.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377409921_1377409921_155504111_5372255_1208327588_158.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377409921_1377409921_155504111_5372255_1208327588_158.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377409946_1377409946_155528445_24726995_1322032758_982.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377409946_1377409946_155528445_24726995_1322032758_982.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377660722_1377660722_130669460_macross_1377234285_768.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377660722_1377660722_130669460_macross_1377234285_768.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377744741_1377744741_214689094_macross_1363759896_230.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377744741_1377744741_214689094_macross_1363759896_230.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377799061_1377799061_269009011_macross_1363243408_621.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377799061_1377799061_269009011_macross_1363243408_621.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377883492_1377883492_1157951_macross_1376041180_530.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377883492_1377883492_1157951_macross_1376041180_530.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377916381_1377916381_38793_macross_1351493668_496.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377916381_1377916381_38793_macross_1351493668_496.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377916438_1377916438_96011_macross_1360331118_631.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377916438_1377916438_96011_macross_1360331118_631.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377946266_1377946265_29923686_macross_1377746765_79.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1377946266_1377946265_29923686_macross_1377746765_79.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1378227666_1378227666_4965482_macross_1377587426_422.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1378227666_1378227666_4965482_macross_1377587426_422.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1378546787_1378546787_228784686_24726995_1322119840_611.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1378546787_1378546787_228784686_24726995_1322119840_611.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1379081942_1379081942_10707790_macross_1379058580_280.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1379081942_1379081942_10707790_macross_1379058580_280.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1379515641_1379515641_99353738_macross_1379418452_411.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1379515641_1379515641_99353738_macross_1379418452_411.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1379610664_1379610664_2041284_18524595_1306920550_514.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1379610664_1379610664_2041284_18524595_1306920550_514.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380292832_1380292832_95274497_23D8CC90D647D9D051BFE992239D04C66A11FD03.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380292832_1380292832_95274497_23D8CC90D647D9D051BFE992239D04C66A11FD03.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380292832_1380292832_95274578_macross_1380088167_720.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380292832_1380292832_95274578_macross_1380088167_720.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380342430_1380342430_144872045_2081978155089FE7AA50756CCBA837A7B6464D4E.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380342430_1380342430_144872045_2081978155089FE7AA50756CCBA837A7B6464D4E.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380342430_1380342430_144872283_macross_1380290183_632.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380342430_1380342430_144872283_macross_1380290183_632.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380344039_1380344039_146481078_macross_1380290163_552.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380344039_1380344039_146481078_macross_1380290163_552.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380382192_1380382192_184633954_macross_1377680028_988.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380382192_1380382192_184633954_macross_1377680028_988.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380679489_1380679485_257708_macross_1380628840_98.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380679489_1380679485_257708_macross_1380628840_98.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380682974_1380682974_3746678_macross_1380272339_348.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380682974_1380682974_3746678_macross_1380272339_348.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380717476_1380717476_38248508_macross_1377310329_346.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380717476_1380717476_38248508_macross_1377310329_346.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380819409_1380819409_140181531_macross_1374134279_357.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380819409_1380819409_140181531_macross_1374134279_357.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380884655_1380884648_19954934_macross_1380868029_219.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1380884655_1380884648_19954934_macross_1380868029_219.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381419365_1381419362_14190051_F2485A13D8B0C5A6AA5A084C444B2835C23A8668.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381419365_1381419362_14190051_F2485A13D8B0C5A6AA5A084C444B2835C23A8668.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381419365_1381419365_14192959_macross_1381405953_201.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381419365_1381419365_14192959_macross_1381405953_201.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381489917_1381489917_144470_E119CFA0755CD860C5A15D455FE32412A250F7E1.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381489917_1381489917_144470_E119CFA0755CD860C5A15D455FE32412A250F7E1.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381489917_1381489917_144855_macross_1381060214_669.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381489917_1381489917_144855_macross_1381060214_669.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381504345_1381504345_14572624_macross_1381478949_347.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381504345_1381504345_14572624_macross_1381478949_347.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381548528_1381548522_58749542_macross_1380888169_443.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381548528_1381548522_58749542_macross_1380888169_443.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381548582_1381548573_58800025_macross_1381475489_685.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381548582_1381548573_58800025_macross_1381475489_685.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381586756_1381586756_19437787_macross_1381567606_546.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381586756_1381586756_19437787_macross_1381567606_546.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381805266_1381805266_747246_macross_1381738835_232.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381805266_1381805266_747246_macross_1381738835_232.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381805266_1381805266_747249_A06903EAF8FA7EE85CD1C4FD7B08284872432B4D.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381805266_1381805266_747249_A06903EAF8FA7EE85CD1C4FD7B08284872432B4D.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381825504_1381825504_10146279_24727249_1314943979_162.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1381825504_1381825504_10146279_24727249_1314943979_162.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382015645_1382015645_600942_macross_1382004365_555.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382015645_1382015645_600942_macross_1382004365_555.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382090479_1382090466_14282981_macross_1382080448_61.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382090479_1382090466_14282981_macross_1382080448_61.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382177947_1382177941_101758409_macross_1381908618_659.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382177947_1382177941_101758409_macross_1381908618_659.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382179953_1382179952_103768843_macross_1382087422_962.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382179953_1382179952_103768843_macross_1382087422_962.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382200167_1382200167_123984669_BC52AFC1CF789049C220480F25B6F7F54134AAFA.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382200167_1382200167_123984669_BC52AFC1CF789049C220480F25B6F7F54134AAFA.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382200168_1382200162_123979399_macross_1382098849_980.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382200168_1382200162_123979399_macross_1382098849_980.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382200685_1382200682_124499172_macross_1382098850_864.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382200685_1382200682_124499172_macross_1382098850_864.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382201175_1382201175_124992574_macross_1382098850_103.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382201175_1382201175_124992574_macross_1382098850_103.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382274174_1382274174_197990887_macross_1373882791_508.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382274174_1382274174_197990887_macross_1373882791_508.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382345914_1382345914_1397789_1451101_1219112688_95.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382345914_1382345914_1397789_1451101_1219112688_95.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382415615_1382415615_1454419_macross_1340954934_794.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382415615_1382415615_1454419_macross_1340954934_794.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382416540_1382416540_2379371_24570037_1328518718_363.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382416540_1382416540_2379371_24570037_1328518718_363.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382431560_1382431559_17398393_24570037_1325302917_748.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382431560_1382431559_17398393_24570037_1325302917_748.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382440941_1382440941_26780107_macross_1340941018_349.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382440941_1382440941_26780107_macross_1340941018_349.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382541336_1382541321_15895280_macross_1382350470_389.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382541336_1382541321_15895280_macross_1382350470_389.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382618324_1382618309_221856_macross_1382601854_639.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382618324_1382618309_221856_macross_1382601854_639.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382703162_1382703155_162632_macross_1382683181_822.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382703162_1382703155_162632_macross_1382683181_822.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382711147_1382711146_8154333_macross_1381916243_531.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382711147_1382711146_8154333_macross_1381916243_531.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382762477_1382762477_59484558_macross_1382692808_979.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382762477_1382762477_59484558_macross_1382692808_979.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382875748_1382875746_172753971_macross_1382438883_529.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382875748_1382875746_172753971_macross_1382438883_529.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382877321_1382877321_174328834_macross_1351828290_768.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382877321_1382877321_174328834_macross_1351828290_768.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382877708_1382877707_174715285_macross_1351842358_856.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1382877708_1382877707_174715285_macross_1351842358_856.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383053439_1383053439_8498506_macross_1382949605_849.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383053439_1383053439_8498506_macross_1382949605_849.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383240232_1383240222_849163_macross_1383212725_621.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383240232_1383240222_849163_macross_1383212725_621.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383402604_1383402600_38710253_macross_1383294309_920.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383402604_1383402600_38710253_macross_1383294309_920.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383411528_1383411528_47638812_macross_1383035344_492.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383411528_1383411528_47638812_macross_1383035344_492.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383462034_1383462032_98142866_macross_1370767672_164.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383462034_1383462032_98142866_macross_1370767672_164.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383462034_1383462033_98143840_f1b79f725c59a20e0081f0c333639018eb50f9e1.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383462034_1383462033_98143840_f1b79f725c59a20e0081f0c333639018eb50f9e1.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383462246_1383462246_98356547_macross_1375336869_23.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383462246_1383462246_98356547_macross_1375336869_23.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383583918_1383583918_220028333_macross_1383556029_502.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383583918_1383583918_220028333_macross_1383556029_502.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383836907_1383836907_2632568_macross_1383736336_791.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383836907_1383836907_2632568_macross_1383736336_791.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383878285_1383878285_44010536_6634280_1292815851_339.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383878285_1383878285_44010536_6634280_1292815851_339.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383979979_1383979979_145705216_macross_1383893130_734.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1383979979_1383979979_145705216_macross_1383893130_734.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1384181095_1384181095_8377351_macross_1383817497_87.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1384181095_1384181095_8377351_macross_1383817497_87.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1384254716_1384254701_1680480_macross_1384162872_920.dat (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\control\1384254716_1384254701_1680480_macross_1384162872_920.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\download\FunshionInstall2.8.6.56.exe (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\DiagnosticConfig.xml (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\FunshionDoctor.exe (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\report.txt (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\TmpFile.zip (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\ArrowLeft.bmp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\Bk.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bk_homepage.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bk_projection.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bmpdetection.bmp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bmpexception.bmp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\bmpNormal.bmp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\btn_Ignore.bmp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\btn_Ignore.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\btn_normal.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\cancel.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\cancle_result.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\checkDown.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\checking.bmp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\checkUp.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\close.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\expend.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\feedback.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\hide.bmp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\icon_detecting.bmp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\Icon_Green.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\line.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\littleicon_help.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\NoNet.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\Normal.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\progress_bar.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\question.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\repair.gif (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\repairing.gif (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\repairSucess.bmp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\repair_animation.gif (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\restartFunshion.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\restartFunshionLater.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\restartfunshion_close.bmp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\result_question.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\ScrollBar.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\startBK.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\startCheck.png (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\funshionDoctor\Tools_skin\Õï¶Ï¹¤¾ß-Òì³£icon.jpg (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\historyTorrent\吸血鬼日记第五季-第5集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\historyTorrent\寂静岭(130731)-DVD.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\historyTorrent\异能-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\historyTorrent\无可匹敌(131105)-720P.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\historyTorrent\沙画泰坦尼克-DVD.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\historyTorrent\激战-720P.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\historyTorrent\生死救婴.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\historyTorrent\绿箭侠第二季-第4集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\historyTorrent\行尸走肉第四季-第3集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\historyTorrent\行尸走肉第四季-第4集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\historyTorrent\行尸走肉第四季-第5集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\historyTorrent\赏金杀手-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\ini\httpfile.ini (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\ini\temp_config.ini (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\Shortcut\FunShortcut.ini (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\adConfig.xml (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\adConfig.xml.bak (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\AdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\adMaterialsTable1.xml (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\ad_define.fai (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\ad_define.fai.bak (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\ad_material.fax (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\dlpopwind.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\flashParam.txt (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\flashParam.txt.bak (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\Funshion Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\hermes.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\MiniAdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\minisite.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\Pop Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\popwind.json (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\StampPolicy.txt (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\textAdLink.xml (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\textMiniAdLink.xml (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\updatexmlfile.txt (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\热门游戏.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

C:\Users\Lai\funshion\update\购物网站大全.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

 

(end)
Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Link to post
Share on other sites

here is the log from ESET

 

C:\Program Files (x86)\x264 Video Codec\Filters\Haali\mmdinfo.dll Win32/Sathurbot.A trojan
C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll Win32/Sathurbot.A trojan
C:\Users\All Users\Microsoft\Media Tools\MediaIconsOverlays.dll Win32/Sathurbot.A trojan
D:\Pro Evolution Soccer 2013\rld.dll Win32/HackTool.Crack.BB application
Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

CFScript.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.